update pek
This commit is contained in:
parent
c56da4f51c
commit
766122bd13
2 changed files with 28 additions and 13 deletions
|
|
@ -64,7 +64,8 @@ class RealEstateAccess:
|
||||||
|
|
||||||
def canModify(self, model_class: type, recordId: Optional[str] = None) -> bool:
|
def canModify(self, model_class: type, recordId: Optional[str] = None) -> bool:
|
||||||
"""Checks if the current user can modify records."""
|
"""Checks if the current user can modify records."""
|
||||||
if self.privilege == UserPrivilege.SYSADMIN:
|
# System admins can modify all records
|
||||||
|
if "sysadmin" in self.roleLabels:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if recordId is not None:
|
if recordId is not None:
|
||||||
|
|
@ -74,9 +75,11 @@ class RealEstateAccess:
|
||||||
|
|
||||||
record = records[0]
|
record = records[0]
|
||||||
|
|
||||||
if self.privilege == UserPrivilege.ADMIN and record.get("mandateId", "-") == self.mandateId:
|
# Admins can modify records in their mandate
|
||||||
|
if "admin" in self.roleLabels and record.get("mandateId", "-") == self.mandateId:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
# Regular users can modify their own records
|
||||||
if (record.get("mandateId", "-") == self.mandateId and
|
if (record.get("mandateId", "-") == self.mandateId and
|
||||||
record.get("_createdBy") == self.userId):
|
record.get("_createdBy") == self.userId):
|
||||||
return True
|
return True
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ Handles CRUD operations on Real Estate entities (Projekt, Parzelle, etc.).
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
from typing import Dict, Any, List, Optional
|
from typing import Dict, Any, List, Optional, Union
|
||||||
from modules.datamodels.datamodelRealEstate import (
|
from modules.datamodels.datamodelRealEstate import (
|
||||||
Projekt,
|
Projekt,
|
||||||
Parzelle,
|
Parzelle,
|
||||||
|
|
@ -157,21 +157,33 @@ class RealEstateObjects:
|
||||||
|
|
||||||
return [Projekt(**r) for r in filtered]
|
return [Projekt(**r) for r in filtered]
|
||||||
|
|
||||||
def updateProjekt(self, projektId: str, updateData: Dict[str, Any]) -> Optional[Projekt]:
|
def updateProjekt(self, projektId_or_projekt: Union[str, Projekt], updateData: Optional[Dict[str, Any]] = None) -> Optional[Projekt]:
|
||||||
"""Update a project."""
|
"""Update a project.
|
||||||
projekt = self.getProjekt(projektId)
|
|
||||||
if not projekt:
|
Args:
|
||||||
return None
|
projektId_or_projekt: Either a project ID (str) or a Projekt object
|
||||||
|
updateData: Optional dict of fields to update (only used when projektId_or_projekt is a string)
|
||||||
|
"""
|
||||||
|
# Handle both Projekt object and projektId string
|
||||||
|
if isinstance(projektId_or_projekt, Projekt):
|
||||||
|
projekt = projektId_or_projekt
|
||||||
|
projektId = projekt.id
|
||||||
|
else:
|
||||||
|
projektId = projektId_or_projekt
|
||||||
|
projekt = self.getProjekt(projektId)
|
||||||
|
if not projekt:
|
||||||
|
return None
|
||||||
|
|
||||||
|
# Update fields from updateData if provided
|
||||||
|
if updateData:
|
||||||
|
for key, value in updateData.items():
|
||||||
|
if hasattr(projekt, key):
|
||||||
|
setattr(projekt, key, value)
|
||||||
|
|
||||||
# Check if user can modify
|
# Check if user can modify
|
||||||
if not self.access.canModify(Projekt, projektId):
|
if not self.access.canModify(Projekt, projektId):
|
||||||
raise PermissionError(f"User {self.userId} cannot modify project {projektId}")
|
raise PermissionError(f"User {self.userId} cannot modify project {projektId}")
|
||||||
|
|
||||||
# Update fields
|
|
||||||
for key, value in updateData.items():
|
|
||||||
if hasattr(projekt, key):
|
|
||||||
setattr(projekt, key, value)
|
|
||||||
|
|
||||||
# Save to database
|
# Save to database
|
||||||
self.db.recordModify(Projekt, projektId, projekt.model_dump())
|
self.db.recordModify(Projekt, projektId, projekt.model_dump())
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue