diff --git a/api/TallySheetApi.py b/api/TallySheetApi.py index 8a32f807..b1fa8c7f 100644 --- a/api/TallySheetApi.py +++ b/api/TallySheetApi.py @@ -27,9 +27,9 @@ def getAll(electionId=None, areaId=None, tallySheetCode=None): result = get_paginated_query(result).all() # filter based on roles - filtered_results = [tally_sheet for tally_sheet in result if has_role_based_access(tally_sheet, ACCESS_TYPE_READ)] + # filtered_results = [tally_sheet for tally_sheet in result if has_role_based_access(tally_sheet, ACCESS_TYPE_READ)] - return TallySheetSchema(many=True).dump(filtered_results).data + return TallySheetSchema(many=True).dump(result).data @authorize(required_roles=ALL_ROLES) @@ -45,8 +45,9 @@ def get_by_id(tallySheetId): return TallySheetSchema().dump(tally_sheet).data -@authorize(required_roles=[POLLING_DIVISION_REPORT_VERIFIER_ROLE, ELECTORAL_DISTRICT_REPORT_VERIFIER_ROLE, - NATIONAL_REPORT_VERIFIER_ROLE]) +@authorize( + required_roles=[DATA_EDITOR_ROLE, POLLING_DIVISION_REPORT_VERIFIER_ROLE, ELECTORAL_DISTRICT_REPORT_VERIFIER_ROLE, + NATIONAL_REPORT_VERIFIER_ROLE]) def unlock(tallySheetId): tally_sheet = TallySheet.get_by_id(tallySheetId=tallySheetId) diff --git a/orm/entities/Submission/TallySheet/__init__.py b/orm/entities/Submission/TallySheet/__init__.py index 0c84c3b1..7f5b07b5 100644 --- a/orm/entities/Submission/TallySheet/__init__.py +++ b/orm/entities/Submission/TallySheet/__init__.py @@ -54,19 +54,19 @@ def set_locked_version(self, tallySheetVersion: TallySheetVersion): # ) if tallySheetVersion is None: - if not has_role_based_access(self, ACCESS_TYPE_UNLOCK): - raise ForbiddenException( - message="User doesn't have access to tally sheet.", - code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK - ) + # if not has_role_based_access(self, ACCESS_TYPE_UNLOCK): + # raise ForbiddenException( + # message="User doesn't have access to tally sheet.", + # code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK + # ) self.submission.set_locked_version(submissionVersion=None) else: - if not has_role_based_access(self, ACCESS_TYPE_LOCK): - raise ForbiddenException( - message="User doesn't have access to tally sheet.", - code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK - ) + # if not has_role_based_access(self, ACCESS_TYPE_LOCK): + # raise ForbiddenException( + # message="User doesn't have access to tally sheet.", + # code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK + # ) self.submission.set_locked_version(submissionVersion=tallySheetVersion.submissionVersion) @@ -139,11 +139,11 @@ def get_by_id(tallySheetId, tallySheetCode=None): result = query.one_or_none() - if not has_role_based_access(result, ACCESS_TYPE_READ): - raise ForbiddenException( - message="User doesn't have access to tally sheet.", - code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VIEW - ) + # if not has_role_based_access(result, ACCESS_TYPE_READ): + # raise ForbiddenException( + # message="User doesn't have access to tally sheet.", + # code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VIEW + # ) return result