Update atst to atat
This commit is contained in:
leigh-mil
39
atat/domain/portfolios/scopes.py
Normal file
39
atat/domain/portfolios/scopes.py
Normal file
@@ -0,0 +1,39 @@
|
||||
from atat.domain.authz import Authorization
|
||||
from atat.models.permissions import Permissions
|
||||
from atat.domain.applications import Applications
|
||||
|
||||
|
||||
class ScopedResource(object):
|
||||
"""
|
||||
An abstract class that represents a resource that is restricted
|
||||
in some way by the priveleges of the user viewing that resource.
|
||||
"""
|
||||
|
||||
def __init__(self, user, resource):
|
||||
self.user = user
|
||||
self.resource = resource
|
||||
|
||||
def __getattr__(self, name):
|
||||
return getattr(self.resource, name)
|
||||
|
||||
def __eq__(self, other):
|
||||
return self.resource == other
|
||||
|
||||
|
||||
class ScopedPortfolio(ScopedResource):
|
||||
"""
|
||||
An object that obeys the same API as a Portfolio, but with the added
|
||||
functionality that it only returns sub-resources (applications and environments)
|
||||
that the given user is allowed to see.
|
||||
"""
|
||||
|
||||
@property
|
||||
def applications(self):
|
||||
can_view_all_applications = Authorization.has_portfolio_permission(
|
||||
self.user, self.resource, Permissions.VIEW_APPLICATION
|
||||
)
|
||||
|
||||
if can_view_all_applications:
|
||||
return self.resource.applications
|
||||
else:
|
||||
return Applications.for_user(self.user, self.resource)
|
||||
Reference in New Issue
Block a user