Skip to content

Commit

Permalink
add special RBAC logic for approve
Browse files Browse the repository at this point in the history
There is probably a better way, but this should work fine. We rely on route parsing.
  • Loading branch information
eric-intuitem committed May 7, 2024
1 parent 6d0d550 commit b374284
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion backend/core/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,13 @@ def has_object_permission(self, request: Request, view, obj):
_codename = perms[0].split(".")[1]
if request.method in ["GET", "OPTIONS", "HEAD"] and obj.is_published:
return True
perm=Permission.objects.get(codename=_codename)
# special case of risk acceptance approval
if request.parser_context["request"]._request.resolver_match.url_name == "risk-acceptances-accept":
perm = Permission.objects.get(codename="approve_riskacceptance")
return RoleAssignment.is_access_allowed(
user=request.user,
perm=Permission.objects.get(codename=_codename),
perm=perm,
folder=Folder.get_folder(obj),
)

Expand Down

0 comments on commit b374284

Please sign in to comment.