- Add 'Partner Admin' role to actual functionality in eveai_app

2025-04-15 17:12:46 +02:00
parent 3eed546879
commit 5f58417d24
12 changed files with 281 additions and 135 deletions
--- a/common/utils/eveai_exceptions.py
+++ b/common/utils/eveai_exceptions.py
@@ -154,3 +154,35 @@ class EveAIRoleAssignmentException(EveAIException):
    def __init__(self, message, status_code=403, payload=None):
        super().__init__(message, status_code, payload)

+
+class EveAINoManagementPartnerService(EveAIException):
+    """Exception raised when the operation requires the logged in partner (or selected parter by Super User)
+    does not have a MANAGEMENT_SERVICE"""
+
+    def __init__(self, message="No Management Service defined for partner", status_code=403, payload=None):
+        super().__init__(message, status_code, payload)
+
+
+class EveAINoSessionTenant(EveAIException):
+    """Exception raised when no session tenant is set"""
+
+    def __init__(self, message="No Session Tenant selected. Cannot perform requested action.", status_code=403,
+                 payload=None):
+        super().__init__(message, status_code, payload)
+
+
+class EveAINoSessionPartner(EveAIException):
+    """Exception raised when no session partner is set"""
+
+    def __init__(self, message="No Session Partner selected. Cannot perform requested action.", status_code=403,
+                 payload=None):
+        super().__init__(message, status_code, payload)
+
+
+class EveAINoManagementPartnerForTenant(EveAIException):
+    """Exception raised when the selected partner is no management partner for tenant"""
+
+    def __init__(self, message="No Management Partner for Tenant", status_code=403, payload=None):
+        super().__init__(message, status_code, payload)
+
+
--- a/common/utils/middleware.py
+++ b/common/utils/middleware.py
@@ -5,9 +5,10 @@ for handling tenant requests

 from flask_security import current_user
 from flask import session, current_app, redirect
-from common.utils.nginx_utils import prefixed_url_for
-
 from .database import Database
+from .eveai_exceptions import EveAINoSessionTenant, EveAINoSessionPartner, EveAINoManagementPartnerService, \
+    EveAINoManagementPartnerForTenant
+from ..services.tenant_service import TenantService


 def mw_before_request():
@@ -17,17 +18,27 @@ def mw_before_request():
    """

    if 'tenant' not in session:
-        current_app.logger.warning('No tenant defined in session')
-        return redirect(prefixed_url_for('security_bp.login'))
+        raise EveAINoSessionTenant()

    tenant_id = session['tenant']['id']
    if not tenant_id:
-        raise Exception('Cannot switch schema for tenant: no tenant defined in session')
+        raise EveAINoSessionTenant()

-    # user = User.query.get(current_user.id)
-    if current_user.has_role('Super User') or current_user.tenant_id == tenant_id:
-        Database(tenant_id).switch_schema()
-    else:
-        raise Exception(f'Cannot switch schema for tenant {tenant_id}: user {current_user.email} does not have access')
+    switch_allowed = False
+    if current_user.has_role('Super User'):
+        switch_allowed = True
+    if current_user.has_role('Tenant Admin') and current_user.tenant_id == tenant_id:
+        switch_allowed = True
+    if current_user.has_role('Partner Admin'):
+        if 'partner' not in session:
+            raise EveAINoSessionPartner()
+        management_service = next((service for service in session['partner']['services']
+                                   if service.get('type') == 'MANAGEMENT_SERVICE'), None)
+        if not management_service:
+            raise EveAINoManagementPartnerService()
+        if not TenantService.can_user_edit_tenant(tenant_id):
+            raise EveAINoManagementPartnerForTenant()
+
+    Database(tenant_id).switch_schema()