summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-14 12:16:29 +0200
committerAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-14 15:26:25 +0200
commitc26b96e0b005fdebf4be9adc209679b83a3c2608 (patch)
tree18ac095cb7452e2a376723e06a10f875151d1b8e
parent3fa3888b8487a80a0a0294c8b26caa71874cac6b (diff)
ogcp: fix restricted user mode1.1.3-21
Match user enabled scopes as numerical id instead of the scope name. Rename get_available_scopes to get_center_choices and add only center data. This function returns the list of values used to validate the data returned by the form (form.scopes.choices). Fix scope filtering to only allow the scopes stored in the user configuration. The filtering removes the scopes of type 'center' from the scopes dictionary when the center id is not present in the list of available scopes for the logged user.
-rw-r--r--ogcp/views.py31
1 files changed, 13 insertions, 18 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index 2f08c0f..af65ddf 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -219,12 +219,15 @@ def add_state_and_ips(scope, clients, ips):
set(scope['ip']).issubset(ips))
return scope['ip']
-def get_allowed_scopes(scopes, allowed_scopes):
+def remove_disabled_scopes(scopes):
for scope in scopes.get('scope'):
- if scope.get('name') in current_user.scopes or scope.get('type') == 'server':
- allowed_scopes.append(scope)
+ if scope.get('type') == 'center':
+ if str(scope.get('id')) in current_user.scopes:
+ continue
+
+ scopes.get('scope').remove(scope)
else:
- get_allowed_scopes(scope, allowed_scopes)
+ remove_disabled_scopes(scope)
def multi_request(method, uri, payload=None):
responses = []
@@ -305,9 +308,7 @@ def get_scopes(ips=set()):
all_scopes = {'scope': list_scopes}
all_scopes = sort_scopes(all_scopes)
if current_user.scopes:
- allowed_scopes = []
- get_allowed_scopes(all_scopes, allowed_scopes)
- all_scopes = {'scope': allowed_scopes}
+ remove_disabled_scopes(all_scopes)
clients = get_clients()
add_state_and_ips(all_scopes, clients['clients'], ips)
@@ -2640,23 +2641,17 @@ def get_available_centers():
available_centers = list()
for resp in responses:
centers = parse_scopes_from_tree(resp['json'], 'center')
- centers = [(center['name'], center['name']) for center in centers]
+ centers = [(center['id'], center['name']) for center in centers]
available_centers.extend(centers)
return available_centers
-def get_available_scopes():
+def get_center_choices():
responses = multi_request('get', '/scopes')
available_scopes = list()
for resp in responses:
- servers = parse_scopes_from_tree(resp['json'], 'server')
- servers = [(server['name'], server['name']) for server in servers]
- available_scopes.extend(servers)
centers = parse_scopes_from_tree(resp['json'], 'center')
- centers = [(center['name'], center['name']) for center in centers]
+ centers = [(str(center['id']), center['name']) for center in centers]
available_scopes.extend(centers)
- rooms = parse_scopes_from_tree(resp['json'], 'room')
- rooms = [(room['name'], room['name']) for room in rooms]
- available_scopes.extend(rooms)
return available_scopes
@@ -2783,7 +2778,7 @@ def user_add_get():
@login_required
def user_add_post():
form = UserForm(request.form)
- form.scopes.choices = get_available_scopes()
+ form.scopes.choices = get_center_choices()
if not form.validate():
flash(form.errors, category='error')
return redirect(url_for('users'))
@@ -2822,7 +2817,7 @@ def user_edit_get():
@login_required
def user_edit_post():
form = UserForm(request.form)
- form.scopes.choices = get_available_scopes()
+ form.scopes.choices = get_center_choices()
if not form.validate():
flash(form.errors, category='error')
return redirect(url_for('users'))