Skip to content

Commit

Permalink
refactor: move permission overrides to the view
Browse files Browse the repository at this point in the history
  • Loading branch information
@nas-tabchiche
nas-tabchiche committed Jan 24, 2025
1 parent 7379d80 commit c2f212a
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 10 deletions.
18 changes: 8 additions & 10 deletions backend/core/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,17 +37,15 @@ def has_object_permission(self, request: Request, view, obj):
obj, "is_published", False
):
return True
perm = Permission.objects.get(codename=_codename)

# special case of risk acceptance approval
if request.parser_context and request.parser_context[
"request"
]._request.resolver_match.url_name in [
"risk-acceptances-accept",
"risk-acceptances-reject",
"risk-acceptances-revoke",
]:
perm = Permission.objects.get(codename="approve_riskacceptance")
# Check for view action permission overrides
current_action = getattr(view, "action", None)

if current_action:
permission_overrides = getattr(view, "permission_overrides", {})
_codename = permission_overrides.get(current_action, _codename)

perm = Permission.objects.get(codename=_codename)

return RoleAssignment.is_access_allowed(
user=request.user,
Expand Down
6 changes: 6 additions & 0 deletions backend/core/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1676,6 +1676,12 @@ class RiskAcceptanceViewSet(BaseModelViewSet):
API endpoint that allows risk acceptance to be viewed or edited.
"""

permission_overrides = {
"accept": "approve_riskacceptance",
"reject": "approve_riskacceptance",
"revoke": "approve_riskacceptance",
}

model = RiskAcceptance
serializer_class = RiskAcceptanceWriteSerializer
filterset_fields = ["folder", "state", "approver", "risk_scenarios"]
Expand Down

0 comments on commit c2f212a

Please sign in to comment.