pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add in check to make sure that user has portfolio and app perms

Browse Source
This commit is contained in:
leigh-mil
2019-03-25 15:54:10 -04:00
parent 2cb5cf6b9d
commit d152034e1b
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
atst/domain/authz/decorator.py
View File

@@ -5,6 +5,7 @@ from flask import g, current_app as app, request
from . import user_can_access
from atst.domain.portfolios import Portfolios
from atst.domain.task_orders import TaskOrders
from atst.domain.applications import Applications
from atst.domain.exceptions import UnauthorizedError
@@ -16,6 +17,10 @@ def check_access(permission, message, exception, *args, **kwargs):
g.current_user, kwargs["portfolio_id"]
)
if "application_id" in kwargs:
application = Applications.get(kwargs["application_id"])
access_args["portfolio"] = application.portfolio
if "task_order_id" in kwargs:
task_order = TaskOrders.get(kwargs["task_order_id"])
access_args["portfolio"] = task_order.portfolio