def allow_semi_user_changes(user): current_user = userHandler.get_current_user() if user.get("username") == current_user.get("username") or has_full_access(current_user): # same user or the current user has full access return True if user_is_master(current_user): # can only edit lower access levels if compare_access_level(current_user, user) > 0: if user_is_assigned_master(current_user): return True # need to be able to be able to be able to edit all customers of the user customers = user.get("customers") result = True for customer_id in customers: if not allow_changes(customer_id): result = False return result if not user_is_master(current_user): if compare_access_level(current_user, user) > -1: # need to be able to be able to be able to edit all customers of the user customers = user.get("customers") result = True for customer_id in customers: if not allow_changes(customer_id): result = False return result return False
def get(customer_id=None, changes=False): result = False user = userHandler.get_current_user() if customer_id: if changes: if allow_changes(customer_id): result = True else: if allow_viewing(customer_id): result = True elif user_is_master(user): result = True if result: return OkResponse(result) else: return ConflictResponse(result)
def allow_full_user_changes(user): current_user = userHandler.get_current_user() if has_full_access(current_user): # current user has full access return True # need to be able to be able to be able to edit all customers of the user customers = user.get("customers") result = True for customer_id in customers: if not allow_changes(customer_id): result = False if user_is_master(current_user) and not user_is_admin(current_user): if user_is_master(user): result = False # master user trying to update another master user or higher. return result