Coverage for postrfp/buyer/api/buyer_authoriser.py: 100%

19 statements  

« prev     ^ index     » next       coverage.py v7.11.0, created at 2025-10-22 21:34 +0000

1from .authorise import check 

2 

3from typing import TYPE_CHECKING, Any 

4from postrfp.shared.types import PermString 

5from postrfp.model import Project, Issue 

6 

7if TYPE_CHECKING: 

8 from sqlalchemy.orm import Session 

9 from postrfp.model.humans import User 

10 

11 

12def authoriser( 

13 method: str, path_info: str, permission: PermString, context: dict[str, Any] 

14) -> None: 

15 user: "User" = context["user"] 

16 session: "Session" = context["session"] 

17 multiproject = context.get("multiproject", False) 

18 section_id = context.get("section_id") 

19 target_user = context.get("target_user") 

20 target_org = context.get("target_org") 

21 deny_restricted = context.get("deny_restricted", False) 

22 

23 project = None 

24 if context.get("project_id"): 

25 project = session.get_one(Project, context["project_id"]) 

26 issue = None 

27 if context.get("issue_id"): 

28 issue = session.get_one(Issue, context["issue_id"]) 

29 

30 check( 

31 user=user, 

32 action=permission, 

33 project=project, 

34 issue=issue, 

35 multiproject=multiproject, 

36 section_id=section_id, 

37 target_user=target_user, 

38 target_org=target_org, 

39 deny_restricted=deny_restricted, 

40 )