Skip to content

Commit

Permalink
Comment all usage of has_role_based_access
Browse files Browse the repository at this point in the history
  • Loading branch information
dinukadesilva committed Nov 2, 2019
1 parent 30ef12c commit ae78f39
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 19 deletions.
9 changes: 5 additions & 4 deletions api/TallySheetApi.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ def getAll(electionId=None, areaId=None, tallySheetCode=None):
result = get_paginated_query(result).all()

# filter based on roles
filtered_results = [tally_sheet for tally_sheet in result if has_role_based_access(tally_sheet, ACCESS_TYPE_READ)]
# filtered_results = [tally_sheet for tally_sheet in result if has_role_based_access(tally_sheet, ACCESS_TYPE_READ)]

return TallySheetSchema(many=True).dump(filtered_results).data
return TallySheetSchema(many=True).dump(result).data


@authorize(required_roles=ALL_ROLES)
Expand All @@ -45,8 +45,9 @@ def get_by_id(tallySheetId):
return TallySheetSchema().dump(tally_sheet).data


@authorize(required_roles=[POLLING_DIVISION_REPORT_VERIFIER_ROLE, ELECTORAL_DISTRICT_REPORT_VERIFIER_ROLE,
NATIONAL_REPORT_VERIFIER_ROLE])
@authorize(
required_roles=[DATA_EDITOR_ROLE, POLLING_DIVISION_REPORT_VERIFIER_ROLE, ELECTORAL_DISTRICT_REPORT_VERIFIER_ROLE,
NATIONAL_REPORT_VERIFIER_ROLE])
def unlock(tallySheetId):
tally_sheet = TallySheet.get_by_id(tallySheetId=tallySheetId)

Expand Down
30 changes: 15 additions & 15 deletions orm/entities/Submission/TallySheet/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,19 +54,19 @@ def set_locked_version(self, tallySheetVersion: TallySheetVersion):
# )

if tallySheetVersion is None:
if not has_role_based_access(self, ACCESS_TYPE_UNLOCK):
raise ForbiddenException(
message="User doesn't have access to tally sheet.",
code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK
)
# if not has_role_based_access(self, ACCESS_TYPE_UNLOCK):
# raise ForbiddenException(
# message="User doesn't have access to tally sheet.",
# code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_UNLOCK
# )

self.submission.set_locked_version(submissionVersion=None)
else:
if not has_role_based_access(self, ACCESS_TYPE_LOCK):
raise ForbiddenException(
message="User doesn't have access to tally sheet.",
code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK
)
# if not has_role_based_access(self, ACCESS_TYPE_LOCK):
# raise ForbiddenException(
# message="User doesn't have access to tally sheet.",
# code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_LOCK
# )

self.submission.set_locked_version(submissionVersion=tallySheetVersion.submissionVersion)

Expand Down Expand Up @@ -139,11 +139,11 @@ def get_by_id(tallySheetId, tallySheetCode=None):

result = query.one_or_none()

if not has_role_based_access(result, ACCESS_TYPE_READ):
raise ForbiddenException(
message="User doesn't have access to tally sheet.",
code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VIEW
)
# if not has_role_based_access(result, ACCESS_TYPE_READ):
# raise ForbiddenException(
# message="User doesn't have access to tally sheet.",
# code=MESSAGE_CODE_TALLY_SHEET_NOT_AUTHORIZED_TO_VIEW
# )

return result

Expand Down

0 comments on commit ae78f39

Please sign in to comment.