From 43b683b234bb5388932ac56ee4dcb9daf9ae6cab Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Wed, 13 Feb 2019 14:08:10 -0600
Subject: [PATCH] Add decorator for LV-EM only access

---
 gracedb/ligoauth/decorators.py                | 23 +++++++++++++++++++
 .../manage_password.html                      |  0
 2 files changed, 23 insertions(+)
 rename gracedb/templates/{profile => ligoauth}/manage_password.html (100%)

diff --git a/gracedb/ligoauth/decorators.py b/gracedb/ligoauth/decorators.py
index 4767589c9..bd6fe23cf 100644
--- a/gracedb/ligoauth/decorators.py
+++ b/gracedb/ligoauth/decorators.py
@@ -25,3 +25,26 @@ def internal_user_required(function=None, raise_exception=True, **kwargs):
     if function:
         return actual_decorator(function)
     return actual_decorator
+
+
+def lvem_observers_only(function=None, login_url=None, superuser_allowed=False,
+    raise_exception=True):
+    """Allow access only to non-LVC LV-EM observers"""
+
+    def check_groups(user):
+        in_lvem_obs = user.groups.filter(
+            name=settings.LVEM_OBSERVERS_GROUP).exists()
+        in_lvc = user.groups.filter(name=settings.LVC_GROUP).exists()
+
+        if ((in_lvem_obs and not in_lvc) or
+            (superuser_allowed and user.is_superuser)):
+            return True
+
+        if raise_exception:
+            raise PermissionDenied
+        return False
+
+    actual_decorator = user_passes_test(check_groups, login_url=login_url)
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
diff --git a/gracedb/templates/profile/manage_password.html b/gracedb/templates/ligoauth/manage_password.html
similarity index 100%
rename from gracedb/templates/profile/manage_password.html
rename to gracedb/templates/ligoauth/manage_password.html
-- 
GitLab