you only to check one assignment cuz it has a unique constraint now. w/ mike

This commit is contained in:
burnettk 2022-10-07 17:12:59 -04:00
parent 5f708fe41d
commit c37d123d09
1 changed files with 10 additions and 13 deletions

View File

@ -18,25 +18,22 @@ class AuthorizationService:
principal: PrincipalModel, permission: str, target_uri: str principal: PrincipalModel, permission: str, target_uri: str
) -> bool: ) -> bool:
"""Has_permission.""" """Has_permission."""
permission_assignments = ( permission_assignment = (
PermissionAssignmentModel.query.filter_by( PermissionAssignmentModel.query.filter_by(
principal_id=principal.id, permission=permission principal_id=principal.id, permission=permission
) )
.join(PermissionTargetModel) .join(PermissionTargetModel)
.filter_by(uri=target_uri) .filter_by(uri=target_uri)
.all() .first()
) )
if len(permission_assignments) > 1: if permission_assignment is None:
raise Exception( return False
"Multiple permission assignments found for query. That should not be possible."
)
for permission_assignment in permission_assignments:
if permission_assignment.grant_type.value == "permit": if permission_assignment.grant_type.value == "permit":
return True return True
elif permission_assignment.grant_type.value == "deny": elif permission_assignment.grant_type.value == "deny":
return False return False
else:
return False raise Exception("Unknown grant type")
# def refresh_token(self, token: str) -> str: # def refresh_token(self, token: str) -> str:
# """Refresh_token.""" # """Refresh_token."""