agency.security =============== .. py:module:: agency.security Functions --------- .. autoapisummary:: agency.security.get_roles_setting agency.security.get_current_role agency.security.has_permission agency.security.has_model_permission agency.security.has_permission_all agency.security.has_permission_agency agency.security.has_permission_agency_membership agency.security.has_permission_person agency.security.has_permission_agency_collection agency.security.has_permission_agency_move agency.security.has_permission_agency_membership_move_within_agency agency.security.has_permission_agency_membership_move_within_person agency.security.has_permission_agency_mutation_ticket agency.security.has_permission_person_mutation_ticket agency.security.has_permission_ticket_collection Module Contents --------------- .. py:function:: get_roles_setting() -> dict[str, set[type[onegov.core.security.roles.Intent]]] .. py:function:: get_current_role(session: sqlalchemy.orm.Session, identity: morepath.authentication.Identity | morepath.authentication.NoIdentity) -> str | None Returns the current role of the identity. Elevates the role from member to editor if any group role mapping with editor role is present. .. py:function:: has_permission(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: object, permission: object) -> bool Global permission with elevated roles. .. py:function:: has_model_permission(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: object, permission: object) -> bool Specific model permission with elevated roles for this model. .. py:function:: has_permission_all(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: object, permission: object) -> bool .. py:function:: has_permission_agency(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.people.Agency, permission: object) -> bool .. py:function:: has_permission_agency_membership(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.people.AgencyMembership, permission: object) -> bool .. py:function:: has_permission_person(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.people.Person, permission: object) -> bool .. py:function:: has_permission_agency_collection(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.people.AgencyCollection, permission: object) -> bool .. py:function:: has_permission_agency_move(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.agency.models.AgencyMove, permission: object) -> bool .. py:function:: has_permission_agency_membership_move_within_agency(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.agency.models.AgencyMembershipMoveWithinAgency, permission: object) -> bool .. py:function:: has_permission_agency_membership_move_within_person(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.agency.models.AgencyMembershipMoveWithinPerson, permission: object) -> bool .. py:function:: has_permission_agency_mutation_ticket(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.agency.models.ticket.AgencyMutationTicket, permission: object) -> bool .. py:function:: has_permission_person_mutation_ticket(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.agency.models.ticket.PersonMutationTicket, permission: object) -> bool .. py:function:: has_permission_ticket_collection(app: onegov.agency.AgencyApp, identity: morepath.authentication.Identity, model: onegov.ticket.collection.TicketCollection | onegov.ticket.collection.ArchivedTicketCollection, permission: object) -> bool