summaryrefslogtreecommitdiff
path: root/web-server/opendc/models/scenario.py
diff options
context:
space:
mode:
authorjc0b <j@jc0b.computer>2020-07-08 17:00:44 +0200
committerFabian Mastenbroek <mail.fabianm@gmail.com>2020-08-24 19:48:00 +0200
commit0e6283dafb3378a4e86de330f3f53aa100b757de (patch)
tree045514ce4e8e708e9fe3a6d505dfaf0353773809 /web-server/opendc/models/scenario.py
parent5d5b32abb37330f1de5b49dfe639bb65b358f6f1 (diff)
parentb30906bbe0d5f343b337a80de1b4b70ebf288331 (diff)
Merge branch 'master' of github.com:atlarge-research/opendc-dev
Diffstat (limited to 'web-server/opendc/models/scenario.py')
-rw-r--r--web-server/opendc/models/scenario.py26
1 files changed, 26 insertions, 0 deletions
diff --git a/web-server/opendc/models/scenario.py b/web-server/opendc/models/scenario.py
new file mode 100644
index 00000000..d7d959ca
--- /dev/null
+++ b/web-server/opendc/models/scenario.py
@@ -0,0 +1,26 @@
+from opendc.models.model import Model
+from opendc.models.portfolio import Portfolio
+from opendc.models.user import User
+from opendc.util.exceptions import ClientError
+from opendc.util.rest import Response
+
+
+class Scenario(Model):
+ """Model representing a Scenario."""
+
+ collection_name = 'scenarios'
+
+ def check_user_access(self, google_id, edit_access):
+ """Raises an error if the user with given [google_id] has insufficient access.
+
+ Checks access on the parent project.
+
+ :param google_id: The Google ID of the user.
+ :param edit_access: True when edit access should be checked, otherwise view access.
+ """
+ portfolio = Portfolio.from_id(self.obj['portfolioId'])
+ user = User.from_google_id(google_id)
+ authorizations = list(
+ filter(lambda x: str(x['projectId']) == str(portfolio.get_id()), user.obj['authorizations']))
+ if len(authorizations) == 0 or (edit_access and authorizations[0]['authorizationLevel'] == 'VIEW'):
+ raise ClientError(Response(403, 'Forbidden from retrieving/editing scenario.'))
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-18 20:18:57 +0000