Skip to content

Commit

Permalink
Merge pull request #388 from intuitem/fix/approve_risk_acceptance
Browse files Browse the repository at this point in the history 
#386_add special RBAC logic for approve
  • Loading branch information
@ab-smith
ab-smith authored May 7, 2024
2 parents 1fc095e + 75dd204 commit 654d123
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion backend/core/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,16 @@ def has_object_permission(self, request: Request, view, obj):
_codename = perms[0].split(".")[1]
if request.method in ["GET", "OPTIONS", "HEAD"] and obj.is_published:
return True
perm = Permission.objects.get(codename=_codename)
# special case of risk acceptance approval
if (
request.parser_context["request"]._request.resolver_match.url_name
== "risk-acceptances-accept"
):
perm = Permission.objects.get(codename="approve_riskacceptance")
return RoleAssignment.is_access_allowed(
user=request.user,
perm=Permission.objects.get(codename=_codename),
perm=perm,
folder=Folder.get_folder(obj),
)

Expand Down

0 comments on commit 654d123

Please sign in to comment.