Untitled

class User(UserMixin, SurrogatePK, Model):
    """A user of the app."""

    __tablename__ = 'users'
    username = Column(db.String(80), unique=True, nullable=False)
    first_name = Column(db.String(80))
    last_name = Column(db.String(80))
    mobile_number = Column(db.String(80))
    created_on = Column(db.DateTime, default=dt.datetime.now())
    last_update = Column(db.DateTime, onupdate=dt.datetime.now())
    is_deleted = Column(db.Boolean, default=False)
    email_verified = Column(db.Boolean, default=False)
    email = Column(db.String(80), unique=True, nullable=False)
    #: The hashed password
    password = Column(db.Binary(128), nullable=True)
    roles = relationship("Role",
                         secondary=rel_users_roles,
                         backref="users")


    def __init__(self, password=None, **kwargs):
        """Create instance."""
        db.Model.__init__(self, **kwargs)
        if password:
            self.set_password(password)
        else:
            self.password = None

        # internal flag
        self.permission_types = []

    def traverse_up_tree_from_node(self, starting_node):
        for role in starting_node.roles:
            for user in role.users:
                if user == self and role.name in self.permission_types:
                    print(user, 'has permission')
                    return True
        if starting_node.parent:
            self.traverse_up_tree_from_node(starting_node.parent)
        else:
            return False

    @property
    def can(self):
        self.permission_types = []
        return self

    @property
    def view(self):
        self.permission_types = ['READ', 'READ-WRITE', 'ADMIN']
        return self

    @property
    def modify(self):
        self.permission_types = ['READ-WRITE', 'ADMIN']
        return self

    @property
    def delete(self):
        self.permission_types = ['ADMIN']
        return self

    def user_id(self, _user_id):
        """If a user has no roles for any scope they are 'free-floating' users
        and anyone should be able to edit them or view them. If a user has at least
        one role then we can look at all of their roles and check to see that we have
        permission in at least one of those roles to do the requested action."""
        user = self.query.filter_by(_user_id).first()
        roles_with_permission = []
        for role in user.roles:
            if self.traverse_up_tree_from_node(role.scope):
                roles_with_permission.append(role.scope)
        return True if roles_with_permission else False

    def role_id(self, _role_id):
        """Start with the role to be modified, and use the attached scope as
        the starting scope for determining permission to modify the role."""
        role = Role.query.filter_by(id=_role_id).first()
        return self.traverse_up_tree_from_node(role.scope)

    def scope_id(self, _scope_id):
        """Start with the scope to be read/modified/deleted and go up the tree
        looking for permissions on the target scope or any parent."""
        scope = Scope.query.filter_by(id=_scope_id).first()
        return self.traverse_up_tree_from_node(scope)

    def category_id(self, _category_id):
        """The approach here is to find every scope that is being used by the
        category in question. The user would have to have the right permission
        on every scope attached to the category in orer to modify/read/delete
        the category."""
        category = Category.query.filter_by(id=_category_id).first()
        scopes_with_permission = []
        for scope in category.scopes:
            if self.traverse_up_tree_from_node(scope):
                scopes_with_permission.append(scope)
        return len(scopes_with_permission == len(category.scopes))