def _get_type_query(model, permission_type, filter_ids=None): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update( ): return None if model.__name__ == "Revision": # Since revision contains all object data, query API should query only # revisions of objects user has right permission on. return QueryHelper._get_revision_type_query( model, permission_type, filter_ids) contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()
def is_user_role_restricted(self, user): """Check if user (1) has Assignee role for Assessment and (2) does not have propagated roles""" with benchmark("Check user permissions for SOX302"): if permissions.has_system_wide_update(): return False assmnt_roles = self._get_user_roles(self, user) if assmnt_roles == self._restricted_user_roles: return True return False
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None if model.__name__ == "Revision": # Since revision contains all object data, query API should query only # revisions of objects user has right permission on. return QueryHelper._get_revision_type_query(model, permission_type) contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()