Files refactor to include repositories logic

gateway/api/access_policies/programs.py

@@ -0,0 +1,78 @@
+"""
+Access policies implementation for Program access
+"""
+import logging
+
+from api.models import Program
+
+
+logger = logging.getLogger("gateway")
+
+
+class ProgramAccessPolicy:
+    """
+    The main objective of this class is to manage the access for the user
+    to the Program entities.
+    """
+
+    @staticmethod
+    def can_view(user, user_view_groups, function: Program) -> bool:
+        """
+        Checks if the user has view access to a Function:
+            - If it's the author it will always have access
+            - a view group is in the Program.instances
+
+        Args:
+            user: Django user from the request
+            user_view_groups: view groups from a user
+            function: Program instance against to check the access
+
+        Returns:
+            bool: True or False in case the user has access
+        """
+
+        if function.author.id == user.id:
+            return True
+
+        instances = function.instances.all()
+        has_access = any(group in instances for group in user_view_groups)
+        # the message must be different if the function has a provider or not
+        if not has_access:
+            logger.warning(
+                "User [%s] has no access to function [%s/%s].",
+                user.id,
+                function.provider.name,
+                function.title,
+            )
+        return has_access
+
+    @staticmethod
+    def can_run(user, user_run_groups, function: Program) -> bool:
+        """
+        Checks if the user has run access to a Function:
+            - If it's the author it will always have access
+            - a run group is in the Program.instances
+
+        Args:
+            user: Django user from the request
+            user_run_groups: run groups from a user
+            function: Program instance against to check the access
+
+        Returns:
+            bool: True or False in case the user has access
+        """
+
+        if function.author.id == user.id:
+            return True
+
+        instances = function.instances.all()
+        has_access = any(group in instances for group in user_run_groups)
+        # the message must be different if the function has a provider or not
+        if not has_access:
+            logger.warning(
+                "User [%s] has no access to function [%s/%s].",
+                user.id,
+                function.provider.name,
+                function.title,
+            )
+        return has_access

gateway/api/access_policies/providers.py

@@ -0,0 +1,38 @@
+"""
+Access policies implementation for Provider access
+"""
+import logging
+
+from api.models import Provider
+
+
+logger = logging.getLogger("gateway")
+
+
+class ProviderAccessPolicy:  # pylint: disable=too-few-public-methods
+    """
+    The main objective of this class is to manage the access for the user
+    to the Provider entities.
+    """
+
+    @staticmethod
+    def can_access(user, provider: Provider) -> bool:
+        """
+        Checks if the user has access to a Provider:
+
+        Args:
+            user: Django user from the request
+            provider: Provider instance against to check the access
+
+        Returns:
+            bool: True or False in case the user has access
+        """
+
+        user_groups = user.groups.all()
+        admin_groups = provider.admin_groups.all()
+        has_access = any(group in admin_groups for group in user_groups)
+        if not has_access:
+            logger.warning(
+                "User [%s] has no access to provider [%s].", user.id, provider.name
+            )
+        return has_access

gateway/api/repositories/groups.py

@@ -0,0 +1,51 @@
+"""
+Repository implementation for Groups model
+"""
+
+from typing import List
+from django.contrib.auth.models import Group, Permission
+from django.db.models import Q
+
+from api.models import RUN_PROGRAM_PERMISSION, VIEW_PROGRAM_PERMISSION
+
+
+class GroupRepository:
+    """
+    The main objective of this class is to manage the access to the model
+    """
+
+    def get_groups_with_view_permissions_from_user(self, user) -> List[Group]:
+        """
+        Returns all the groups with view permissions available to the user.
+
+        Args:
+            user: Django user from the request
+
+        Returns:
+            List[Group]: all the groups available to the user
+        """
+
+        view_program_permission = Permission.objects.get(
+            codename=VIEW_PROGRAM_PERMISSION
+        )
+        user_criteria = Q(user=user)
+        view_permission_criteria = Q(permissions=view_program_permission)
+
+        return Group.objects.filter(user_criteria & view_permission_criteria)
+
+    def get_groups_with_run_permissions_from_user(self, user) -> List[Group]:
+        """
+        Returns all the groups with run permissions available to the user.
+
+        Args:
+            user: Django user from the request
+
+        Returns:
+            List[Group]: all the groups available to the user
+        """
+
+        run_program_permission = Permission.objects.get(codename=RUN_PROGRAM_PERMISSION)
+        user_criteria = Q(user=user)
+        run_permission_criteria = Q(permissions=run_program_permission)
+
+        return Group.objects.filter(user_criteria & run_permission_criteria)