Commit d8a298a8 authored by HERBERT Ryan's avatar HERBERT Ryan

VidjilAuth Add save permission

Added a save permission and methods to check permission to determine if
a user can save an analysis for a patient, run or sample_set
parent 43e9c6bb
......@@ -9,6 +9,7 @@ class PermissionEnum(Enum):
upload = 'upload'
create = 'create'
run = 'run'
save = 'save'
admin_config = 'admin'
read_config = 'read'
create_config = 'create'
......@@ -404,6 +405,42 @@ class VidjilAuth(Auth):
'''
return self.get_permission(PermissionEnum.anon.value, 'patient', patient_id, user)
def can_save_patient(self, patient_id, user = None):
'''
Returns True if the user can save an analysis for the given patient
If the user is None, the current user is taken into account
'''
return self.get_permission(PermissionEnum.save.value, 'patient', patient_id, user)\
or self.is_admin(user)
def can_save_run(self, run_id, user = None):
'''
Returns True if the user can save an analysis for the given run
If the user is None, the current user is taken into account
'''
return self.get_permission(PermissionEnum.save.value, 'run', run_id, user)\
or self.is_admin(user)
def can_save_sample_set(self, sample_set_id, user = None) :
sample_set = db.sample_set[sample_set_id]
perm = self.get_permission(PermissionEnum.save.value, 'sample_set', sample_set_id, user)\
or self.is_admin(user)
if (sample_set.sample_type == "patient") :
for row in db( db.patient.sample_set_id == sample_set_id ).select() :
if self.can_save_patient(row.id, user):
perm = True;
if (sample_set.sample_type == "run") :
for row in db( db.run.sample_set_id == sample_set_id ).select() :
if self.can_save_run(row.id, user):
perm = True;
return perm
def get_group_parent(self, group_id):
parent_group_list = db(
(db.group_assoc.second_group_id == group_id)
......
......@@ -113,11 +113,13 @@ class VidjilauthModel(unittest.TestCase):
db.auth_permission.insert(name=PermissionEnum.admin.value, table_name='sample_set', group_id=group_ter, record_id=0)
db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=group_ter, record_id=0)
db.auth_permission.insert(name=PermissionEnum.save.value, table_name='run', group_id=group_ter, record_id=0)
db.auth_permission.insert(name=PermissionEnum.access.value, table_name='patient', group_id=group_ter, record_id=admin_patient_id)
db.auth_permission.insert(name=PermissionEnum.admin.value, table_name='sample_set', group_id=group_sec, record_id=0)
db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=group_sec, record_id=0)
db.auth_permission.insert(name=PermissionEnum.run.value, table_name='sample_set', group_id=group_sec, record_id=0)
db.auth_permission.insert(name=PermissionEnum.save.value, table_name='sample_set', group_id=group_sec, record_id=0)
db.auth_permission.insert(name=PermissionEnum.upload.value, table_name='sample_set', group_id=group_sec, record_id=0)
db.auth_permission.insert(name=PermissionEnum.read.value, table_name='sample_set', group_id=fake_group_id, record_id=0)
......@@ -352,6 +354,39 @@ class VidjilauthModel(unittest.TestCase):
self.assertTrue(result,
"User %d is a member of admin group and is missing permissions to view sample_set %d" % (user_id, fake_sample_set_id))
def testCanSavePatient(self):
result = auth.can_save_patient(fake_patient_id)
self.assertFalse(result, "User %d should not have permission to save patient %d" % (auth.user_id, fake_patient_id))
result = auth.can_save_patient(fake_patient_id, user_id_sec)
self.assertTrue(result, "User %d should be able to save patient %d" % (user_id_sec, fake_patient_id))
result = auth.can_save_patient(fake_patient_id, user_id)
self.assertTrue(result,
"User %d is a member of admin group and is missing permissions to save patient %d" % (user_id, fake_patient_id))
def testCanSaveRun(self):
result = auth.can_save_run(fake_run_id)
self.assertFalse(result, "User %d should not have permission to save run %d" % (auth.user_id, fake_run_id))
result = auth.can_save_run(fake_run_id, user_id_sec)
self.assertTrue(result, "User %d should be able to save run %d" % (user_id_sec, fake_run_id))
result = auth.can_save_run(fake_run_id, user_id)
self.assertTrue(result,
"User %d is a member of admin group and is missing permissions to save run %d" % (user_id, fake_run_id))
def testCanSaveSampleSet(self):
result = auth.can_save_sample_set(fake_sample_set_id)
self.assertFalse(result, "User %d should not have permission to save sample_set %d" % (auth.user_id, fake_sample_set_id))
result = auth.can_save_sample_set(fake_sample_set_id, user_id_sec)
self.assertTrue(result, "User %d should be able to save sample_set %d" % (user_id_sec, fake_sample_set_id))
result = auth.can_save_sample_set(fake_sample_set_id, user_id)
self.assertTrue(result,
"User %d is a member of admin group and is missing permissions to save sample_set %d" % (user_id, fake_sample_set_id))
def testCanViewPatientInfo(self):
result = auth.can_view_patient_info(patient_id_sec, auth.user_id)
self.assertFalse(result, "User %d should not have permission anon for patient %d" % (auth.user_id, patient_id_sec))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment