Skip to content

Commit d94284a

Browse files
gmazoyergmazoyer
committed
Add edit default branch perm to get perm report func
1 parent e7cded3 commit d94284a

File tree

1 file changed

+58
-31
lines changed

1 file changed

+58
-31
lines changed

backend/infrahub/permissions/report.py

Lines changed: 58 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -22,18 +22,21 @@ def get_permission_report(
2222
node: MainSchemaTypes,
2323
action: str,
2424
is_super_admin: bool = False,
25+
can_edit_default_branch: bool = False,
2526
) -> PermissionDecisionFlag:
26-
return (
27-
PermissionDecisionFlag.ALLOW_ALL
28-
if is_super_admin
29-
else backend.report_object_permission(
30-
permissions=permissions["object_permissions"],
31-
namespace=node.namespace,
32-
name=node.name,
33-
action=action,
34-
)
27+
if is_super_admin:
28+
return PermissionDecisionFlag.ALLOW_ALL
29+
30+
decision = backend.report_object_permission(
31+
permissions=permissions["object_permissions"], namespace=node.namespace, name=node.name, action=action
3532
)
3633

34+
# What do we do if edit default branch global permission is set?
35+
# if can_edit_default_branch:
36+
# decision |= PermissionDecisionFlag.ALLOW_DEFAULT
37+
38+
return decision
39+
3740

3841
async def report_schema_permissions(
3942
db: InfrahubDatabase, schemas: list[MainSchemaTypes], account_session: AccountSession, branch: Branch
@@ -47,30 +50,54 @@ async def report_schema_permissions(
4750
id="", name="", action=GlobalPermissions.SUPER_ADMIN.value, decision=PermissionDecision.ALLOW_ALL.value
4851
),
4952
)
53+
can_edit_default_branch = perm_backend.resolve_global_permission(
54+
permissions=permissions["global_permissions"],
55+
permission_to_check=GlobalPermission(
56+
id="",
57+
name="",
58+
action=GlobalPermissions.EDIT_DEFAULT_BRANCH.value,
59+
decision=PermissionDecision.ALLOW_ALL.value,
60+
),
61+
)
5062

5163
permission_objects: list[KindPermissions] = []
5264
for node in schemas:
53-
permission_report: KindPermissions = {
54-
"kind": node.kind,
55-
"create": get_permission_report(
56-
backend=perm_backend, permissions=permissions, node=node, action="create", is_super_admin=is_super_admin
57-
),
58-
"delete": get_permission_report(
59-
backend=perm_backend, permissions=permissions, node=node, action="delete", is_super_admin=is_super_admin
60-
),
61-
"update": get_permission_report(
62-
backend=perm_backend, permissions=permissions, node=node, action="update", is_super_admin=is_super_admin
63-
),
64-
"view": get_permission_report(
65-
backend=perm_backend, permissions=permissions, node=node, action="view", is_super_admin=is_super_admin
66-
),
67-
}
68-
69-
# What do we do if edit default branch global permission is set?
70-
# if not restrict_changes:
71-
# for key in permission_report:
72-
# permission_report[key] |= PermissionDecisionFlag.ALLOW_DEFAULT
73-
74-
permission_objects.append(permission_report)
65+
permission_objects.append(
66+
{
67+
"kind": node.kind,
68+
"create": get_permission_report(
69+
backend=perm_backend,
70+
permissions=permissions,
71+
node=node,
72+
action="create",
73+
is_super_admin=is_super_admin,
74+
can_edit_default_branch=can_edit_default_branch,
75+
),
76+
"delete": get_permission_report(
77+
backend=perm_backend,
78+
permissions=permissions,
79+
node=node,
80+
action="delete",
81+
is_super_admin=is_super_admin,
82+
can_edit_default_branch=can_edit_default_branch,
83+
),
84+
"update": get_permission_report(
85+
backend=perm_backend,
86+
permissions=permissions,
87+
node=node,
88+
action="update",
89+
is_super_admin=is_super_admin,
90+
can_edit_default_branch=can_edit_default_branch,
91+
),
92+
"view": get_permission_report(
93+
backend=perm_backend,
94+
permissions=permissions,
95+
node=node,
96+
action="view",
97+
is_super_admin=is_super_admin,
98+
can_edit_default_branch=can_edit_default_branch,
99+
),
100+
}
101+
)
75102

76103
return permission_objects

0 commit comments

Comments
 (0)