summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-03 15:25:44 +0100
committerJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-10 13:06:18 +0100
commit695c19f86ec361db8b316358ac9a0609ecfb020f (patch)
treef809c608c1438c4c05161d6506846172c1f91f01
parenta5681a4b850b198107d025213c5c8d26cd5634d2 (diff)
Add scope permission support
ogCP limits which scopes can use each user. Configuration file stores allowed scopes by their names. Leave scope list empty to give a user permissions on all scopes.
-rw-r--r--ogcp/cfg/ogcp.json8
-rw-r--r--ogcp/models.py3
-rw-r--r--ogcp/views.py18
3 files changed, 23 insertions, 6 deletions
diff --git a/ogcp/cfg/ogcp.json b/ogcp/cfg/ogcp.json
index b5f3606..3f8a82c 100644
--- a/ogcp/cfg/ogcp.json
+++ b/ogcp/cfg/ogcp.json
@@ -5,11 +5,15 @@
"USERS": [
{
"USER": "admin",
- "PASS": "pass"
+ "PASS": "pass",
+ "SCOPES": [ ]
},
{
"USER": "user",
- "PASS": "pass"
+ "PASS": "pass",
+ "SCOPES": [
+ "Unidad Organizativa (Default)"
+ ]
}
]
}
diff --git a/ogcp/models.py b/ogcp/models.py
index 9ad40db..4b88a41 100644
--- a/ogcp/models.py
+++ b/ogcp/models.py
@@ -8,5 +8,6 @@
from flask_login import UserMixin
class User(UserMixin):
- def __init__(self, username):
+ def __init__(self, username, scopes):
self.id = username
+ self.scopes = scopes
diff --git a/ogcp/views.py b/ogcp/views.py
index 31b97b0..fe8d465 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -145,9 +145,20 @@ def add_state_and_ips(scope, clients, ips):
scope['selected'] = set(scope['ip']).issubset(ips)
return scope['ip']
+def get_allowed_scopes(scopes, allowed_scopes):
+ for scope in scopes.get('scope'):
+ if scope.get('name') in current_user.scopes:
+ allowed_scopes.append(scope)
+ else:
+ get_allowed_scopes(scope, allowed_scopes)
+
def get_scopes(ips=set()):
r = g.server.get('/scopes')
scopes = r.json()
+ if current_user.scopes:
+ allowed_scopes = []
+ get_allowed_scopes(scopes, allowed_scopes)
+ scopes = {'scope': allowed_scopes}
r = g.server.get('/clients')
clients = r.json()
add_state_and_ips(scopes, clients['clients'], ips)
@@ -173,10 +184,11 @@ def get_user(username):
@login_manager.user_loader
def load_user(username):
- if not get_user(username):
+ user_dict = get_user(username)
+ if not user_dict:
return None
- user = User(username)
+ user = User(username, user_dict.get('SCOPES'))
return user
@app.before_request
@@ -218,7 +230,7 @@ def login():
user_dict = authenticate_user(form_user, pwd)
if not user_dict:
return render_template('auth/login.html', form=form)
- user = User(form_user)
+ user = User(form_user, user_dict.get('SCOPES'))
login_user(user)
return redirect(url_for('index'))
return render_template('auth/login.html', form=LoginForm())