authorization checks for task orders

2019-01-09 15:25:50 -05:00
parent a3bac44371
commit ccf1ff2024
9 changed files with 135 additions and 43 deletions
--- a/atst/domain/task_orders.py
+++ b/atst/domain/task_orders.py
@@ -2,7 +2,9 @@ from sqlalchemy.orm.exc import NoResultFound

 from atst.database import db
 from atst.models.task_order import TaskOrder
+from atst.models.permissions import Permissions
 from atst.domain.workspaces import Workspaces
+from atst.domain.authz import Authorization
 from .exceptions import NotFoundError


@@ -46,27 +48,35 @@ class TaskOrders(object):
    }

    @classmethod
-    def get(cls, task_order_id):
+    def get(cls, user, task_order_id):
        try:
            task_order = db.session.query(TaskOrder).filter_by(id=task_order_id).one()
+            Authorization.check_task_order_permission(
+                user, task_order, Permissions.VIEW_TASK_ORDER, "view task order"
+            )

            return task_order
        except NoResultFound:
            raise NotFoundError("task_order")

    @classmethod
-    def create(cls, workspace, creator, commit=False):
+    def create(cls, creator, workspace):
+        Authorization.check_workspace_permission(
+            creator, workspace, Permissions.UPDATE_TASK_ORDER, "add task order"
+        )
        task_order = TaskOrder(workspace=workspace, creator=creator)

        db.session.add(task_order)
-
-        if commit:
-            db.session.commit()
+        db.session.commit()

        return task_order

    @classmethod
-    def update(cls, task_order, **kwargs):
+    def update(cls, user, task_order, **kwargs):
+        Authorization.check_task_order_permission(
+            user, task_order, Permissions.UPDATE_TASK_ORDER, "update task order"
+        )
+
        for key, value in kwargs.items():
            setattr(task_order, key, value)

@@ -103,6 +113,13 @@ class TaskOrders(object):

    @classmethod
    def add_officer(cls, user, task_order, officer_type, officer_data):
+        Authorization.check_workspace_permission(
+            user,
+            task_order.workspace,
+            Permissions.ADD_TASK_ORDER_OFFICER,
+            "add task order officer",
+        )
+
        if officer_type in TaskOrders.OFFICERS:
            workspace = task_order.workspace