From c26b96e0b005fdebf4be9adc209679b83a3c2608 Mon Sep 17 00:00:00 2001 From: Alejandro Sirgo Rica Date: Fri, 14 Jun 2024 12:16:29 +0200 Subject: ogcp: fix restricted user mode Match user enabled scopes as numerical id instead of the scope name. Rename get_available_scopes to get_center_choices and add only center data. This function returns the list of values used to validate the data returned by the form (form.scopes.choices). Fix scope filtering to only allow the scopes stored in the user configuration. The filtering removes the scopes of type 'center' from the scopes dictionary when the center id is not present in the list of available scopes for the logged user. --- ogcp/views.py | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) (limited to 'ogcp') diff --git a/ogcp/views.py b/ogcp/views.py index 2f08c0f..af65ddf 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -219,12 +219,15 @@ def add_state_and_ips(scope, clients, ips): set(scope['ip']).issubset(ips)) return scope['ip'] -def get_allowed_scopes(scopes, allowed_scopes): +def remove_disabled_scopes(scopes): for scope in scopes.get('scope'): - if scope.get('name') in current_user.scopes or scope.get('type') == 'server': - allowed_scopes.append(scope) + if scope.get('type') == 'center': + if str(scope.get('id')) in current_user.scopes: + continue + + scopes.get('scope').remove(scope) else: - get_allowed_scopes(scope, allowed_scopes) + remove_disabled_scopes(scope) def multi_request(method, uri, payload=None): responses = [] @@ -305,9 +308,7 @@ def get_scopes(ips=set()): all_scopes = {'scope': list_scopes} all_scopes = sort_scopes(all_scopes) if current_user.scopes: - allowed_scopes = [] - get_allowed_scopes(all_scopes, allowed_scopes) - all_scopes = {'scope': allowed_scopes} + remove_disabled_scopes(all_scopes) clients = get_clients() add_state_and_ips(all_scopes, clients['clients'], ips) @@ -2640,23 +2641,17 @@ def get_available_centers(): available_centers = list() for resp in responses: centers = parse_scopes_from_tree(resp['json'], 'center') - centers = [(center['name'], center['name']) for center in centers] + centers = [(center['id'], center['name']) for center in centers] available_centers.extend(centers) return available_centers -def get_available_scopes(): +def get_center_choices(): responses = multi_request('get', '/scopes') available_scopes = list() for resp in responses: - servers = parse_scopes_from_tree(resp['json'], 'server') - servers = [(server['name'], server['name']) for server in servers] - available_scopes.extend(servers) centers = parse_scopes_from_tree(resp['json'], 'center') - centers = [(center['name'], center['name']) for center in centers] + centers = [(str(center['id']), center['name']) for center in centers] available_scopes.extend(centers) - rooms = parse_scopes_from_tree(resp['json'], 'room') - rooms = [(room['name'], room['name']) for room in rooms] - available_scopes.extend(rooms) return available_scopes @@ -2783,7 +2778,7 @@ def user_add_get(): @login_required def user_add_post(): form = UserForm(request.form) - form.scopes.choices = get_available_scopes() + form.scopes.choices = get_center_choices() if not form.validate(): flash(form.errors, category='error') return redirect(url_for('users')) @@ -2822,7 +2817,7 @@ def user_edit_get(): @login_required def user_edit_post(): form = UserForm(request.form) - form.scopes.choices = get_available_scopes() + form.scopes.choices = get_center_choices() if not form.validate(): flash(form.errors, category='error') return redirect(url_for('users')) -- cgit v1.2.3-18-g5258