Skip to content
Snippets Groups Projects
Commit 83c461b9 authored by Bjarke Madsen's avatar Bjarke Madsen
Browse files

be explicit

parent 8052422e
No related branches found
No related tags found
1 merge request!76Comp 282 add observer role
Hide whitespace changes
Inline Side-by-side
compendium_v2/routes/response.py
+ 9
3
View file @ 83c461b9
...@@ -91,13 +91,19 @@ def check_access_nren_read(user: User, nren: str) -> bool: ...@@ -91,13 +91,19 @@ def check_access_nren_read(user: User, nren: str) -> bool:
def check_access_nren_write(user: User, nren: str) -> bool: def check_access_nren_write(user: User, nren: str) -> bool:
if not check_access_nren_read(user, nren): if not check_access_nren_read(user, nren):
# if you can't read it, you definitely shouldn't write to it
return False return False
if user.is_observer: if user.is_observer:
# observers can't edit their own nrens either! # observers can't edit their own nrens either!
return False return False
# admins can edit all nrens if user.is_admin:
# users can edit their own nrens # admins can edit all nrens
return True return True
if nren == user.nren:
# users can edit for the nren they are assigned to
return True
return False
@routes.route('/try/<int:year>', methods=['GET']) @routes.route('/try/<int:year>', methods=['GET'])
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment