async def load_user_by_id( user_id: Optional[UserId] = None, principal_service: PrincipalService = Depends(get_any_principal) ) -> User: if is_blank(user_id): raise_400('User id is required.') if not principal_service.is_admin(): # console user cannot visit other users if user_id != principal_service.get_user_id(): raise_403() user_service = get_user_service(principal_service) def action() -> User: # noinspection PyTypeChecker user: User = user_service.find_by_id(user_id) if user is None: raise_404() # check tenant id if not principal_service.is_super_admin(): # tenant id must match current principal's, except current is super admin if user.tenantId != principal_service.get_tenant_id(): raise_404() # remove password clear_pwd(user) return user return trans_readonly(user_service, action)
def validate_user(a_tuple: UserBasedTuple, user_service: UserService, principal_service: PrincipalService) -> None: if not principal_service.is_admin(): raise_403() if is_blank(a_tuple.userId): if principal_service.is_super_admin(): raise_400('User id is required.') elif principal_service.is_tenant_admin(): a_tuple.userId = principal_service.get_user_id() else: raise_403() else: if a_tuple.userId == principal_service.get_user_id(): if principal_service.is_super_admin(): raise_400(f'Incorrect user id[{a_tuple.userId}].') else: user: Optional[User] = user_service.find_by_id(a_tuple.userId) if user is None: raise_400('User id is required.') if principal_service.is_super_admin(): if user.tenantId == principal_service.get_tenant_id(): raise_400(f'Incorrect user id[{a_tuple.userId}].') elif principal_service.is_tenant_admin(): if user.tenantId != principal_service.get_tenant_id(): raise_400(f'Incorrect user id[{a_tuple.userId}].')
def validate_tenant_based_tuples(tuples: List[TenantBasedTuple], user_service: UserService, principal_service: PrincipalService) -> None: """ check tenant of tuple is valid or not. """ if not principal_service.is_admin(): raise_403() ArrayHelper(tuples).each( lambda x: validate_tenant(x, user_service, principal_service))
def filter_indicators( indicators: List[Indicator], indicator_service: IndicatorService, principal_service: PrincipalService ) -> List[Indicator]: if principal_service.is_admin(): return indicators user_id = principal_service.get_user_id() user_service = get_user_service(indicator_service) user: Optional[User] = user_service.find_by_id(user_id) if user is None: raise_403() group_ids = user.groupIds return ArrayHelper(indicators).filter(lambda x: ArrayHelper(x.groupIds).some(lambda y: y in group_ids)).to_list()
def validate_tenant(a_tuple: Union[UserBasedTuple, TenantBasedTuple], user_service: UserService, principal_service: PrincipalService) -> None: if not principal_service.is_admin(): raise_403() if is_blank(a_tuple.tenantId): if principal_service.is_super_admin(): raise_400('Tenant id is required.') elif principal_service.is_tenant_admin(): a_tuple.tenantId = principal_service.get_tenant_id() else: if principal_service.is_tenant_admin(): if a_tuple.tenantId != principal_service.get_tenant_id(): raise_403() elif principal_service.is_super_admin(): if a_tuple.tenantId == principal_service.get_tenant_id(): raise_400(f'Incorrect tenant id[{a_tuple.tenantId}].') tenant_service = get_tenant_service(user_service) tenant: Optional[Tenant] = tenant_service.find_by_id( a_tuple.tenantId) if tenant is None: raise_400(f'Incorrect tenant id[{a_tuple.tenantId}].')