def remove_member(portfolio_id, portfolio_role_id): portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id) if g.current_user.id == portfolio_role.user_id: raise UnauthorizedError(g.current_user, "you cant remove yourself from the portfolio") portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id) if portfolio_role.user_id == portfolio.owner.id: raise UnauthorizedError( g.current_user, "you can't delete the portfolios PPoC from the portfolio") if (portfolio_role.latest_invitation and portfolio_role.status == PortfolioRoleStatus.PENDING): PortfolioInvitations.revoke(portfolio_role.latest_invitation.token) else: PortfolioRoles.disable(portfolio_role=portfolio_role) flash("portfolio_member_removed", member_name=portfolio_role.full_name) return redirect( url_for( "portfolios.admin", portfolio_id=portfolio_id, _anchor="portfolio-members", fragment="portfolio-members", ))
def remove_member(portfolio_id, portfolio_role_id): portfolio_role = PortfolioRoles.get_by_id(portfolio_role_id) if g.current_user.id == portfolio_role.user_id: raise UnauthorizedError( g.current_user, "you cant remove yourself from the portfolio" ) portfolio = Portfolios.get(user=g.current_user, portfolio_id=portfolio_id) if portfolio_role.user_id == portfolio.owner.id: raise UnauthorizedError( g.current_user, "you can't delete the portfolios PPoC from the portfolio" ) # TODO: should this cascade and disable any application and environment # roles they might have? PortfolioRoles.disable(portfolio_role=portfolio_role) flash("portfolio_member_removed", member_name=portfolio_role.full_name) return redirect( url_for( "portfolios.admin", portfolio_id=portfolio_id, _anchor="portfolio-members", fragment="portfolio-members", ) )
def check_application_permission(cls, user, portfolio, permission, message): if not Authorization.has_application_permission( user, portfolio, permission): raise UnauthorizedError(user, message) return True
def wrap_environment_role_lookup(user, environment_id=None, **kwargs): env_role = EnvironmentRoles.get_by_user_and_environment( user.id, environment_id) if not env_role: raise UnauthorizedError(user, "access environment {}".format(environment_id)) return True
def _unauthorized(*a, **k): raise UnauthorizedError(user, "do something")
def _can_fly_the_millenium_falcon(u, *args, **kwargs): if u == rando_calrissian: return True else: raise UnauthorizedError(u, "is not rando")