From a30c9733b04f7373d192809d5a38872442d39501 Mon Sep 17 00:00:00 2001
From: Alexey Bezhan <al@fueledbylemons.com>
Date: Tue, 19 Mar 2019 15:59:59 +0000
Subject: [PATCH] Add a helper Service method to get a template given user has
 permission

Checks if the user has access to the template's parent folder and
either returns the template or a 403 response.

This method should be used instead of calling service_api_client from
the views.
---
 app/models/service.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/app/models/service.py b/app/models/service.py
index f3839b4f9..3b53b6f1d 100644
--- a/app/models/service.py
+++ b/app/models/service.py
@@ -171,6 +171,22 @@ class Service():
             and template.get('folder') == template_folder_id
         ]
 
+    def get_template(self, template_id, version=None):
+        return service_api_client.get_service_template(self.id, str(template_id), version)['data']
+
+    def get_template_with_user_permission_or_403(self, template_id, user):
+        template = self.get_template(template_id)
+
+        if not self.has_permission("edit_folder_permissions"):
+            return template
+
+        template_folder = self.get_template_folder(template["folder"])
+
+        if not user.has_template_folder_permission(template_folder):
+            abort(403)
+
+        return template
+
     @property
     def available_template_types(self):
         return list(filter(self.has_permission, self.TEMPLATE_TYPES))