|
2 | 2 | from sqlalchemy import and_ |
3 | 3 |
|
4 | 4 | from app import db |
| 5 | +from app.business.access_controls import set_case_effective_access_for_user |
5 | 6 | from app.logger import logger |
6 | 7 | from app.iris_engine.access_control.iris_user import iris_current_user |
7 | | -from app.datamgmt.manage.manage_access_control_db import check_ua_case_client |
8 | | -from app.datamgmt.manage.manage_access_control_db import get_case_effective_access |
9 | 8 | from app.models.cases import Cases |
10 | 9 | from app.models.models import Client |
11 | 10 | from app.models.authorization import CaseAccessLevel |
@@ -285,33 +284,6 @@ def ac_trace_effective_user_permissions(user_id): |
285 | 284 | return perms |
286 | 285 |
|
287 | 286 |
|
288 | | -def ac_fast_check_user_has_case_access(user_id, cid, expected_access_levels: list[CaseAccessLevel]): |
289 | | - """ |
290 | | - Checks the user has access to the case with at least one of the access_level |
291 | | - if the user has access, returns the access level of the user to the case |
292 | | - Returns None otherwise |
293 | | - """ |
294 | | - access_level = get_case_effective_access(user_id, cid) |
295 | | - |
296 | | - if not access_level: |
297 | | - # The user has no direct access, check if he is part of the client |
298 | | - access_level = check_ua_case_client(user_id, cid) |
299 | | - if not access_level: |
300 | | - return None |
301 | | - ac_set_case_access_for_user(user_id, cid, access_level) |
302 | | - |
303 | | - return access_level |
304 | | - |
305 | | - if ac_flag_match_mask(access_level, CaseAccessLevel.deny_all.value): |
306 | | - return None |
307 | | - |
308 | | - for acl in expected_access_levels: |
309 | | - if ac_flag_match_mask(access_level, acl.value): |
310 | | - return access_level |
311 | | - |
312 | | - return None |
313 | | - |
314 | | - |
315 | 287 | def ac_recompute_effective_ac_from_users_list(users_list): |
316 | 288 | """ |
317 | 289 | Recompute all users effective access of users |
@@ -558,44 +530,15 @@ def ac_set_case_access_for_users(users, case_id, access_level): |
558 | 530 | user_id = user.get('id') |
559 | 531 | if user_id == iris_current_user.id: |
560 | 532 | logs = "It's done, but I excluded you from the list of users to update, Dave" |
561 | | - ac_set_case_access_for_user(user.get('id'), case_id, CaseAccessLevel.full_access.value) |
| 533 | + set_case_effective_access_for_user(user.get('id'), case_id, CaseAccessLevel.full_access.value) |
562 | 534 | continue |
563 | 535 |
|
564 | | - ac_set_case_access_for_user(user.get('id'), case_id, access_level) |
| 536 | + set_case_effective_access_for_user(user.get('id'), case_id, access_level) |
565 | 537 |
|
566 | 538 | db.session.commit() |
567 | 539 | return True, logs |
568 | 540 |
|
569 | 541 |
|
570 | | -def ac_set_case_access_for_user(user_id, case_id, access_level: int): |
571 | | - """ |
572 | | - Set a case access from a user |
573 | | - """ |
574 | | - |
575 | | - uac = UserCaseEffectiveAccess.query.where(and_( |
576 | | - UserCaseEffectiveAccess.user_id == user_id, |
577 | | - UserCaseEffectiveAccess.case_id == case_id |
578 | | - )).all() |
579 | | - |
580 | | - if len(uac) > 1: |
581 | | - logger.error(f'Multiple access found for user {user_id} and case {case_id}') |
582 | | - for u in uac: |
583 | | - db.session.delete(u) |
584 | | - db.session.commit() |
585 | | - |
586 | | - uac = UserCaseEffectiveAccess() |
587 | | - uac.user_id = user_id |
588 | | - uac.case_id = case_id |
589 | | - uac.access_level = access_level |
590 | | - db.session.add(uac) |
591 | | - |
592 | | - elif len(uac) == 1: |
593 | | - uac = uac[0] |
594 | | - uac.access_level = access_level |
595 | | - |
596 | | - db.session.commit() |
597 | | - |
598 | | - |
599 | 542 | def ac_get_fast_user_cases_access(user_id): |
600 | 543 | ucea = UserCaseEffectiveAccess.query.with_entities( |
601 | 544 | UserCaseEffectiveAccess.case_id |
|
0 commit comments