pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check for permission before listing requests

Browse Source
This commit is contained in:
richard-dds 2018-07-16 14:53:21 -04:00
parent e48644fb44
commit 53ab37dc68
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
atst/handlers/request.py
View File

@ -27,9 +27,15 @@ class Request(BaseHandler):
@tornado.gen.coroutine @tornado.gen.coroutine
def get(self): def get(self):
user = self.get_current_user() user = self.get_current_user()
if "review_and_approve_jedi_workspace_request" in user["atat_permissions"]:
response = yield self.requests_client.get("/requests")
requests = response.json
else:
response = yield self.requests_client.get( response = yield self.requests_client.get(
"/users/{}/requests".format(user["id"]) "/requests?creator_id={}".format(user["id"])
) )
requests = response.json["requests"] requests = response.json["requests"]
mapped_requests = [map_request(user, request) for request in requests] mapped_requests = [map_request(user, request) for request in requests]
self.render("requests.html.to", page=self.page, requests=mapped_requests) self.render("requests.html.to", page=self.page, requests=mapped_requests)