[IMP] Introduced permission check in the business layer

source/app/business/cases.py

@@ -18,14 +18,17 @@
 
 from app import app
 from app.models.authorization import CaseAccessLevel
+from app.models.authorization import Permissions
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.datamgmt.manage.manage_cases_db import delete_case
 from app.business.errors import BusinessProcessingError
 from app.business.permissions import check_current_user_has_some_case_access
+from app.business.permissions import check_current_user_has_some_permission
 
 
 def delete(case_identifier, context_case_identifier):
+    check_current_user_has_some_permission([Permissions.standard_user])
     check_current_user_has_some_case_access(case_identifier, [CaseAccessLevel.full_access])
 
     if case_identifier == 1:

source/app/business/permissions.py

@@ -16,10 +16,26 @@
 #  along with this program; if not, write to the Free Software Foundation,
 #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
+from flask import session
+from flask_login import current_user
+
+from app.models.authorization import Permissions
+from app.iris_engine.access_control.utils import ac_get_effective_permissions_of_user
 from app.iris_engine.access_control.utils import ac_fast_check_current_user_has_case_access
 from app.business.errors import PermissionDeniedError
 
 
 def check_current_user_has_some_case_access(case_identifier, access_levels):
     if not ac_fast_check_current_user_has_case_access(case_identifier, access_levels):
         raise PermissionDeniedError()
+
+
+def check_current_user_has_some_permission(permissions):
+    if 'permissions' not in session:
+        session['permissions'] = ac_get_effective_permissions_of_user(current_user)
+
+    for permission in permissions:
+        if session['permissions'] & permission.value:
+            return
+
+    raise PermissionDeniedError()