- Introduction of Partner Admin role in combination with 'Management Partner' type.

2025-04-09 09:40:59 +02:00
parent c2c3b01b28
commit f43e79376c
17 changed files with 368 additions and 111 deletions
--- a/common/services/user_service.py
+++ b/common/services/user_service.py
@@ -0,0 +1,44 @@
+from flask import session
+
+from common.models.user import Partner, Role
+
+# common/services/user_service.py
+from common.utils.eveai_exceptions import EveAIRoleAssignmentException
+from common.utils.security_utils import current_user_has_role, all_user_roles
+
+
+class UserService:
+    @staticmethod
+    def get_assignable_roles():
+        """Retrieves roles that can be assigned to a user depending on the current user logged in,
+        and the active tenant for the session"""
+        current_tenant_id = session.get('tenant').get('id', None)
+        effective_role_names = []
+        if current_tenant_id:
+            if current_user_has_role("Super User"):
+                if current_tenant_id == 1:
+                    effective_role_names.append("Super User")
+                if session.get('partner'):
+                    effective_role_names.append("Partner Admin")
+                effective_role_names.append("Tenant Admin")
+            if current_user_has_role("Tenant Admin"):
+                effective_role_names.append("Tenant Admin")
+            if current_user_has_role("Partner Admin"):
+                effective_role_names.append("Tenant Admin")
+                if session.get('partner'):
+                    if session.get('partner').get('tenant_id') == current_tenant_id:
+                        effective_role_names.append("Partner Admin")
+            effective_role_names = list(set(effective_role_names))
+            effective_roles = [(role.id, role.name) for role in
+                               Role.query.filter(Role.name.in_(effective_role_names)).all()]
+            return effective_roles
+        else:
+            return []
+
+    @staticmethod
+    def validate_role_assignments(role_ids):
+        """Validate a set of role assignments, raising exception for first invalid role"""
+        assignable_roles = UserService.get_assignable_roles()
+        assignable_role_ids = {role[0] for role in assignable_roles}
+        role_id_set = set(role_ids)
+        return role_id_set.issubset(assignable_role_ids)