From 02997b2522b9c66072b16f1425c02e81e0085e3c Mon Sep 17 00:00:00 2001 From: Fabian Mastenbroek Date: Tue, 14 Jul 2020 21:10:56 +0200 Subject: Rename web-server to API This change renames the web-server component to API in order to be more descriptive of its role. The OpenDC API bridges between the frontend on one side and the database and simulator on the other side. --- api/opendc/models/scenario.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 api/opendc/models/scenario.py (limited to 'api/opendc/models/scenario.py') diff --git a/api/opendc/models/scenario.py b/api/opendc/models/scenario.py new file mode 100644 index 00000000..8d53e408 --- /dev/null +++ b/api/opendc/models/scenario.py @@ -0,0 +1,26 @@ +from opendc.models.model import Model +from opendc.models.portfolio import Portfolio +from opendc.models.user import User +from opendc.util.exceptions import ClientError +from opendc.util.rest import Response + + +class Scenario(Model): + """Model representing a Scenario.""" + + collection_name = 'scenarios' + + def check_user_access(self, google_id, edit_access): + """Raises an error if the user with given [google_id] has insufficient access. + + Checks access on the parent project. + + :param google_id: The Google ID of the user. + :param edit_access: True when edit access should be checked, otherwise view access. + """ + portfolio = Portfolio.from_id(self.obj['portfolioId']) + user = User.from_google_id(google_id) + authorizations = list( + filter(lambda x: str(x['projectId']) == str(portfolio.obj['projectId']), user.obj['authorizations'])) + if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): + raise ClientError(Response(403, 'Forbidden from retrieving/editing scenario.')) -- cgit v1.2.3