darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 07:35:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add permission check in for v2 post notification

Browse Source
This commit is contained in:
Ken Tsang
2017-06-29 11:13:32 +01:00
committed by venusbb
parent 46a55c1cdb
commit e0fbcb0dc6
4 changed files with 58 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/template/rest.py
View File

@@ -37,7 +37,7 @@ def _content_count_greater_than_limit(content, template_type):
return template.content_count > current_app.config.get('SMS_CHAR_COUNT_LIMIT')
def _has_service_permission(template_type, action, permissions):
def _service_has_permission(template_type, action, permissions):
if template_type not in [p.permission for p in permissions]:
template_type_text = template_type
if template_type == SMS_TYPE:
@@ -53,7 +53,7 @@ def create_template(service_id):
permissions = fetched_service.permissions
new_template = template_schema.load(request.get_json()).data
_has_service_permission(new_template.template_type, 'Create', permissions)
_service_has_permission(new_template.template_type, 'Create', permissions)
new_template.service = fetched_service
over_limit = _content_count_greater_than_limit(new_template.content, new_template.template_type)
@@ -71,7 +71,7 @@ def create_template(service_id):
def update_template(service_id, template_id):
fetched_template = dao_get_template_by_id_and_service_id(template_id=template_id, service_id=service_id)
_has_service_permission(fetched_template.template_type, 'Update', fetched_template.service.permissions)
_service_has_permission(fetched_template.template_type, 'Update', fetched_template.service.permissions)
data = request.get_json()