fa2f7f29f3
Application users can see all environments on an application. Limiting access to the CSP console for an an environment should be handled differently.
40 lines
1.2 KiB
Python
40 lines
1.2 KiB
Python
from atst.domain.authz import Authorization
|
|
from atst.models.permissions import Permissions
|
|
from atst.domain.applications import Applications
|
|
|
|
|
|
class ScopedResource(object):
|
|
"""
|
|
An abstract class that represents a resource that is restricted
|
|
in some way by the priveleges of the user viewing that resource.
|
|
"""
|
|
|
|
def __init__(self, user, resource):
|
|
self.user = user
|
|
self.resource = resource
|
|
|
|
def __getattr__(self, name):
|
|
return getattr(self.resource, name)
|
|
|
|
def __eq__(self, other):
|
|
return self.resource == other
|
|
|
|
|
|
class ScopedPortfolio(ScopedResource):
|
|
"""
|
|
An object that obeys the same API as a Portfolio, but with the added
|
|
functionality that it only returns sub-resources (applications and environments)
|
|
that the given user is allowed to see.
|
|
"""
|
|
|
|
@property
|
|
def applications(self):
|
|
can_view_all_applications = Authorization.has_portfolio_permission(
|
|
self.user, self.resource, Permissions.VIEW_APPLICATION
|
|
)
|
|
|
|
if can_view_all_applications:
|
|
return self.resource.applications
|
|
else:
|
|
return Applications.for_user(self.user, self.resource)
|