summaryrefslogtreecommitdiffstats
path: root/ogcp/views.py
diff options
context:
space:
mode:
authorJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-03 15:25:44 +0100
committerJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-10 13:06:18 +0100
commit695c19f86ec361db8b316358ac9a0609ecfb020f (patch)
treef809c608c1438c4c05161d6506846172c1f91f01 /ogcp/views.py
parenta5681a4b850b198107d025213c5c8d26cd5634d2 (diff)
Add scope permission support
ogCP limits which scopes can use each user. Configuration file stores allowed scopes by their names. Leave scope list empty to give a user permissions on all scopes.
Diffstat (limited to 'ogcp/views.py')
-rw-r--r--ogcp/views.py18
1 files changed, 15 insertions, 3 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index 31b97b0..fe8d465 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -145,9 +145,20 @@ def add_state_and_ips(scope, clients, ips):
scope['selected'] = set(scope['ip']).issubset(ips)
return scope['ip']
+def get_allowed_scopes(scopes, allowed_scopes):
+ for scope in scopes.get('scope'):
+ if scope.get('name') in current_user.scopes:
+ allowed_scopes.append(scope)
+ else:
+ get_allowed_scopes(scope, allowed_scopes)
+
def get_scopes(ips=set()):
r = g.server.get('/scopes')
scopes = r.json()
+ if current_user.scopes:
+ allowed_scopes = []
+ get_allowed_scopes(scopes, allowed_scopes)
+ scopes = {'scope': allowed_scopes}
r = g.server.get('/clients')
clients = r.json()
add_state_and_ips(scopes, clients['clients'], ips)
@@ -173,10 +184,11 @@ def get_user(username):
@login_manager.user_loader
def load_user(username):
- if not get_user(username):
+ user_dict = get_user(username)
+ if not user_dict:
return None
- user = User(username)
+ user = User(username, user_dict.get('SCOPES'))
return user
@app.before_request
@@ -218,7 +230,7 @@ def login():
user_dict = authenticate_user(form_user, pwd)
if not user_dict:
return render_template('auth/login.html', form=form)
- user = User(form_user)
+ user = User(form_user, user_dict.get('SCOPES'))
login_user(user)
return redirect(url_for('index'))
return render_template('auth/login.html', form=LoginForm())