Source code for uw.local.print_.webui.authority

"""Authorization-related utility routines.

Authorization checkers are provided for admin users, as well as access to
orgunits and individual jobs and requisitions.
"""

[docs]def check_admin (environ, cursor, **params):
    """Check for administrator access.

    For use with :func:`uw.web.wsgi.authority.check_authority`.
    """
    person_id = environ['remote_identity'].person_id
    return cursor.check_perm_admin (person_id=person_id)

[docs]def check_orgunit (environ, cursor, orgunit, **params):
    """Check for access to an orgunit.

    For use with :func:`uw.web.wsgi.authority.check_authority`.
    """
    person_id = environ['remote_identity'].person_id
    return cursor.check_perm_orgunit (person_id=person_id, orgunit=orgunit) or cursor.check_perm_admin (person_id=person_id)

[docs]def check_job (environ, cursor, job, **params):
    """Check for access to a job.

    For use with :func:`uw.web.wsgi.authority.check_authority`.
    """
    return check_orgunit (environ, cursor, job.requisition_orgunit)

[docs]def check_requisition (environ, cursor, requisition, **params):
    """Check for access to a requisition.

    For use with :func:`uw.web.wsgi.authority.check_authority`.
    """
    job = cursor.job_by_id (job_id=requisition.job_id)
    if job is None:
        return check_admin (environ, cursor)
    else:
        return check_orgunit (environ, cursor, job.requisition_orgunit)