care.security.authorization.base module

exception PermissionDeniedError

Bases: Exception

class AuthorizationHandler

Bases: object

Base class for Authorization Handlers.

Handlers must define a list of actions that can be performed and implement the corresponding can_<action>() or get_<query>() methods that perform the authorization logic.

All authorization methods use the signature (user, obj, **kwargs). obj refers to the target object for which permission is being evaluated. It may also be a string or any other type as long as the logic accounts for it.

Notes: * Actions (can_ prefixed) return booleans. * Queries (get_ prefixed) return querysets or collections.

actions = []

queries = []

check_permission_in_organization(permissions, user, orgs=None)

check_permission_in_facility_organization(permissions, user, orgs=None, facility=None, root=None)

get_role_from_permissions(permissions)

class AuthorizationController

Bases: object

Someone please write this because i honestly forgot what this does

override_authz_controllers: list[AuthorizationHandler] = []

internal_authz_controllers: list[AuthorizationHandler] = [<class 'care.security.authorization.account.AccountAccess'>, <class 'care.security.authorization.activity_definition.ActivityDefinitionAccess'>, <class 'care.security.authorization.booking.BookingAccess'>, <class 'care.security.authorization.charge_item.ChargeItemAccess'>, <class 'care.security.authorization.charge_item_definition.ChargeItemDefinitionAccess'>, <class 'care.security.authorization.device.DeviceAccess'>, <class 'care.security.authorization.encounter.EncounterAccess'>, <class 'care.security.authorization.facility.FacilityAccess'>, <class 'care.security.authorization.facility_location.FacilityLocationAccess'>, <class 'care.security.authorization.facilityorganization.FacilityOrganizationAccess'>, <class 'care.security.authorization.healthcare_service.HealthcareServiceAccess'>, <class 'care.security.authorization.inventory_item.InventoryItemAccess'>, <class 'care.security.authorization.invoice.InvoiceAccess'>, <class 'care.security.authorization.medication.MedicationAccess'>, <class 'care.security.authorization.observation_definition.ObservationDefinitionAccess'>, <class 'care.security.authorization.organization.OrganizationAccess'>, <class 'care.security.authorization.patient.PatientAccess'>, <class 'care.security.authorization.patient_identifier_config.PatientIdentifierConfigAccess'>, <class 'care.security.authorization.payment_reconciliation.PaymentReconciliationAccess'>, <class 'care.security.authorization.product.ProductAccess'>, <class 'care.security.authorization.product_knowledge.ProductKnowledgeAccess'>, <class 'care.security.authorization.questionnaire.QuestionnaireAccess'>, <class 'care.security.authorization.resource_category.ResourceCategoryAccess'>, <class 'care.security.authorization.scheduling.ScheduleAccess'>, <class 'care.security.authorization.service_request.ServiceRequestAccess'>, <class 'care.security.authorization.specimen_definition.SpecimenDefinitionAccess'>, <class 'care.security.authorization.supply_delivery.SupplyDeliveryAccess'>, <class 'care.security.authorization.supply_request.SupplyRequestAccess'>, <class 'care.security.authorization.tag_config.TagConfigAccess'>, <class 'care.security.authorization.token.TokenCategoryAccess'>, <class 'care.security.authorization.token.TokenAccess'>, <class 'care.security.authorization.user.UserAccess'>]

cache = {'actions': {}, 'queries': {}}

classmethod build_cache()

classmethod call(item, *args, **kwargs)

classmethod register_internal_controller(controller)