diff options
| author | Javier Sánchez Parra <jsanchez@soleta.eu> | 2021-12-03 15:25:44 +0100 |
|---|---|---|
| committer | Javier Sánchez Parra <jsanchez@soleta.eu> | 2021-12-10 13:06:18 +0100 |
| commit | 695c19f86ec361db8b316358ac9a0609ecfb020f (patch) | |
| tree | f809c608c1438c4c05161d6506846172c1f91f01 /ogcp | |
| parent | a5681a4b850b198107d025213c5c8d26cd5634d2 (diff) | |
Add scope permission support
ogCP limits which scopes can use each user.
Configuration file stores allowed scopes by their names. Leave scope
list empty to give a user permissions on all scopes.
Diffstat (limited to 'ogcp')
| -rw-r--r-- | ogcp/cfg/ogcp.json | 8 | ||||
| -rw-r--r-- | ogcp/models.py | 3 | ||||
| -rw-r--r-- | ogcp/views.py | 18 |
3 files changed, 23 insertions, 6 deletions
diff --git a/ogcp/cfg/ogcp.json b/ogcp/cfg/ogcp.json index b5f3606..3f8a82c 100644 --- a/ogcp/cfg/ogcp.json +++ b/ogcp/cfg/ogcp.json @@ -5,11 +5,15 @@ "USERS": [ { "USER": "admin", - "PASS": "pass" + "PASS": "pass", + "SCOPES": [ ] }, { "USER": "user", - "PASS": "pass" + "PASS": "pass", + "SCOPES": [ + "Unidad Organizativa (Default)" + ] } ] } diff --git a/ogcp/models.py b/ogcp/models.py index 9ad40db..4b88a41 100644 --- a/ogcp/models.py +++ b/ogcp/models.py @@ -8,5 +8,6 @@ from flask_login import UserMixin class User(UserMixin): - def __init__(self, username): + def __init__(self, username, scopes): self.id = username + self.scopes = scopes diff --git a/ogcp/views.py b/ogcp/views.py index 31b97b0..fe8d465 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -145,9 +145,20 @@ def add_state_and_ips(scope, clients, ips): scope['selected'] = set(scope['ip']).issubset(ips) return scope['ip'] +def get_allowed_scopes(scopes, allowed_scopes): + for scope in scopes.get('scope'): + if scope.get('name') in current_user.scopes: + allowed_scopes.append(scope) + else: + get_allowed_scopes(scope, allowed_scopes) + def get_scopes(ips=set()): r = g.server.get('/scopes') scopes = r.json() + if current_user.scopes: + allowed_scopes = [] + get_allowed_scopes(scopes, allowed_scopes) + scopes = {'scope': allowed_scopes} r = g.server.get('/clients') clients = r.json() add_state_and_ips(scopes, clients['clients'], ips) @@ -173,10 +184,11 @@ def get_user(username): @login_manager.user_loader def load_user(username): - if not get_user(username): + user_dict = get_user(username) + if not user_dict: return None - user = User(username) + user = User(username, user_dict.get('SCOPES')) return user @app.before_request @@ -218,7 +230,7 @@ def login(): user_dict = authenticate_user(form_user, pwd) if not user_dict: return render_template('auth/login.html', form=form) - user = User(form_user) + user = User(form_user, user_dict.get('SCOPES')) login_user(user) return redirect(url_for('index')) return render_template('auth/login.html', form=LoginForm()) |