tracker/api/functions/auth_functions.py at update-cloudbuild · simrit1/tracker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
def is_super_admin(user_roles):
    """
    :param user_roles: users roles
    :return: Returns true or false based on if this user is the given role
    """
    for role in user_roles:
        if role["permission"] == "super_admin":
            return True
    return False


def is_admin(user_roles, org_id):
    """
    :param user_roles: dict of user roles
    :param org_id: Org id used to validate claims
    :return: Returns true or false based on if this user is the given role
    """
    admin_perms = ["super_admin", "admin"]
    for role in user_roles:
        if (role["org_id"] == org_id and role["permission"] in admin_perms) or role[
            "permission"
        ] == "super_admin":
            return True
    return False


def is_user_write(user_roles, org_id):
    """
    :param user_roles: dict of user roles
    :param org_id: Org id used to validate claims
    :return: Returns true or false based on if this user is the given role
    """
    user_write_perms = ["super_admin", "admin", "user_write"]
    for role in user_roles:
        if (
            role["org_id"] == org_id and role["permission"] in user_write_perms
        ) or role["permission"] == "super_admin":
            return True
    return False


def is_user_read(user_roles, org_id):
    """
    :param user_roles: dict of user roles
    :param org_id: Org id used to validate claims
    :return: Returns true or false based on if this user is the given role
    """
    user_read_perms = ["super_admin", "admin", "user_write", "user_read"]
    for role in user_roles:
        if (role["org_id"] == org_id and role["permission"] in user_read_perms) or role[
            "permission"
        ] == "super_admin":
            return True
    return False