diff options
| author | jc0b <j@jc0b.computer> | 2020-07-08 17:00:44 +0200 |
|---|---|---|
| committer | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2020-08-24 19:48:00 +0200 |
| commit | 0e6283dafb3378a4e86de330f3f53aa100b757de (patch) | |
| tree | 045514ce4e8e708e9fe3a6d505dfaf0353773809 /web-server/opendc/models/portfolio.py | |
| parent | 5d5b32abb37330f1de5b49dfe639bb65b358f6f1 (diff) | |
| parent | b30906bbe0d5f343b337a80de1b4b70ebf288331 (diff) | |
Merge branch 'master' of github.com:atlarge-research/opendc-dev
Diffstat (limited to 'web-server/opendc/models/portfolio.py')
| -rw-r--r-- | web-server/opendc/models/portfolio.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/web-server/opendc/models/portfolio.py b/web-server/opendc/models/portfolio.py new file mode 100644 index 00000000..32961b63 --- /dev/null +++ b/web-server/opendc/models/portfolio.py @@ -0,0 +1,24 @@ +from opendc.models.model import Model +from opendc.models.user import User +from opendc.util.exceptions import ClientError +from opendc.util.rest import Response + + +class Portfolio(Model): + """Model representing a Portfolio.""" + + collection_name = 'portfolios' + + def check_user_access(self, google_id, edit_access): + """Raises an error if the user with given [google_id] has insufficient access. + + Checks access on the parent project. + + :param google_id: The Google ID of the user. + :param edit_access: True when edit access should be checked, otherwise view access. + """ + user = User.from_google_id(google_id) + authorizations = list( + filter(lambda x: str(x['projectId']) == str(self.obj['projectId']), user.obj['authorizations'])) + if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'): + raise ClientError(Response(403, 'Forbidden from retrieving/editing portfolio.')) |