From f2948a7b64d14c2c79e5d260db630c5a320c34e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Tue, 5 Apr 2022 01:52:58 +0000 Subject: [PATCH] check device approval elsewhere --- api/kiwi_vpn_api/db/user.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/api/kiwi_vpn_api/db/user.py b/api/kiwi_vpn_api/db/user.py index 2f2c50d..ccc4d5e 100644 --- a/api/kiwi_vpn_api/db/user.py +++ b/api/kiwi_vpn_api/db/user.py @@ -282,22 +282,24 @@ class User(UserBase, table=True): # deny be default return False - def can_issue(self, device: Device) -> bool: + @property + def can_issue(self) -> bool: """ Check if this user can issue a certificate without approval. """ return ( - device.approved in (None, False) - and (self.is_admin or self.has_tag(TagValue.issue)) + self.is_admin + or self.has_tag(TagValue.issue) ) - def can_renew(self, device: Device) -> bool: + @property + def can_renew(self) -> bool: """ Check if this user can renew a certificate without approval. """ return ( - device.approved is True - and (self.is_admin or self.has_tag(TagValue.renew)) + self.is_admin + or self.has_tag(TagValue.renew) )