summaryrefslogtreecommitdiffstats
path: root/ogcp
diff options
context:
space:
mode:
authorJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-03 15:25:44 +0100
committerJavier Sánchez Parra <jsanchez@soleta.eu>2021-12-10 13:06:18 +0100
commit695c19f86ec361db8b316358ac9a0609ecfb020f (patch)
treef809c608c1438c4c05161d6506846172c1f91f01 /ogcp
parenta5681a4b850b198107d025213c5c8d26cd5634d2 (diff)
Add scope permission support
ogCP limits which scopes can use each user. Configuration file stores allowed scopes by their names. Leave scope list empty to give a user permissions on all scopes.
Diffstat (limited to 'ogcp')
-rw-r--r--ogcp/cfg/ogcp.json8
-rw-r--r--ogcp/models.py3
-rw-r--r--ogcp/views.py18
3 files changed, 23 insertions, 6 deletions
diff --git a/ogcp/cfg/ogcp.json b/ogcp/cfg/ogcp.json
index b5f3606..3f8a82c 100644
--- a/ogcp/cfg/ogcp.json
+++ b/ogcp/cfg/ogcp.json
@@ -5,11 +5,15 @@
"USERS": [
{
"USER": "admin",
- "PASS": "pass"
+ "PASS": "pass",
+ "SCOPES": [ ]
},
{
"USER": "user",
- "PASS": "pass"
+ "PASS": "pass",
+ "SCOPES": [
+ "Unidad Organizativa (Default)"
+ ]
}
]
}
diff --git a/ogcp/models.py b/ogcp/models.py
index 9ad40db..4b88a41 100644
--- a/ogcp/models.py
+++ b/ogcp/models.py
@@ -8,5 +8,6 @@
from flask_login import UserMixin
class User(UserMixin):
- def __init__(self, username):
+ def __init__(self, username, scopes):
self.id = username
+ self.scopes = scopes
diff --git a/ogcp/views.py b/ogcp/views.py
index 31b97b0..fe8d465 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -145,9 +145,20 @@ def add_state_and_ips(scope, clients, ips):
scope['selected'] = set(scope['ip']).issubset(ips)
return scope['ip']
+def get_allowed_scopes(scopes, allowed_scopes):
+ for scope in scopes.get('scope'):
+ if scope.get('name') in current_user.scopes:
+ allowed_scopes.append(scope)
+ else:
+ get_allowed_scopes(scope, allowed_scopes)
+
def get_scopes(ips=set()):
r = g.server.get('/scopes')
scopes = r.json()
+ if current_user.scopes:
+ allowed_scopes = []
+ get_allowed_scopes(scopes, allowed_scopes)
+ scopes = {'scope': allowed_scopes}
r = g.server.get('/clients')
clients = r.json()
add_state_and_ips(scopes, clients['clients'], ips)
@@ -173,10 +184,11 @@ def get_user(username):
@login_manager.user_loader
def load_user(username):
- if not get_user(username):
+ user_dict = get_user(username)
+ if not user_dict:
return None
- user = User(username)
+ user = User(username, user_dict.get('SCOPES'))
return user
@app.before_request
@@ -218,7 +230,7 @@ def login():
user_dict = authenticate_user(form_user, pwd)
if not user_dict:
return render_template('auth/login.html', form=form)
- user = User(form_user)
+ user = User(form_user, user_dict.get('SCOPES'))
login_user(user)
return redirect(url_for('index'))
return render_template('auth/login.html', form=LoginForm())