Update atst to atat

atat/domain/authz/decorator.py

@@ -0,0 +1,50 @@
+from functools import wraps
+
+from flask import g, current_app as app, request
+
+from . import user_can_access
+from atat.domain.exceptions import UnauthorizedError
+
+
+def check_access(permission, message, override, *args, **kwargs):
+    access_args = {
+        "message": message,
+        "portfolio": g.portfolio,
+        "application": g.application,
+    }
+
+    if override is not None and override(g.current_user, **access_args, **kwargs):
+        return True
+
+    user_can_access(g.current_user, permission, **access_args)
+
+    return True
+
+
+def user_can_access_decorator(permission, message=None, override=None):
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            try:
+                check_access(permission, message, override, *args, **kwargs)
+                app.logger.info(
+                    "User {} accessed {} {}".format(
+                        g.current_user.id, request.method, request.path
+                    ),
+                    extra={"tags": ["access", "success"]},
+                )
+
+                return f(*args, **kwargs)
+            except UnauthorizedError as err:
+                app.logger.warning(
+                    "User {} denied access {} {}".format(
+                        g.current_user.id, request.method, request.path
+                    ),
+                    extra={"tags": ["access", "failure"]},
+                )
+
+                raise (err)
+
+        return decorated_function
+
+    return decorator