Skip to content

Commit

Permalink
Merge branch 'master' into repo-tools/upgrade-python-requirements-995…
Browse files Browse the repository at this point in the history
…002f
  • Loading branch information
macdiesel authored Aug 12, 2024
2 parents 7d58c1d + fc2a076 commit f63312a
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ Unreleased
----------
* nothing unreleased

[4.23.4]
---------
* refactor: added logs for data dog inspection for permission check in handler function.

[4.23.3]
---------
* fix: add missing migration for content_filter help text
Expand Down
2 changes: 1 addition & 1 deletion enterprise/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
Your project description goes here.
"""

__version__ = "4.23.3"
__version__ = "4.23.4"
23 changes: 22 additions & 1 deletion enterprise/api/v1/decorators.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@

from rest_framework.exceptions import PermissionDenied, ValidationError

from enterprise.logging import getEnterpriseLogger

LOGGER = getEnterpriseLogger(__name__)


def require_at_least_one_query_parameter(*query_parameter_names):
"""
Expand Down Expand Up @@ -57,14 +61,31 @@ def _wrapped_view(request, *args, **kwargs):
user = request.user
pk = fn(request, **kwargs) if fn else kwargs.get('pk')

LOGGER.info(
f"[User_Permissions_Check] Checking permissions for user {user.username}, "
f"permission: {permission}, "
f"group: {group_name}, "
f"pk: {pk}"
)

if pk:
has_permission = user.has_perm(permission, pk)
else:
has_permission = user.has_perm(permission)

if has_permission or user.groups.filter(name=group_name).exists():
LOGGER.info(f"[User_Permissions_Check] User {user.username} has permission: {has_permission}")

is_in_group = user.groups.filter(name=group_name).exists()
LOGGER.info(f"[User_Permissions_Check] User {user.username} is in group {group_name}: {is_in_group}")

if has_permission or is_in_group:
return view_func(request, *args, **kwargs)

LOGGER.error(
f"[User_Permissions_Check] Access denied for user {user.username} to {view_func.__name__}. "
f"Method: {request.method}, "
f"URL: {request.get_full_path()}"
)
raise PermissionDenied(
"Access denied: Only admins and provisioning admins are allowed to access this endpoint.")

Expand Down

0 comments on commit f63312a

Please sign in to comment.