38 lines
1.4 KiB
Python
38 lines
1.4 KiB
Python
from __future__ import annotations
|
|
|
|
from sqladmin import ModelView
|
|
|
|
from app.security.permissions import request_has_permission, table_permission_code
|
|
|
|
|
|
class SecureModelView(ModelView):
|
|
def _table_name(self) -> str:
|
|
return getattr(self.model, "__tablename__", self.identity)
|
|
|
|
def _table_permission(self, action: str) -> str:
|
|
return table_permission_code(self._table_name(), action)
|
|
|
|
def is_accessible(self, request) -> bool: # type: ignore[override]
|
|
return request_has_permission(request, self._table_permission("read"))
|
|
|
|
def is_create_allowed(self, request) -> bool: # type: ignore[override]
|
|
return request_has_permission(request, self._table_permission("write"))
|
|
|
|
def is_edit_allowed(self, request) -> bool: # type: ignore[override]
|
|
return request_has_permission(request, self._table_permission("write"))
|
|
|
|
def is_delete_allowed(self, request) -> bool: # type: ignore[override]
|
|
return request_has_permission(request, self._table_permission("write"))
|
|
|
|
def has_action_permission(self, request, action_name: str) -> bool:
|
|
code = self.get_action_permission_code(action_name)
|
|
if not code:
|
|
return True
|
|
return request_has_permission(request, code)
|
|
|
|
def get_action_permission_code(self, action_name: str) -> str | None:
|
|
return None
|
|
|
|
def has_permission_code(self, request, code: str) -> bool:
|
|
return request_has_permission(request, code)
|