pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atst/atat/domain/authz/decorator.py
leigh-mil c2814416fb Update atst to atat
2020-03-04 11:51:15 -05:00

51 lines
1.5 KiB
Python
Raw Blame History

from functools import wraps
from flask import g, current_app as app, request
from . import user_can_access
from atat.domain.exceptions import UnauthorizedError
def check_access(permission, message, override, *args, **kwargs):
access_args = {
"message": message,
"portfolio": g.portfolio,
"application": g.application,
}
if override is not None and override(g.current_user, **access_args, **kwargs):
return True
user_can_access(g.current_user, permission, **access_args)
return True
def user_can_access_decorator(permission, message=None, override=None):
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
try:
check_access(permission, message, override, *args, **kwargs)
app.logger.info(
"User {} accessed {} {}".format(
g.current_user.id, request.method, request.path
),
extra={"tags": ["access", "success"]},
)
return f(*args, **kwargs)
except UnauthorizedError as err:
app.logger.warning(
"User {} denied access {} {}".format(
g.current_user.id, request.method, request.path
),
extra={"tags": ["access", "failure"]},
)
raise (err)
return decorated_function
return decorator
Reference in New Issue View Git Blame Copy Permalink