diff options
author | Javier Sánchez Parra <jsanchez@soleta.eu> | 2021-12-03 15:25:44 +0100 |
---|---|---|
committer | Javier Sánchez Parra <jsanchez@soleta.eu> | 2021-12-10 13:06:18 +0100 |
commit | 695c19f86ec361db8b316358ac9a0609ecfb020f (patch) | |
tree | f809c608c1438c4c05161d6506846172c1f91f01 /ogcp/views.py | |
parent | a5681a4b850b198107d025213c5c8d26cd5634d2 (diff) |
Add scope permission support
ogCP limits which scopes can use each user.
Configuration file stores allowed scopes by their names. Leave scope
list empty to give a user permissions on all scopes.
Diffstat (limited to 'ogcp/views.py')
-rw-r--r-- | ogcp/views.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/ogcp/views.py b/ogcp/views.py index 31b97b0..fe8d465 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -145,9 +145,20 @@ def add_state_and_ips(scope, clients, ips): scope['selected'] = set(scope['ip']).issubset(ips) return scope['ip'] +def get_allowed_scopes(scopes, allowed_scopes): + for scope in scopes.get('scope'): + if scope.get('name') in current_user.scopes: + allowed_scopes.append(scope) + else: + get_allowed_scopes(scope, allowed_scopes) + def get_scopes(ips=set()): r = g.server.get('/scopes') scopes = r.json() + if current_user.scopes: + allowed_scopes = [] + get_allowed_scopes(scopes, allowed_scopes) + scopes = {'scope': allowed_scopes} r = g.server.get('/clients') clients = r.json() add_state_and_ips(scopes, clients['clients'], ips) @@ -173,10 +184,11 @@ def get_user(username): @login_manager.user_loader def load_user(username): - if not get_user(username): + user_dict = get_user(username) + if not user_dict: return None - user = User(username) + user = User(username, user_dict.get('SCOPES')) return user @app.before_request @@ -218,7 +230,7 @@ def login(): user_dict = authenticate_user(form_user, pwd) if not user_dict: return render_template('auth/login.html', form=form) - user = User(form_user) + user = User(form_user, user_dict.get('SCOPES')) login_user(user) return redirect(url_for('index')) return render_template('auth/login.html', form=LoginForm()) |