Created ScopedResource concept, create workspaces module

2018-09-10 13:41:14 -04:00 · 2018-09-10 13:41:14 -04:00 · 89f6c903d1
commit 89f6c903d1
parent 996596f2b3
3 changed files with 62 additions and 1 deletions
--- a/atst/domain/workspaces/init.py
+++ b/atst/domain/workspaces/init.py
@ -0,0 +1 @@
+from .workspaces import Workspaces
--- a/atst/domain/workspaces/scopes.py
+++ b/atst/domain/workspaces/scopes.py
@ -0,0 +1,59 @@
+from atst.domain.authz import Authorization
+from atst.models.permissions import Permissions
+from atst.domain.projects import Projects
+from atst.domain.environments import Environments
+
+
+class ScopedResource(object):
+    """
+    An abstract class that represents a resource that is restricted
+    in some way by the priveleges of the user viewing that resource.
+    """
+
+    def __init__(self, user, resource):
+        self.user = user
+        self.resource = resource
+
+    def __getattr__(self, name):
+        return getattr(self.resource, name)
+
+    def __eq__(self, other):
+        return self.resource == other
+
+
+class ScopedWorkspace(ScopedResource):
+    """
+    An object that obeys the same API as a Workspace, but with the added
+    functionality that it only returns sub-resources (projects and environments)
+    that the given user is allowed to see.
+    """
+
+    @property
+    def projects(self):
+        if Authorization.has_workspace_permission(
+            self.user, self.resource, Permissions.VIEW_APPLICATION_IN_WORKSPACE
+        ):
+            projects = self.resource.projects
+        else:
+            projects = Projects.for_user(self.user, self.resource)
+
+        return [ScopedProject(self.user, project) for project in projects]
+
+
+class ScopedProject(ScopedResource):
+    """
+    An object that obeys the same API as a Workspace, but with the added
+    functionality that it only returns sub-resources (environments)
+    that the given user is allowed to see.
+    """
+
+    @property
+    def environments(self):
+        if Authorization.has_workspace_permission(
+            self.user, self.resource, Permissions.VIEW_ENVIRONMENT_IN_APPLICATION
+        ):
+            environments = self.resource.environments
+        else:
+            environments = Environments.for_user(self.user, self.resource)
+
+        return environments
--- a/atst/domain/workspaces/workspaces.py
+++ b/atst/domain/workspaces/workspaces.py
@ -9,6 +9,7 @@ from atst.domain.authz import Authorization
 from atst.models.permissions import Permissions
 from atst.domain.users import Users
 from atst.domain.workspace_users import WorkspaceUsers
+from .scopes import ScopedWorkspace


 class Workspaces(object):
@ -30,7 +31,7 @@ class Workspaces(object):
            user, workspace, Permissions.VIEW_WORKSPACE, "get workspace"
        )

-        return workspace
+        return ScopedWorkspace(user, workspace)

    @classmethod
    def get_for_update(cls, user, workspace_id):