pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restrict workspace information updates to owner and admins

Browse Source
This commit is contained in:
dandds
2018-09-17 13:30:25 -04:00
parent c3f89ba149
commit bba2a2b283
4 changed files with 63 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
atst/domain/workspaces/workspaces.py
View File

@@ -38,9 +38,9 @@ class Workspaces(object):
@classmethod
def get_for_update_information(cls, user, workspace_id):
workspace = WorkspacesQuery.get(workspace_id)
# Authorization.check_workspace_permission(
# user, workspace, TBD, "update workspace information"
# )
Authorization.check_workspace_permission(
user, workspace, Permissions.EDIT_WORKSPACE_INFORMATION, "update workspace information"
)
return workspace

1
atst/models/permissions.py
View File

@@ -20,6 +20,7 @@ class Permissions(object):
VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS = "view_assigned_atat_role_configurations"
VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS = "view_assigned_csp_role_configurations"
EDIT_WORKSPACE_INFORMATION = "edit_workspace_information"
DEACTIVATE_WORKSPACE = "deactivate_workspace"
VIEW_ATAT_PERMISSIONS = "view_atat_permissions"
TRANSFER_OWNERSHIP_OF_WORKSPACE = "transfer_ownership_of_workspace"