51 lines
1.5 KiB
Python
51 lines
1.5 KiB
Python
from functools import wraps
|
|
|
|
from flask import g, current_app as app, request
|
|
|
|
from . import user_can_access
|
|
from atat.domain.exceptions import UnauthorizedError
|
|
|
|
|
|
def check_access(permission, message, override, *args, **kwargs):
|
|
access_args = {
|
|
"message": message,
|
|
"portfolio": g.portfolio,
|
|
"application": g.application,
|
|
}
|
|
|
|
if override is not None and override(g.current_user, **access_args, **kwargs):
|
|
return True
|
|
|
|
user_can_access(g.current_user, permission, **access_args)
|
|
|
|
return True
|
|
|
|
|
|
def user_can_access_decorator(permission, message=None, override=None):
|
|
def decorator(f):
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
try:
|
|
check_access(permission, message, override, *args, **kwargs)
|
|
app.logger.info(
|
|
"User {} accessed {} {}".format(
|
|
g.current_user.id, request.method, request.path
|
|
),
|
|
extra={"tags": ["access", "success"]},
|
|
)
|
|
|
|
return f(*args, **kwargs)
|
|
except UnauthorizedError as err:
|
|
app.logger.warning(
|
|
"User {} denied access {} {}".format(
|
|
g.current_user.id, request.method, request.path
|
|
),
|
|
extra={"tags": ["access", "failure"]},
|
|
)
|
|
|
|
raise (err)
|
|
|
|
return decorated_function
|
|
|
|
return decorator
|