-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add permissions to motion actions and update tests. (#643)
* Add permissions to motion.sort. * Add permissions to motion.follow_recommendation. * Add permissions to motion.set_recommendation. * Add permissions to motion.reset_recommendation. * Fix Layout. * Add permissions to motion.set_support_self. * Add permission to motion.reset_state. * Add permissions to motion.set_state. * Add permissions to motion.delete. Add PermissionHelperMixin and use it. * Add permission to motion create. Update tests. * Layout fix * Fix typo * Add permissions to motion.update and update tests. * Modify mixin, add more code into the PermissionMixin and change the name of the method. Update tests. * Move check for can_create into an else block in motion.create. * Update create/update permission denied msg. Use forbidden fields. * Allow motion/submitter_ids not set in permission checks. * Move one guardian condition up in the code. Refactor submitters test. * Update test, specialize test checks. * Update motion.update and tests. * Refactor motion.update.
- Loading branch information
Showing
21 changed files
with
817 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,48 @@ | ||
from typing import Any, Dict | ||
|
||
from ....models.models import Motion | ||
from ....permissions.permission_helper import has_perm | ||
from ....permissions.permissions import Permissions | ||
from ....shared.exceptions import PermissionDenied | ||
from ....shared.patterns import Collection, FullQualifiedId | ||
from ...generics.delete import DeleteAction | ||
from ...util.default_schema import DefaultSchema | ||
from ...util.register import register_action | ||
from .mixins import PermissionHelperMixin | ||
|
||
|
||
@register_action("motion.delete") | ||
class MotionDelete(DeleteAction): | ||
class MotionDelete(DeleteAction, PermissionHelperMixin): | ||
""" | ||
Action to delete motions. | ||
""" | ||
|
||
model = Motion() | ||
schema = DefaultSchema(Motion()).get_delete_schema() | ||
|
||
def check_permissions(self, instance: Dict[str, Any]) -> None: | ||
motion = self.datastore.get( | ||
FullQualifiedId(Collection("motion"), instance["id"]), | ||
[ | ||
"state_id", | ||
"submitter_ids", | ||
"meeting_id", | ||
], | ||
) | ||
if has_perm( | ||
self.datastore, | ||
self.user_id, | ||
Permissions.Motion.CAN_MANAGE, | ||
motion["meeting_id"], | ||
): | ||
return | ||
|
||
if self.is_allowed_and_submitter( | ||
motion.get("submitter_ids", []), | ||
motion["state_id"], | ||
): | ||
return | ||
|
||
msg = f"You are not allowed to perform action {self.name}." | ||
msg += f"Missing permission: {Permissions.Motion.CAN_MANAGE}" | ||
raise PermissionDenied(msg) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
from typing import List | ||
|
||
from ....services.datastore.commands import GetManyRequest | ||
from ....shared.patterns import Collection, FullQualifiedId | ||
from ...action import Action | ||
|
||
|
||
class PermissionHelperMixin(Action): | ||
def is_allowed_and_submitter(self, submitter_ids: List[int], state_id: int) -> bool: | ||
if not submitter_ids: | ||
return False | ||
state = self.datastore.get( | ||
FullQualifiedId(Collection("motion_state"), state_id), | ||
["allow_submitter_edit"], | ||
) | ||
if not state.get("allow_submitter_edit"): | ||
return False | ||
get_many_request = GetManyRequest( | ||
Collection("motion_submitter"), submitter_ids, ["user_id"] | ||
) | ||
result = self.datastore.get_many([get_many_request]) | ||
submitters = result.get(Collection("motion_submitter"), {}).values() | ||
return any(self.user_id == s.get("user_id") for s in submitters) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.