pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check that user has portfolio and invite perms to revoke or resend invites

Browse Source
This commit is contained in:
leigh-mil
2019-03-25 15:54:40 -04:00
parent d152034e1b
commit 5d2b8556ed
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
atst/domain/authz/decorator.py
View File

@@ -6,6 +6,7 @@ from . import user_can_access
from atst.domain.portfolios import Portfolios
from atst.domain.task_orders import TaskOrders
from atst.domain.applications import Applications
from atst.domain.invitations import Invitations
from atst.domain.exceptions import UnauthorizedError
@@ -25,6 +26,10 @@ def check_access(permission, message, exception, *args, **kwargs):
task_order = TaskOrders.get(kwargs["task_order_id"])
access_args["portfolio"] = task_order.portfolio
if "token" in kwargs:
invite = Invitations._get(kwargs["token"])
access_args["portfolio"] = invite.portfolio_role.portfolio
if exception is not None and exception(g.current_user, **access_args, **kwargs):
return True