def _get_type_query(model, permission_type, filter_ids=None):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update(
):
return None
if model.__name__ == "Revision":
# Since revision contains all object data, query API should query only
# revisions of objects user has right permission on.
return QueryHelper._get_revision_type_query(
model, permission_type, filter_ids)
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def is_user_role_restricted(self, user):
"""Check if user (1) has Assignee role for Assessment and (2) does not
have propagated roles"""
with benchmark("Check user permissions for SOX302"):
if permissions.has_system_wide_update():
return False
assmnt_roles = self._get_user_roles(self, user)
if assmnt_roles == self._restricted_user_roles:
return True
return False
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
if model.__name__ == "Revision":
# Since revision contains all object data, query API should query only
# revisions of objects user has right permission on.
return QueryHelper._get_revision_type_query(model, permission_type)
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()