def decorated_function(*args, **kwargs): if g.org and permission_model.permitted(g.user, g.org, tag): return f(*args, **kwargs) elif not_permitted_redirect: return redirect(url_for(not_permitted_redirect)) else: raise InsufficientPermission()
def search_org(): org_id = org_model.id_from('name', request.args.get('term')) org = org_model.get(org_id) if not permission_model.permitted(g.user, org_id, PermissionTags.VIEW): org = {} return Response(json.dumps(org), content_type='application/json')
def update_role(org_id, user_id, new_role): current_role = permission_model.get_role(user_id, org_id) if not (permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER) and permission_model.role_gte(g.user, org_id, current_role) and permission_model.role_gte(g.user, org_id, new_role)): raise InsufficientPermission() permission_model.set_role(user_id, org_id, new_role) return Response(status=204)
def kick_user(org_id, user_id): if not permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER): raise InsufficientPermission() if org_model.has_user(org_id, user_id): role = permission_model.get_role(user_id, org_id) if not permission_model.role_gte(g.user, org_id, role): raise InsufficientPermission() org_model.remove_user(org_id, user_id) events.mediator('kick', user_id=user_id, org_id=org_id) else: user_model.remove_from_waiting_list(user_id, org_id) return Response(status=204)
def add_user_to_org(org_id, username): role = request.form['role'] if not (permission_model.permitted(g.user, org_id, PermissionTags.EDIT_USER) and permission_model.role_gte(g.user, org_id, role)): raise InsufficientPermission() user_id = user_model.id_from('email', username) if user_id: org_model.add_user(org_id, user_id, role=role) events.mediator('added_to_project', email=username, project=org_id) else: # Add user to waiting list user_model.add_to_waiting_list(username, org_id, role) events.mediator('invite', email=username, org_id=org_id) org = org_model.get(org_id) return Response(json.dumps(org), status=200, content_type='application/json')