|
1 | 1 | import abc |
2 | 2 | from dataclasses import dataclass, field |
3 | 3 | from typing import List, Callable |
4 | | - |
5 | 4 | from azure.cosmos import PartitionKey |
| 5 | +from flask_restplus import abort |
6 | 6 | from flask_restplus._http import HTTPStatus |
7 | 7 |
|
8 | 8 | from commons.data_access_layer.cosmos_db import ( |
|
19 | 19 |
|
20 | 20 | from utils.extend_model import add_project_name_to_time_entries |
21 | 21 | from utils import worked_time |
22 | | -from utils.extend_model import create_in_condition |
| 22 | +from utils.extend_model import ( |
| 23 | + create_in_condition, |
| 24 | + create_custom_query_from_str, |
| 25 | +) |
23 | 26 |
|
24 | 27 | from time_tracker_api.projects.projects_model import ProjectCosmosDBModel |
25 | 28 | from time_tracker_api.projects import projects_model |
@@ -123,13 +126,12 @@ def find_all( |
123 | 126 | self, |
124 | 127 | event_context: EventContext, |
125 | 128 | conditions: dict = {}, |
| 129 | + custom_sql_conditions: List[str] = [], |
126 | 130 | date_range: dict = {}, |
127 | 131 | ): |
128 | | - custom_sql_conditions = [self.create_sql_date_range_filter(date_range)] |
129 | | - |
130 | | - if event_context.is_admin: |
131 | | - conditions.pop("owner_id") |
132 | | - # TODO should be removed when implementing a role-based permission module ↑ |
| 132 | + custom_sql_conditions.append( |
| 133 | + self.create_sql_date_range_filter(date_range) |
| 134 | + ) |
133 | 135 |
|
134 | 136 | custom_params = self.generate_params(date_range) |
135 | 137 | time_entries = CosmosDBRepository.find_all( |
@@ -297,10 +299,30 @@ def check_time_entry_is_not_started(self, data): |
297 | 299 | def get_all(self, conditions: dict = None, **kwargs) -> list: |
298 | 300 | event_ctx = self.create_event_context("read-many") |
299 | 301 | conditions.update({"owner_id": event_ctx.user_id}) |
300 | | - |
| 302 | + custom_query = [] |
| 303 | + if "user_id" in conditions: |
| 304 | + if event_ctx.is_admin: |
| 305 | + conditions.pop("owner_id") |
| 306 | + custom_query = ( |
| 307 | + [] |
| 308 | + if conditions.get("user_id") == "*" |
| 309 | + else [ |
| 310 | + create_custom_query_from_str( |
| 311 | + conditions.get("user_id"), "c.owner_id" |
| 312 | + ) |
| 313 | + ] |
| 314 | + ) |
| 315 | + conditions.pop("user_id") |
| 316 | + else: |
| 317 | + abort( |
| 318 | + HTTPStatus.FORBIDDEN, "You don't have enough permissions." |
| 319 | + ) |
301 | 320 | date_range = self.handle_date_filter_args(args=conditions) |
302 | 321 | return self.repository.find_all( |
303 | | - event_ctx, conditions=conditions, date_range=date_range |
| 322 | + event_ctx, |
| 323 | + conditions=conditions, |
| 324 | + custom_sql_conditions=custom_query, |
| 325 | + date_range=date_range, |
304 | 326 | ) |
305 | 327 |
|
306 | 328 | def get(self, id): |
|
0 commit comments