Skip to content

onconova.core.auth.permissions

BasePermission

Bases: BasePermission

Base permission class providing common permission evaluation logic.

check_user_object_permission(user, controller, obj)

Checks whether the given user has permission to access or perform actions on the specified object.

Parameters:

Name Type Description Default

user

User

The user whose permissions are being checked.

 required

controller

Any

The controller or context in which the permission is being checked.

 required

obj

object

The object for which permission is being evaluated.

 required

Returns:

Type Description
bool

True if the user has permission for the object, False otherwise.

Raises:

Type Description
NotImplementedError

If the method is not implemented by a subclass.
Source code in onconova/core/auth/permissions.py 
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
def check_user_object_permission(self, user: User, controller: Any, obj: object) -> bool:
    """
    Checks whether the given user has permission to access or perform actions on the specified object.

    Args:
        user (User): The user whose permissions are being checked.
        controller (Any): The controller or context in which the permission is being checked.
        obj (object): The object for which permission is being evaluated.

    Returns:
        (bool): True if the user has permission for the object, False otherwise.

    Raises:
        NotImplementedError: If the method is not implemented by a subclass.
    """
    raise NotImplementedError(
        "Subclasses must implement check_user_object_permission."
    )

check_user_permission(user)

Checks whether the given user has the required permission.

Parameters:

Name Type Description Default

user

User

The user object whose permissions are to be checked.

 required

Returns:

Type Description
bool

True if the user has the required permission, False otherwise.

Raises:

Type Description
NotImplementedError

If the method is not implemented by a subclass.
Source code in onconova/core/auth/permissions.py 
17
18
19
20
21
22
23
24
25
26
27
28
29
30
def check_user_permission(self, user: User) -> bool:
    """
    Checks whether the given user has the required permission.

    Args:
        user (User): The user object whose permissions are to be checked.

    Returns:
        (bool): True if the user has the required permission, False otherwise.

    Raises:
        NotImplementedError: If the method is not implemented by a subclass.
    """
    raise NotImplementedError("Subclasses must implement check_user_permission.")

has_object_permission(request, controller, obj)

Determines whether the requesting user has permission to access a specific object.

Parameters:

Name Type Description Default

request

HttpRequest

The HTTP request containing the user information.

 required

controller

Any

The controller handling the request (usage may vary).

 required

obj

object

The object for which permission is being checked.

 required

Returns:

Type Description
bool

True if the user is a superuser, a system admin, or passes the custom object permission check; False otherwise.
Source code in onconova/core/auth/permissions.py 
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
def has_object_permission(self, request: HttpRequest, controller: Any, obj: object) -> bool:
    """
    Determines whether the requesting user has permission to access a specific object.

    Args:
        request (HttpRequest): The HTTP request containing the user information.
        controller (Any): The controller handling the request (usage may vary).
        obj (object): The object for which permission is being checked.

    Returns:
        (bool): True if the user is a superuser, a system admin, or passes the custom object permission check;
              False otherwise.
    """
    user = request.user
    return user.is_superuser or (
        not isinstance(user, AnonymousUser)
        and (
            user.is_system_admin
            or self.check_user_object_permission(user, controller, obj)
        )
    )

has_permission(request, controller)

Determines whether the requesting user has permission to access the controller.

Parameters:

Name Type Description Default

request

HttpRequest

The HTTP request containing the user information.

 required

controller

Any

The controller or view being accessed.

 required

Returns:

Type Description
bool

True if the user is a superuser, a system admin, or passes the custom user permission check; False otherwise.
Source code in onconova/core/auth/permissions.py 
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
def has_permission(self, request: HttpRequest, controller: Any) -> bool:
    """
    Determines whether the requesting user has permission to access the controller.

    Args:
        request (HttpRequest): The HTTP request containing the user information.
        controller (Any): The controller or view being accessed.

    Returns:
        (bool): True if the user is a superuser, a system admin, or passes the custom user permission check; False otherwise.
    """
    user = request.user
    return user.is_superuser or (
        not isinstance(user, AnonymousUser)
        and (user.is_system_admin or self.check_user_permission(user))
    )

CanDeleteCohorts

Bases: BasePermission

Permission to delete cohorts.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
232
233
def check_user_permission(self, user: User) -> bool:
    return user.can_delete_cohorts

CanDeleteDatasets

Bases: BasePermission

Permission to delete datasets.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
239
240
def check_user_permission(self, user: User) -> bool:
    return user.can_delete_datasets

CanDeleteProjects

Bases: BasePermission

Permission to delete projects.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
225
226
def check_user_permission(self, user: User) -> bool:
    return user.can_delete_projects

CanExportData

Bases: BasePermission

Permission to export data.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
218
219
def check_user_permission(self, user: User) -> bool:
    return user.can_export_data

