Implement posibility to check single right

2025-06-07 22:39:03 +02:00
parent 7c515b8e8f
commit 48007734e5
6 changed files with 65 additions and 19 deletions
--- a/backend/app/models/event.py
+++ b/backend/app/models/event.py
@@ -138,6 +138,9 @@ class Event(mixin.RowId, EventBase, table=True):
        user: User,
        rights: PermissionRight | None = None,
    ) -> bool:
+        """
+        Check if all rights are present for the user
+        """
        return any(
            (
                link.user == user
@@ -147,6 +150,23 @@ class Event(mixin.RowId, EventBase, table=True):
            for link in self.user_links
        )

+    def user_has_right(
+        self,
+        user: User,
+        rights: PermissionRight | None = None,
+    ) -> bool:
+        """
+        Check if at least one right is present for the user
+        """
+        return any(
+            (
+                link.user == user
+                and link.rights
+                and (not rights or (link.rights & rights))
+            )
+            for link in self.user_links
+        )
+

 # Properties to return via API, id is always required
 class EventPublic(mixin.RowIdPublic, EventBase):
--- a/backend/app/models/user.py
+++ b/backend/app/models/user.py
@@ -207,12 +207,15 @@ class User(mixin.RowId, UserBase, table=True):

        return self

-    def has_permission(
+    def has_permissions(
        self,
        module: PermissionModule,
        part: PermissionPart,
        rights: PermissionRight | None = None,
    ) -> bool:
+        """
+        Check if all rights are present for the user for the given permission
+        """
        return any(
            any(
                (
@@ -227,6 +230,29 @@ class User(mixin.RowId, UserBase, table=True):
            for role in self.roles
        )

+    def has_permission(
+        self,
+        module: PermissionModule,
+        part: PermissionPart,
+        rights: PermissionRight | None = None,
+    ) -> bool:
+        """
+        Check if at least one right is present for the user for the given permission
+        """
+        return any(
+            any(
+                (
+                    link.permission.module == module
+                    and link.permission.part == part
+                    and link.permission.is_active
+                    and (not rights or (link.rights & rights))
+                )
+                for link in role.permission_links
+                if role.is_active
+            )
+            for role in self.roles
+        )
+

 # Properties to return via API, id is always required
 class UserPublic(mixin.RowIdPublic, UserBase):