def can_edit_group(self, group):
if get_session_tool():
return False
if group.is_network_admin or group.is_dns_admin:
return False
is_network_admin = self.has_any_access([('network_admin', None)])
if group.network_rights and not is_network_admin:
return False
is_dns_admin = self.has_any_access([('dns_admin', None)])
if group.dns_rights and not is_dns_admin:
return False
return is_network_admin or is_dns_admin
def can_grant_access(self, group, access):
if get_session_tool():
return False
if access in ('network_admin', 'dns_admin'):
return self.user_type.name == 'Admin'
else:
if access in AccessRight.grantable_by_network_admin:
self.can_network_admin()
elif access in AccessRight.grantable_by_dns_admin:
self.can_dns_admin()
else:
raise InvalidAccessRightError('Invalid access right: %r' %
access)
return self.can_edit_group(group)
def can_func(self, tool_access=conf['tool_access'], access=conf['access']):
if not tool_access and get_session_tool():
return False
return self.has_any_access(access)