def is_admin(group):
security = get_service("security")
is_admin = current_user in group.admins
if not is_admin and "security" in current_app.extensions:
is_admin = security.has_role(current_user, "admin")
return is_admin
def is_admin(group):
security = get_service("security")
is_admin = current_user in group.admins
if not is_admin and "security" in current_app.extensions:
is_admin = security.has_role(current_user, "admin")
return is_admin
def condition(context: Dict[str, bool]) -> bool:
return not current_user.is_anonymous and security.has_role(
# pyre-fixme[6]: Expected `Principal` for 1st param but got
# `LocalProxy`.
current_user,
AdminRole,
)
def groups():
tab = request.args.get("tab", "all_groups")
e = Env()
if tab == 'all_groups':
e.groups = Group.query.order_by(Group.name).all()
if not security.has_role(g.user, "admin"):
e.groups = [
group for group in e.groups
if group.public or g.user in group.members
]
else:
e.groups = g.user.groups
e.groups.sort(key=lambda x: x.name)
return render_template("social/groups.html", **e)
def groups():
tab = request.args.get("tab", "all_groups")
if tab == "all_groups":
groups = Group.query.order_by(Group.name).all()
if not security.has_role(current_user, "admin"):
groups = [
group for group in groups
if group.public or current_user in group.members
]
else:
groups = current_user.groups
groups.sort(key=lambda x: x.name)
return render_template("social/groups.html", groups=groups)
def check_read_access(obj):
"""
Checks the current user has appropriate read access on the given object.
Will raise appropriates errors in case the object doesn't exist (404),
or the current user doesn't have read access on the object (403).
"""
if not obj:
raise NotFound()
if not security.running:
return True
if security.has_role(g.user, Admin):
return True
if repository.has_access(g.user, obj):
return True
raise Forbidden()
def groups():
tab = request.args.get("tab", "all_groups")
if tab == "all_groups":
groups = Group.query.order_by(Group.name).all()
if not security.has_role(current_user, "admin"):
groups = [
group
for group in groups
if group.public or current_user in group.members
]
else:
groups = current_user.groups
groups.sort(key=lambda x: x.name)
return render_template("social/groups.html", groups=groups)
def check_read_access(obj):
"""Checks the current user has appropriate read access on the given object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have read access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return True
if security.has_role(current_user, Admin):
return True
if repository.has_access(current_user, obj):
return True
raise Forbidden()
def check_manage_access(obj):
"""
Checks the current user has appropriate manage access on the given object.
Will raise appropriates errors in case the object doesn't exist (404),
or the current user doesn't have manage access on the object (403).
"""
if not obj:
raise NotFound()
if not security.running:
return
if security.has_role(g.user, Admin):
return
if (repository.has_access(g.user, obj)
and repository.has_permission(g.user, MANAGE, obj)):
return
raise Forbidden()
def __init__(self, *panels, **kwargs):
self.app = None
self.panels = []
self.breadcrumb_items = {}
self.setup_blueprint()
self.nav_root = NavGroup(
'admin', 'root', title=_l(u'Admin'),
endpoint=None,
condition=lambda context: (not current_user.is_anonymous()
and security.has_role(current_user, AdminRole))
)
for panel in panels:
self.register_panel(panel)
app = kwargs.pop('app', None)
if app is not None:
self.init_app(app)
def check_manage_access(obj):
"""Checks the current user has appropriate manage access on the given
object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have manage access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return
if security.has_role(current_user, Admin):
return
if repository.has_access(current_user, obj) and repository.has_permission(
current_user, MANAGE, obj
):
return
raise Forbidden()
def check_security():
user = current_user._get_current_object()
if not security.has_role(user, "admin"):
raise Forbidden()
def check_security():
user = unwrap(current_user)
if not security.has_role(user, "admin"):
raise Forbidden()
def check_security() -> None:
user = unwrap(current_user)
if not security.has_role(user, "admin"):
raise Forbidden()
"documents:folder-listing",
"change-owner",
_l("Change owner"),
icon="user",
url="#modal-change-owner",
modal=True,
permission=MANAGE,
),
# Folder left bar actions ##########
# view
RootFolderAction(
"documents:content",
"view",
_l("List content"),
icon="list",
condition=(lambda ctx: security.has_role(current_user, "admin")),
url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id),
),
# view
FolderAction(
"documents:content",
"view",
_l("List content"),
icon="list",
url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id),
),
# Descendants
FolderAction(
"documents:content",
"descendants",
_l("View descendants"),
css_class='btn-danger'),
FolderButtonAction('documents:folder-listing',
'change-owner',
_l(u'Change owner'),
icon='user',
url='#modal-change-owner',
modal=True,
permission=MANAGE),
# Folder left bar actions ##########
# view
RootFolderAction(
'documents:content',
'view',
_l(u'List content'),
icon='list',
condition=(lambda ctx: security.has_role(g.user, "admin")),
url=lambda ctx: url_for(".folder_view", folder_id=ctx['object'].id),
),
# view
FolderAction(
'documents:content',
'view',
_l(u'List content'),
icon='list',
url=lambda ctx: url_for(".folder_view", folder_id=ctx['object'].id),
),
# Descendants
FolderAction(
'documents:content',
'descendants',
_l(u'View descendants'),
def condition(context: Dict[str, bool]) -> bool:
return not current_user.is_anonymous and security.has_role(
current_user, AdminRole)
def condition(context):
return not current_user.is_anonymous and security.has_role(
current_user, AdminRole
)
def check_security():
user = current_user._get_current_object()
if not security.has_role(user, "admin"):
raise Forbidden()
"documents:folder-listing",
"change-owner",
_l("Change owner"),
icon="user",
url="#modal-change-owner",
modal=True,
permission=MANAGE,
),
# Folder left bar actions ##########
# view
RootFolderAction(
"documents:content",
"view",
_l("List content"),
icon="list",
condition=(lambda ctx: security.has_role(current_user, "admin")),
url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id),
),
# view
FolderAction(
"documents:content",
"view",
_l("List content"),
icon="list",
url=lambda ctx: url_for(".folder_view", folder_id=ctx["object"].id),
),
# Descendants
FolderAction(
"documents:content",
"descendants",
_l("View descendants"),
def check_security():
user = current_user._get_current_object()
if not security.has_role(user, "admin"):
abort(403)
