def allow_semi_user_changes(user):
current_user = userHandler.get_current_user()
if user.get("username") == current_user.get("username") or has_full_access(current_user):
# same user or the current user has full access
return True
if user_is_master(current_user):
# can only edit lower access levels
if compare_access_level(current_user, user) > 0:
if user_is_assigned_master(current_user):
return True
# need to be able to be able to be able to edit all customers of the user
customers = user.get("customers")
result = True
for customer_id in customers:
if not allow_changes(customer_id):
result = False
return result
if not user_is_master(current_user):
if compare_access_level(current_user, user) > -1:
# need to be able to be able to be able to edit all customers of the user
customers = user.get("customers")
result = True
for customer_id in customers:
if not allow_changes(customer_id):
result = False
return result
return False
def get(customer_id=None, changes=False):
result = False
user = userHandler.get_current_user()
if customer_id:
if changes:
if allow_changes(customer_id):
result = True
else:
if allow_viewing(customer_id):
result = True
elif user_is_master(user):
result = True
if result:
return OkResponse(result)
else:
return ConflictResponse(result)
def allow_full_user_changes(user):
current_user = userHandler.get_current_user()
if has_full_access(current_user):
# current user has full access
return True
# need to be able to be able to be able to edit all customers of the user
customers = user.get("customers")
result = True
for customer_id in customers:
if not allow_changes(customer_id):
result = False
if user_is_master(current_user) and not user_is_admin(current_user):
if user_is_master(user):
result = False
# master user trying to update another master user or higher.
return result
