[WIP] When user is added to a service a list of permissions groups are

used to assign the correct permissions to the user. Last slice will be to update invite status.
2026-01-30 14:31:57 -05:00 · 2016-03-03 15:17:14 +00:00
parent 9b28a6d4ad
commit fc8e27e582
6 changed files with 273 additions and 25 deletions
--- a/app/permissions_utils.py
+++ b/app/permissions_utils.py
@@ -0,0 +1,27 @@
+from app.models import (
+    MANAGE_USERS,
+    MANAGE_TEMPLATES,
+    MANAGE_SETTINGS,
+    SEND_TEXTS,
+    SEND_EMAILS,
+    SEND_LETTERS,
+    MANAGE_API_KEYS,
+    ACCESS_DEVELOPER_DOCS
+)
+
+from app.schemas import permission_schema
+
+
+permissions_groups = {'send_messages': [SEND_TEXTS, SEND_EMAILS, SEND_LETTERS],
+                      'manage_service': [MANAGE_USERS, MANAGE_SETTINGS, MANAGE_TEMPLATES],
+                      'manage_api_keys': [MANAGE_API_KEYS, ACCESS_DEVELOPER_DOCS]}
+
+
+def get_permissions_by_group(permission_groups):
+    requested_permissions = []
+    for group in permission_groups:
+        permissions = permissions_groups[group]
+        for permission in permissions:
+            requested_permissions.append({'permission': permission})
+    permissions, errors = permission_schema.load(requested_permissions, many=True)
+    return permissions
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -28,7 +28,11 @@ from app.models import ApiKey
 from app.schemas import (
    service_schema,
    api_key_schema,
-    user_schema)
+    user_schema,
+    permission_schema,
+    invited_user_schema
+)
+
 from app.errors import register_errors

 service = Blueprint('service', __name__)
@@ -173,6 +177,10 @@ def add_user_to_service(service_id, user_id):
                       message='User id: {} already part of service id: {}'.format(user_id, service_id)), 400

    dao_add_user_to_service(service, user)
+    invited_user, errors = invited_user_schema.load(request.get_json())
+    if errors:
+        return jsonify(result="error", message=errors), 404
+    _process_permissions(user, service, invited_user.get_permissions())

    data, errors = service_schema.dump(service)
    return jsonify(data=data), 201
@@ -180,3 +188,13 @@ def add_user_to_service(service_id, user_id):

 def _service_not_found(service_id):
    return jsonify(result='error', message='Service not found for id: {}'.format(service_id)), 404
+
+
+def _process_permissions(user, service, permission_groups):
+    from app.permissions_utils import get_permissions_by_group
+    from app.dao.permissions_dao import permission_dao
+    permissions = get_permissions_by_group(permission_groups)
+    for permission in permissions:
+        permission.user = user
+        permission.service = service
+    permission_dao.set_user_permission(user, permissions)