modified decorators

AI4Bharat · Aug 1, 2024 · 33fa7d1 · 33fa7d1
1 parent 7b2846d
commit 33fa7d1
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/backend/organizations/decorators.py b/backend/organizations/decorators.py
@@ -3,6 +3,8 @@
 from .models import Organization
 from functools import wraps
 from django.http import HttpResponse
+from workspaces.models import Workspace
+
 
 PERMISSION_ERROR = {
     "message": "You do not have enough permissions to access this view!"
@@ -57,3 +59,39 @@ def wrapper(self, request, *args, **kwargs):
         return Response("Permission Denied", status=403)
 
     return wrapper
+
+
+def is_permitted(f):
+    @wraps(f)
+    def wrapper(self, request, *args, **kwargs):
+        if "organization" not in request.data or "workspace" not in request.data:
+            return Response(
+                {
+                    "message": "Please send the complete request data for organization and workspace"
+                },
+                status=403,
+            )
+        organization = Organization.objects.get(id=request.data["organization"])
+        workspace = Workspace.objects.get(id=request.data["workspace"])
+        if Organization.objects.filter(
+            id=request.user.organization.id
+        ) != Organization.objects.filter(id=int(organization)):
+            return Response(NO_ORGANIZATION_OWNER_ERROR, status=403)
+        if workspace.organization != request.user.organization:
+            Response(NO_ORGANIZATION_OWNER_ERROR, status=403)
+        org_permissions = Organization.objects.filter(
+            id=request.user.organization.id
+        ).permission_json
+        requested_permission = request.data.get("requested_permission")
+        allowed_roles = org_permissions.get(requested_permission, 0)
+        if not allowed_roles:
+            return Response({"message": "Requested Permission is invalid"}, status=403)
+        for a in allowed_roles:
+            if (a == "org_owner" and request.user.role != User.ORGANIZATION_OWNER) or (
+                a == "workspace_manager" and request.user not in workspace.managers
+            ):
+                return Response({"message": "Access Denied"}, status=403)
+            return f(self, request, *args, **kwargs)
+        return Response(PERMISSION_ERROR, status=403)
+
+    return wrapper