CanManageCases

Bases: BasePermission

Permission to manage cases.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
131
132
def check_user_permission(self, user: User) -> bool:
    return user.can_manage_cases

CanManageCohorts

Bases: BasePermission

Permission to manage cohorts.

check_user_object_permission(user, _, cohort)

Source code in onconova/core/auth/permissions.py 
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
def check_user_object_permission(self, user, _, cohort: Cohort):
    # Elevated roles can manage any project
    if user.role in (
        User.AccessRoles.PLATFORM_MANAGER,
        User.AccessRoles.SYSTEM_ADMIN,
    ):
        return True
    elif user.role in (
        User.AccessRoles.PROJECT_MANAGER,
        User.AccessRoles.MEMBER,
    ):
        # Project managers can only manage their own project
        return cohort.project.is_member(user)
    else:
        return False

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
138
139
140
141
142
def check_user_permission(self, user: User) -> bool:
    return user.access_level > 2 or (
        user.access_level > 0
        and Project.objects.filter(Q(members=user) | Q(leader=user)).exists()
    )

CanManageDatasets

Bases: BasePermission

Permission to manage datasets.

check_user_object_permission(user, _, dataset)

Source code in onconova/core/auth/permissions.py 
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
def check_user_object_permission(self, user, _, dataset: Dataset):
    # Elevated roles can manage any project
    if user.role in (
        User.AccessRoles.PLATFORM_MANAGER,
        User.AccessRoles.SYSTEM_ADMIN,
    ):
        return True
    elif user.role in (
        User.AccessRoles.PROJECT_MANAGER,
        User.AccessRoles.MEMBER,
    ):
        # Project managers can only manage their own project
        return dataset.project.is_member(user)
    else:
        return False

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
184
185
186
187
188
def check_user_permission(self, user: User) -> bool:
    return user.access_level > 2 or (
        user.access_level > 0
        and Project.objects.filter(Q(members=user) | Q(leader=user)).exists()
    )

CanManageProjects

Bases: BasePermission

Permission to manage projects.

check_user_object_permission(user, _, project)

Source code in onconova/core/auth/permissions.py 
167
168
169
170
171
172
173
174
175
176
177
178
def check_user_object_permission(self, user, _, project: Project):
    # Elevated roles can manage any project
    if user.role in (
        User.AccessRoles.PLATFORM_MANAGER,
        User.AccessRoles.SYSTEM_ADMIN,
    ):
        return True
    elif user.role == User.AccessRoles.PROJECT_MANAGER:
        # Project managers can only manage their own project
        return user == project.leader
    else:
        return False

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
164
165
def check_user_permission(self, user: User) -> bool:
    return user.can_manage_projects

CanManageUsers

Bases: BasePermission

Permission to manage users.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
210
211
def check_user_permission(self, user: User) -> bool:
    return user.can_manage_users

CanViewCases

Bases: BasePermission

Permission to view cases.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
102
103
def check_user_permission(self, user: User) -> bool:
    return user.can_view_cases

CanViewCohorts

Bases: BasePermission

Permission to view cohorts.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
109
110
def check_user_permission(self, user: User) -> bool:
    return user.can_view_cohorts

CanViewDatasets

Bases: BasePermission

Permission to view datasets.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
116
117
def check_user_permission(self, user: User) -> bool:
    return user.can_view_datasets

CanViewProjects

Bases: BasePermission

Permission to view projects.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
123
124
def check_user_permission(self, user: User) -> bool:
    return user.can_view_projects

CanViewUsers

Bases: BasePermission

Permission to view user accounts.

check_user_permission(user)

Source code in onconova/core/auth/permissions.py 
95
96
def check_user_permission(self, user: User) -> bool:
    return user.can_view_users

IsRequestingUser

Bases: BasePermission

Permission that grants access only if the user making the request matches the userId parameter in the URL route.

has_permission(request, controller)

Check if the authenticated user's ID matches the userId in the route.

Parameters:

Name Type Description Default

request

HttpRequest

Incoming HTTP request.

 required

controller

Any

The view/controller handling the request.

 required

Returns:

Type Description
bool

Whether permission is granted.
Source code in onconova/core/auth/permissions.py 
249
250
251
252
253
254
255
256
257
258
259
260
261
262
def has_permission(self, request: HttpRequest, controller: Any) -> bool:
    """
    Check if the authenticated user's ID matches the `userId` in the route.

    Args:
        request (HttpRequest): Incoming HTTP request.
        controller (Any): The view/controller handling the request.

    Returns:
        (bool): Whether permission is granted.
    """
    controller.context.compute_route_parameters()
    user_id = controller.context.kwargs.get("userId")
    return str(request.user.id) == str(user_id)
runner