dont use has_permissions to check for platform admins

platform_admin is a separate concept to permissions, so by removing the checks for it from the current_user.has_permissions function, we can simplify things greatly. We already record on the user whether they're a platform admin anyway.
2026-05-05 08:31:00 -04:00 · 2018-02-27 16:45:20 +00:00
parent 4b69e1003e
commit 7ddad7c99e
18 changed files with 66 additions and 54 deletions
--- a/app/utils.py
+++ b/app/utils.py
@@ -78,6 +78,17 @@ def user_has_permissions(*permissions, admin_override=False, any_=False):
    return wrap


+def user_is_platform_admin(f):
+    @wraps(f)
+    def wrapped(*args, **kwargs):
+        if not current_user.is_authenticated:
+            abort(401)
+        if not current_user.platform_admin:
+            abort(403)
+        return f(*args, **kwargs)
+    return wrapped
+
+
 def redirect_to_sign_in(f):
    @wraps(f)
    def wrapped(*args, **kwargs):