async def load_user_by_id(
user_id: Optional[UserId] = None,
principal_service: PrincipalService = Depends(get_any_principal)
) -> User:
if is_blank(user_id):
raise_400('User id is required.')
if not principal_service.is_admin():
# console user cannot visit other users
if user_id != principal_service.get_user_id():
raise_403()
user_service = get_user_service(principal_service)
def action() -> User:
# noinspection PyTypeChecker
user: User = user_service.find_by_id(user_id)
if user is None:
raise_404()
# check tenant id
if not principal_service.is_super_admin():
# tenant id must match current principal's, except current is super admin
if user.tenantId != principal_service.get_tenant_id():
raise_404()
# remove password
clear_pwd(user)
return user
return trans_readonly(user_service, action)
def validate_user(a_tuple: UserBasedTuple, user_service: UserService,
principal_service: PrincipalService) -> None:
if not principal_service.is_admin():
raise_403()
if is_blank(a_tuple.userId):
if principal_service.is_super_admin():
raise_400('User id is required.')
elif principal_service.is_tenant_admin():
a_tuple.userId = principal_service.get_user_id()
else:
raise_403()
else:
if a_tuple.userId == principal_service.get_user_id():
if principal_service.is_super_admin():
raise_400(f'Incorrect user id[{a_tuple.userId}].')
else:
user: Optional[User] = user_service.find_by_id(a_tuple.userId)
if user is None:
raise_400('User id is required.')
if principal_service.is_super_admin():
if user.tenantId == principal_service.get_tenant_id():
raise_400(f'Incorrect user id[{a_tuple.userId}].')
elif principal_service.is_tenant_admin():
if user.tenantId != principal_service.get_tenant_id():
raise_400(f'Incorrect user id[{a_tuple.userId}].')
def validate_tenant_based_tuples(tuples: List[TenantBasedTuple],
user_service: UserService,
principal_service: PrincipalService) -> None:
"""
check tenant of tuple is valid or not.
"""
if not principal_service.is_admin():
raise_403()
ArrayHelper(tuples).each(
lambda x: validate_tenant(x, user_service, principal_service))
def filter_indicators( indicators: List[Indicator], indicator_service: IndicatorService, principal_service: PrincipalService ) -> List[Indicator]: if principal_service.is_admin(): return indicators user_id = principal_service.get_user_id() user_service = get_user_service(indicator_service) user: Optional[User] = user_service.find_by_id(user_id) if user is None: raise_403() group_ids = user.groupIds return ArrayHelper(indicators).filter(lambda x: ArrayHelper(x.groupIds).some(lambda y: y in group_ids)).to_list()
def validate_tenant(a_tuple: Union[UserBasedTuple, TenantBasedTuple],
user_service: UserService,
principal_service: PrincipalService) -> None:
if not principal_service.is_admin():
raise_403()
if is_blank(a_tuple.tenantId):
if principal_service.is_super_admin():
raise_400('Tenant id is required.')
elif principal_service.is_tenant_admin():
a_tuple.tenantId = principal_service.get_tenant_id()
else:
if principal_service.is_tenant_admin():
if a_tuple.tenantId != principal_service.get_tenant_id():
raise_403()
elif principal_service.is_super_admin():
if a_tuple.tenantId == principal_service.get_tenant_id():
raise_400(f'Incorrect tenant id[{a_tuple.tenantId}].')
tenant_service = get_tenant_service(user_service)
tenant: Optional[Tenant] = tenant_service.find_by_id(
a_tuple.tenantId)
if tenant is None:
raise_400(f'Incorrect tenant id[{a_tuple.tenantId}].')
