def mutate(cls, root, info, **input):
idea = Idea.objects.get(pk=UUID(input['id']))
if info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW), idea.lab):
idea.delete()
return cls(ok=True)
def resolve_idea(root, info, id): # noqa
idea = Idea.objects.get(pk=id)
if info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW), idea.lab):
return idea
raise PermissionDenied("Not allowed")
def mutate(cls, root, info, **input):
lab = Lab.objects.get(pk=UUID(input['id']))
if info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.DELETE), lab):
lab.delete()
return cls(ok=True)
def resolve_lab(root, info, id): # noqa
if info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW),
Lab.objects.get(pk=id)):
return Lab.objects.get(pk=id,
labmember__user_id=info.context.user.id)
raise PermissionDenied("Not allowed")
def delete_lab_group_member(instance: Lab):
group = Group.objects.get(name=build_group_string(
PermissionResource.LAB, Role.MEMBER, str(instance.id)))
for perm_str in [
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW)
]:
remove_perm(perm_str, group, instance)
group.delete()
def create_lab_group_member(instance: Lab):
group = Group.objects.create(name=build_group_string(
PermissionResource.LAB, Role.MEMBER, str(instance.id)))
for perm_str in [
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW)
]:
assign_perm(perm_str, group, instance)
return group
def update(cls, root, info, **input):
idea = Idea.objects.get(pk=input['id'])
if not info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW), idea.lab):
raise PermissionDenied(
"You do not have permission to access ideas on the requested lab"
)
return super().mutate_and_get_payload(root, info, **input)
def mutate_and_get_payload(cls, root, info, **input):
if is_create(input):
input['created_by_id'] = info.context.user.id
return super().mutate_and_get_payload(root, info, **input)
elif info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.MODIFY),
Lab.objects.get(input['id'])):
return super().mutate_and_get_payload(root, info, **input)
def create(cls, root, info, **input):
input['created_by_id'] = info.context.user.id
if not info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW),
Lab.objects.get(pk=UUID(input['lab_id']))):
raise PermissionDenied(
"You do not have permission to access ideas on the requested lab"
)
return super().mutate_and_get_payload(root, info, **input)
def is_allowed_on_lab(permission_resource: PermissionResource,
crud_permission: CrudPermission, role: Role, user: User,
lab_id: str) -> bool:
if LabMember.objects.filter(user_id=user.id,
lab_id=lab_id).count() > 0 \
and user.has_perm(build_permission_string(permission_resource, crud_permission),
Lab.objects.get(pk=lab_id)):
return True
else:
raise PermissionDenied(
"You do not have permission to access the requested lab")
def mutate_and_get_payload(cls, root, info, **input):
if is_create(input):
input['created_by_id'] = info.context.user.id
return super().mutate_and_get_payload(root, info, **input)
lab = Lab.objects.get(labjoin__id=UUID(input['id']))
if not info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.MODIFY), lab):
raise PermissionDenied(
'You dont have permissions to act on this lab')
input['handled_by'] = info.context.user.id
return super().mutate_and_get_payload(root, info, **input)
def get_queryset(cls, queryset, info):
lab_id_args = list(
filter(lambda field: field.name.value == "lab_Id",
info.field_asts[0].arguments))
if len(lab_id_args) > 0:
lab_id = info.variable_values['lab_Id'] or UUID(
lab_id_args[0].value.value)
if info.context.user.has_perm(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW),
Lab.objects.get(pk=lab_id)):
return queryset.order_by('-created_at')
else:
raise PermissionDenied("You need to submit a lab to access ideas")
def test_build_permission_string(self):
expected = 'core.lab_view'
self.assertEqual(
build_permission_string(PermissionResource.LAB,
CrudPermission.VIEW), expected)