40 lines
1.2 KiB
Python
40 lines
1.2 KiB
Python
from atat.domain.authz import Authorization
|
|
from atat.models.permissions import Permissions
|
|
from atat.domain.applications import Applications
|
|
|
|
|
|
class ScopedResource(object):
|
|
"""
|
|
An abstract class that represents a resource that is restricted
|
|
in some way by the priveleges of the user viewing that resource.
|
|
"""
|
|
|
|
def __init__(self, user, resource):
|
|
self.user = user
|
|
self.resource = resource
|
|
|
|
def __getattr__(self, name):
|
|
return getattr(self.resource, name)
|
|
|
|
def __eq__(self, other):
|
|
return self.resource == other
|
|
|
|
|
|
class ScopedPortfolio(ScopedResource):
|
|
"""
|
|
An object that obeys the same API as a Portfolio, but with the added
|
|
functionality that it only returns sub-resources (applications and environments)
|
|
that the given user is allowed to see.
|
|
"""
|
|
|
|
@property
|
|
def applications(self):
|
|
can_view_all_applications = Authorization.has_portfolio_permission(
|
|
self.user, self.resource, Permissions.VIEW_APPLICATION
|
|
)
|
|
|
|
if can_view_all_applications:
|
|
return self.resource.applications
|
|
else:
|
|
return Applications.for_user(self.user, self.resource)
|