in backend/services/project_search_service.py [0:0]
def filter_by_user_permission(query, user, permission: str):
"""Filter projects a user can map or validate, based on their permissions."""
if user and user.role != UserRole.ADMIN.value:
if permission == "validation_permission":
permission_class = ValidationPermission
team_roles = [
TeamRoles.VALIDATOR.value,
TeamRoles.PROJECT_MANAGER.value,
]
else:
permission_class = MappingPermission
team_roles = [
TeamRoles.MAPPER.value,
TeamRoles.VALIDATOR.value,
TeamRoles.PROJECT_MANAGER.value,
]
selection = []
# get ids of projects assigned to the user's teams
[
[
selection.append(team_project.project_id)
for team_project in user_team.team.projects
if team_project.project_id not in selection
and team_project.role in team_roles
]
for user_team in user.teams
]
if user.mapping_level == MappingLevel.BEGINNER.value:
# if user is beginner, get only projects with ANY or TEAMS mapping permission
# in the later case, only those that are associated with user teams
query = query.filter(
or_(
and_(
Project.id.in_(selection),
getattr(Project, permission)
== permission_class.TEAMS.value,
),
getattr(Project, permission) == permission_class.ANY.value,
)
)
else:
# if user is intermediate or advanced, get projects with ANY or LEVEL permission
# and projects associated with user teams
query = query.filter(
or_(
Project.id.in_(selection),
getattr(Project, permission).in_(
[
permission_class.ANY.value,
permission_class.LEVEL.value,
]
),
)
)
return query