summaryrefslogtreecommitdiff
path: root/web-server/opendc/models/project.py
diff options
context:
space:
mode:
Diffstat (limited to 'web-server/opendc/models/project.py')
-rw-r--r--web-server/opendc/models/project.py31
1 files changed, 31 insertions, 0 deletions
diff --git a/web-server/opendc/models/project.py b/web-server/opendc/models/project.py
new file mode 100644
index 00000000..b57e9f77
--- /dev/null
+++ b/web-server/opendc/models/project.py
@@ -0,0 +1,31 @@
+from opendc.models.model import Model
+from opendc.models.user import User
+from opendc.util.database import DB
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Project(Model):
+ """Model representing a Project."""
+
+ collection_name = 'projects'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ user = User.from_google_id(google_id)
+ authorizations = list(filter(lambda x: str(x['projectId']) == str(self.get_id()),
+ user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, "Forbidden from retrieving project."))
+
+ def get_all_authorizations(self):
+ """Get all user IDs having access to this project."""
+ return [
+ str(user['_id']) for user in DB.fetch_all({'authorizations': {
+ 'projectId': self.obj['_id']
+ }}, User.collection_name)
+ ]
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-04 12:39:08 +0000