summaryrefslogtreecommitdiffstats
path: root/ogcp/models.py
Commit message (Collapse)AuthorAgeFilesLines
* ogcp: add user permission mechanismAlejandro Sirgo Rica2024-06-271-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new user permission system to control the allowed operations accessible from each account. Add a permission matrix editable through the user/add and user/edit views. The permission matrix has client, center, room, folder, image and repository as permission targets and add, update and delete as permission types. Restrict each view based on the user permissions, hide all actions from not autheticated users. permissions defined in the class UserForm. Serialize each user permissions into ogcp.json as: { ... "USERS" [ { "USER": "admin" ... "PERMISSIONS": { "CLIENT": { "ADD": true, "UPDATE": true, "DELETE": true, }, ... <- same structure for "CENTER", "ROOM", "FOLDER", "IMAGE" and "REPOSITORY" } }, ... ], ... } Grant all the permissions to old user configuration to not disrupt their workflow. The administrator will need to assign the permissions for each user. Ignore scope and permission restrictions for admin users. Save permissions and scopes even if the user is admin to account for the case of a temporal admin promotion without losing the previous configuration. Use template inheritance for add_user.html and edit_user.html to prevent big code duplication with the new HTML code to render the permission matrix. Make user administration an admin only feature. Define methods get_permission and target_is_disabled to improve readability in template conditionals that disable features based on user permissions.
* Add user role administratorJavier Sánchez Parra2022-04-271-1/+2
| | | | | | | ogCP now have to types of users, regular and administrator users. ogCP configuration file defines users roles with the boolean field "ADMIN".
* Add scope permission supportJavier Sánchez Parra2021-12-101-1/+2
| | | | | | | ogCP limits which scopes can use each user. Configuration file stores allowed scopes by their names. Leave scope list empty to give a user permissions on all scopes.
* Add multi user supportJavier Sánchez Parra2021-12-081-2/+2
| | | | | It is inspired by the following example: https://github.com/maxcountryman/flask-login/blob/c760c0ef7ccc95d49b4693200245a4f2b148d41b/README.md#usage
* ogcp is AGPLv3+OpenGnSys Support Team2021-05-201-0/+7
| | | | Update license header in files.
* Add loginJose M. Guisado2021-03-051-0/+5
Ogcp requires a simple login page in order to avoid exposure of the ogServer API to anyone trying to access the web page. Because the main authorization mechanism in ogServer is the api token the login implemented for the ogcp does not include registration process but a single user and password specified in the ogcp.json. "USER": "user", "PASS": "pass" Adds two new views: /login and /logout. They are used to login the user so that the rest of views regarding ogServer functionality can be accessed in a "login required" fashion. Index view (/) is an exception, it can be accessed logged in or not so different data can be displayed. Templates can now access a variable "current_user" to get information about login status. This is a Flask-Login feature. - Templates regarding login can be found in templates/auth/ - Login form is defined in forms/auth.py to separate it from action_forms.py - Adds Flask-Login module to requirements.txt - Adds default user and pass in ogcp.json