From 89f6c903d1f803e1eaad333f9065f9916afb9b9b Mon Sep 17 00:00:00 2001 From: richard-dds Date: Mon, 10 Sep 2018 13:41:14 -0400 Subject: [PATCH] Created ScopedResource concept, create workspaces module --- atst/domain/workspaces/__init__.py | 1 + atst/domain/workspaces/scopes.py | 59 ++++++++++++++++++++++ atst/domain/{ => workspaces}/workspaces.py | 3 +- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 atst/domain/workspaces/__init__.py create mode 100644 atst/domain/workspaces/scopes.py rename atst/domain/{ => workspaces}/workspaces.py (97%) diff --git a/atst/domain/workspaces/__init__.py b/atst/domain/workspaces/__init__.py new file mode 100644 index 00000000..a9757dc5 --- /dev/null +++ b/atst/domain/workspaces/__init__.py @@ -0,0 +1 @@ +from .workspaces import Workspaces diff --git a/atst/domain/workspaces/scopes.py b/atst/domain/workspaces/scopes.py new file mode 100644 index 00000000..640f75cf --- /dev/null +++ b/atst/domain/workspaces/scopes.py @@ -0,0 +1,59 @@ +from atst.domain.authz import Authorization +from atst.models.permissions import Permissions +from atst.domain.projects import Projects +from atst.domain.environments import Environments + + +class ScopedResource(object): + """ + An abstract class that represents a resource that is restricted + in some way by the priveleges of the user viewing that resource. + """ + + def __init__(self, user, resource): + self.user = user + self.resource = resource + + def __getattr__(self, name): + return getattr(self.resource, name) + + def __eq__(self, other): + return self.resource == other + + +class ScopedWorkspace(ScopedResource): + """ + An object that obeys the same API as a Workspace, but with the added + functionality that it only returns sub-resources (projects and environments) + that the given user is allowed to see. + """ + + @property + def projects(self): + if Authorization.has_workspace_permission( + self.user, self.resource, Permissions.VIEW_APPLICATION_IN_WORKSPACE + ): + projects = self.resource.projects + else: + projects = Projects.for_user(self.user, self.resource) + + return [ScopedProject(self.user, project) for project in projects] + + +class ScopedProject(ScopedResource): + """ + An object that obeys the same API as a Workspace, but with the added + functionality that it only returns sub-resources (environments) + that the given user is allowed to see. + """ + + @property + def environments(self): + if Authorization.has_workspace_permission( + self.user, self.resource, Permissions.VIEW_ENVIRONMENT_IN_APPLICATION + ): + environments = self.resource.environments + else: + environments = Environments.for_user(self.user, self.resource) + + return environments diff --git a/atst/domain/workspaces.py b/atst/domain/workspaces/workspaces.py similarity index 97% rename from atst/domain/workspaces.py rename to atst/domain/workspaces/workspaces.py index b21c8ca0..6c374188 100644 --- a/atst/domain/workspaces.py +++ b/atst/domain/workspaces/workspaces.py @@ -9,6 +9,7 @@ from atst.domain.authz import Authorization from atst.models.permissions import Permissions from atst.domain.users import Users from atst.domain.workspace_users import WorkspaceUsers +from .scopes import ScopedWorkspace class Workspaces(object): @@ -30,7 +31,7 @@ class Workspaces(object): user, workspace, Permissions.VIEW_WORKSPACE, "get workspace" ) - return workspace + return ScopedWorkspace(user, workspace) @classmethod def get_for_update(cls, user, workspace_id):