Look up major database resources in a before_request hook.

A `before_request` hook queries the database for portfolios, requests, and task orders based on the route arguments. The resources are added as attributes on `g`. The portfolio context processor and the access decorator now rely on those resources being available on `g`. WIP: find major resources in before_request hook, apply to g WIP: use g.portfolio for portfolio context processor WIP: the access decorator should rely on the resources being available on g
2019-05-03 18:10:12 -04:00
parent b0600a34db
commit 42b912d4cb
6 changed files with 79 additions and 41 deletions
--- a/atst/domain/authz/decorator.py
+++ b/atst/domain/authz/decorator.py
@@ -12,31 +12,20 @@ from atst.domain.exceptions import UnauthorizedError


 def check_access(permission, message, override, *args, **kwargs):
-    access_args = {"message": message}
+    access_args = {
+        "message": message,
+        "portfolio": g.portfolio,
+        "application": g.application,
+    }

-    if "application_id" in kwargs:
-        application = Applications.get(kwargs["application_id"])
-        access_args["application"] = application
-        access_args["portfolio"] = application.portfolio
-
-    elif "task_order_id" in kwargs:
-        task_order = TaskOrders.get(kwargs["task_order_id"])
-        access_args["portfolio"] = task_order.portfolio
-
-    elif "token" in kwargs:
+    # TODO: We should change the `token` arg in routes to be either
+    # `portfolio_token` or `application_token` and have
+    # atst.utils.context_processors.assign_resources take care of
+    # this.
+    if "token" in kwargs:
        invite = PortfolioInvitations._get(kwargs["token"])
        access_args["portfolio"] = invite.role.portfolio

-    elif "portfolio_id" in kwargs:
-        access_args["portfolio"] = Portfolios.get(
-            g.current_user, kwargs["portfolio_id"]
-        )
-
-    elif "environment_id" in kwargs:
-        environment = Environments.get(kwargs["environment_id"])
-        access_args["application"] = environment.application
-        access_args["portfolio"] = environment.application.portfolio
-
    if override is not None and override(g.current_user, **access_args, **kwargs):
        return True