23 lines
650 B
Python
23 lines
650 B
Python
from api.users.models import *
|
|
|
|
def has_authorization(*, user, code: str, team=None) -> bool:
|
|
if not user.is_authenticated:
|
|
return False
|
|
|
|
qs = Authorization.objects.filter(code=code)
|
|
|
|
memberships = UserTeamRole.objects.filter(user=user)
|
|
|
|
if team is not None:
|
|
memberships = memberships.filter(team=team)
|
|
|
|
return qs.filter(roleauthorization__role__teammembership__in=memberships).exists()
|
|
|
|
|
|
class NotAuthorized(Exception):
|
|
pass
|
|
|
|
def require_authorization(*, user, code: str, team=None):
|
|
if not has_authorization(user=user, code=code, team=team):
|
|
raise NotAuthorized(f"Missing authorization: {code}")
|