providers/*: use PolicyAccessMixin to simplify

passbook/policies/mixins.py

@@ -0,0 +1,56 @@
+"""passbook access helper classes"""
+from typing import Optional
+
+from django.contrib import messages
+from django.http import HttpRequest
+from django.utils.translation import gettext as _
+from structlog import get_logger
+
+from passbook.core.models import Application, Provider, User
+from passbook.policies.engine import PolicyEngine
+from passbook.policies.types import PolicyResult
+
+LOGGER = get_logger()
+
+
+class BaseMixin:
+    """Base Mixin class, used to annotate View Member variables"""
+
+    request: HttpRequest
+
+
+class PolicyAccessMixin(BaseMixin):
+    """Mixin class for usage in Authorization views.
+    Provider functions to check application access, etc"""
+
+    def provider_to_application(self, provider: Provider) -> Application:
+        """Lookup application assigned to provider, throw error if no application assigned"""
+        try:
+            return provider.application
+        except Application.DoesNotExist as exc:
+            messages.error(
+                self.request,
+                _(
+                    'Provider "%(name)s" has no application assigned'
+                    % {"name": provider}
+                ),
+            )
+            raise exc
+
+    def user_has_access(
+        self, application: Application, user: Optional[User] = None
+    ) -> PolicyResult:
+        """Check if user has access to application."""
+        user = user or self.request.user
+        policy_engine = PolicyEngine(
+            application, user or self.request.user, self.request
+        )
+        policy_engine.build()
+        result = policy_engine.result
+        LOGGER.debug(
+            "AccessMixin user_has_access", user=user, app=application, result=result,
+        )
+        if not result.passing:
+            for message in result.messages:
+                messages.error(self.request, _(message))
+        return result