57 lines
1.9 KiB
Python
57 lines
1.9 KiB
Python
from atst.domain.portfolio_roles import PortfolioRoles
|
|
from atst.models.permissions import Permissions
|
|
from atst.domain.exceptions import UnauthorizedError
|
|
|
|
|
|
class Authorization(object):
|
|
@classmethod
|
|
def has_portfolio_permission(cls, user, portfolio, permission):
|
|
return permission in PortfolioRoles.portfolio_role_permissions(portfolio, user)
|
|
|
|
@classmethod
|
|
def has_atat_permission(cls, user, permission):
|
|
return permission in user.atat_role.permissions
|
|
|
|
@classmethod
|
|
def is_in_portfolio(cls, user, portfolio):
|
|
return user in portfolio.users
|
|
|
|
@classmethod
|
|
def check_portfolio_permission(cls, user, portfolio, permission, message):
|
|
if not Authorization.has_portfolio_permission(user, portfolio, permission):
|
|
raise UnauthorizedError(user, message)
|
|
|
|
@classmethod
|
|
def check_atat_permission(cls, user, permission, message):
|
|
if not Authorization.has_atat_permission(user, permission):
|
|
raise UnauthorizedError(user, message)
|
|
|
|
@classmethod
|
|
def can_view_audit_log(cls, user):
|
|
return Authorization.has_atat_permission(user, Permissions.VIEW_AUDIT_LOG)
|
|
|
|
@classmethod
|
|
def is_ccpo(cls, user):
|
|
return user.atat_role.name == "ccpo"
|
|
|
|
@classmethod
|
|
def check_task_order_permission(cls, user, task_order, permission, message):
|
|
if Authorization._check_is_task_order_officer(task_order, user):
|
|
return True
|
|
|
|
Authorization.check_portfolio_permission(
|
|
user, task_order.portfolio, permission, message
|
|
)
|
|
|
|
@classmethod
|
|
def _check_is_task_order_officer(cls, task_order, user):
|
|
for officer in [
|
|
"contracting_officer",
|
|
"contracting_officer_representative",
|
|
"security_officer",
|
|
]:
|
|
if getattr(task_order, officer, None) == user:
|
|
return True
|
|
|
|
return False
|