pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Raise AuthorizationError if user is not KO

Browse Source
This commit is contained in:
Montana
2019-02-01 10:49:34 -05:00
parent 70b4a51d8a
commit 49ed059853
3 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
atst/routes/portfolios/task_orders.py
View File

@@ -7,6 +7,7 @@ from . import portfolios_bp
from atst.database import db
from atst.domain.task_orders import TaskOrders
from atst.domain.portfolios import Portfolios
from atst.domain.authz import Authorization
from atst.forms.officers import EditTaskOrderOfficersForm
from atst.models.task_order import Status as TaskOrderStatus
from atst.forms.ko_review import KOReviewForm
@@ -74,19 +75,16 @@ def view_task_order(portfolio_id, task_order_id):
def ko_review(portfolio_id, task_order_id):
task_order = TaskOrders.get(g.current_user, task_order_id)
portfolio = Portfolios.get(g.current_user, portfolio_id)
if task_order.contracting_officer == g.current_user:
if not Authorization.is_ko(g.current_user, task_order):
message = "review Task Order {}".format(task_order.id)
raise UnauthorizedError(g.current_user, message)
else:
return render_template(
"/portfolios/task_orders/review.html",
portfolio=portfolio,
task_order=task_order,
form=KOReviewForm(obj=task_order),
)
else:
return render_template(
"portfolios/task_orders/show.html",
portfolio=portfolio,
task_order=task_order,
)
@portfolios_bp.route(