diff options
author | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-14 12:16:29 +0200 |
---|---|---|
committer | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-14 15:26:25 +0200 |
commit | c26b96e0b005fdebf4be9adc209679b83a3c2608 (patch) | |
tree | 18ac095cb7452e2a376723e06a10f875151d1b8e | |
parent | 3fa3888b8487a80a0a0294c8b26caa71874cac6b (diff) |
ogcp: fix restricted user mode1.1.3-21
Match user enabled scopes as numerical id instead of the scope
name.
Rename get_available_scopes to get_center_choices and add only
center data. This function returns the list of values used to
validate the data returned by the form (form.scopes.choices).
Fix scope filtering to only allow the scopes stored in the user
configuration. The filtering removes the scopes of type 'center'
from the scopes dictionary when the center id is not present in
the list of available scopes for the logged user.
-rw-r--r-- | ogcp/views.py | 31 |
1 files changed, 13 insertions, 18 deletions
diff --git a/ogcp/views.py b/ogcp/views.py index 2f08c0f..af65ddf 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -219,12 +219,15 @@ def add_state_and_ips(scope, clients, ips): set(scope['ip']).issubset(ips)) return scope['ip'] -def get_allowed_scopes(scopes, allowed_scopes): +def remove_disabled_scopes(scopes): for scope in scopes.get('scope'): - if scope.get('name') in current_user.scopes or scope.get('type') == 'server': - allowed_scopes.append(scope) + if scope.get('type') == 'center': + if str(scope.get('id')) in current_user.scopes: + continue + + scopes.get('scope').remove(scope) else: - get_allowed_scopes(scope, allowed_scopes) + remove_disabled_scopes(scope) def multi_request(method, uri, payload=None): responses = [] @@ -305,9 +308,7 @@ def get_scopes(ips=set()): all_scopes = {'scope': list_scopes} all_scopes = sort_scopes(all_scopes) if current_user.scopes: - allowed_scopes = [] - get_allowed_scopes(all_scopes, allowed_scopes) - all_scopes = {'scope': allowed_scopes} + remove_disabled_scopes(all_scopes) clients = get_clients() add_state_and_ips(all_scopes, clients['clients'], ips) @@ -2640,23 +2641,17 @@ def get_available_centers(): available_centers = list() for resp in responses: centers = parse_scopes_from_tree(resp['json'], 'center') - centers = [(center['name'], center['name']) for center in centers] + centers = [(center['id'], center['name']) for center in centers] available_centers.extend(centers) return available_centers -def get_available_scopes(): +def get_center_choices(): responses = multi_request('get', '/scopes') available_scopes = list() for resp in responses: - servers = parse_scopes_from_tree(resp['json'], 'server') - servers = [(server['name'], server['name']) for server in servers] - available_scopes.extend(servers) centers = parse_scopes_from_tree(resp['json'], 'center') - centers = [(center['name'], center['name']) for center in centers] + centers = [(str(center['id']), center['name']) for center in centers] available_scopes.extend(centers) - rooms = parse_scopes_from_tree(resp['json'], 'room') - rooms = [(room['name'], room['name']) for room in rooms] - available_scopes.extend(rooms) return available_scopes @@ -2783,7 +2778,7 @@ def user_add_get(): @login_required def user_add_post(): form = UserForm(request.form) - form.scopes.choices = get_available_scopes() + form.scopes.choices = get_center_choices() if not form.validate(): flash(form.errors, category='error') return redirect(url_for('users')) @@ -2822,7 +2817,7 @@ def user_edit_get(): @login_required def user_edit_post(): form = UserForm(request.form) - form.scopes.choices = get_available_scopes() + form.scopes.choices = get_center_choices() if not form.validate(): flash(form.errors, category='error') return redirect(url_for('users')) |