Skip to content
Permalink
Browse files

Use capabilities for access restriction

  • Loading branch information...
ibot3 committed Sep 10, 2019
1 parent 37c187a commit 933afda65c595cdea0798cdc87bca3694054c9c6
Showing with 40 additions and 7 deletions.
  1. +27 −0 sipa/blueprints/usersuite.py
  2. +12 −6 sipa/model/pycroft/user.py
  3. +1 −1 sipa/templates/usersuite/_index_status.html
@@ -28,6 +28,11 @@
bp_usersuite = Blueprint('usersuite', __name__, url_prefix='/usersuite')


def capability_or_403(active_property, capability):
if not getattr(getattr(current_user, active_property).capabilities, capability):
abort(403)


@bp_usersuite.route("/", methods=['GET', 'POST'])
@login_required
def index():
@@ -222,6 +227,8 @@ def change_password():
def change_mail():
"""Frontend page to change the user's mail address"""

capability_or_403('mail', 'edit')

form = ChangeMailForm()

if form.validate_on_submit():
@@ -252,6 +259,9 @@ def delete_mail():
"""Resets the users forwarding mail attribute
in his LDAP entry.
"""

capability_or_403('mail', 'delete')

form = DeleteMailForm()

if form.validate_on_submit():
@@ -280,6 +290,9 @@ def delete_mail():
def change_mac():
"""As user, change the MAC address of your device.
"""

capability_or_403('mac', 'edit')

form = ChangeMACForm()

if form.validate_on_submit():
@@ -318,6 +331,9 @@ def change_mac():
def activate_network_access():
"""As user, activate your network access
"""

capability_or_403('network_access_active', 'edit')

form = ActivateNetworkAccessForm()

if form.validate_on_submit():
@@ -355,6 +371,9 @@ def activate_network_access():
def change_use_cache():
"""As user, change your usage of the cache.
"""

capability_or_403('use_cache', 'edit')

form = ChangeUseCacheForm()

if form.validate_on_submit():
@@ -421,6 +440,9 @@ def terminate_membership():
As member, cancel your membership to a given date
:return:
"""

capability_or_403('membership_end_date', 'edit')

form = TerminateMembershipForm()

if form.validate_on_submit():
@@ -450,6 +472,8 @@ def terminate_membership_confirm():
:return:
"""

capability_or_403('membership_end_date', 'edit')

end_date = request.args.get("end_date", None, lambda x: datetime.strptime(x, '%Y-%m-%d').date())

form = TerminateMembershipConfirmForm()
@@ -501,6 +525,9 @@ def continue_membership():
Cancel termination of membership
:return:
"""

capability_or_403('membership_end_date', 'edit')

form = ContinueMembershipForm()

if form.validate_on_submit():
@@ -102,7 +102,7 @@ def ips(self):
@connection_dependent
def mac(self):
return {'value': ", ".join(i.mac for i in self.user_data.interfaces),
'tmp_readonly': len(self.user_data.interfaces) != 1}
'tmp_readonly': len(self.user_data.interfaces) != 1 or not self.has_property('network_access')}

# Empty setter for "edit" capability
@mac.setter
@@ -127,7 +127,7 @@ def change_mac_address(self, new_mac, host_name):
def network_access_active(self):
return {'value': (gettext("Aktiviert") if len(self.user_data.interfaces) > 0
else gettext("Nicht aktiviert")),
'tmp_readonly': len(self.user_data.interfaces) > 0}
'tmp_readonly': len(self.user_data.interfaces) > 0 or not self.has_property('network_access')}

@network_access_active.setter
def network_access_active(self, value):
@@ -170,7 +170,8 @@ def continue_membership(self):

@active_prop
def mail(self):
return self.user_data.mail
return {'value': self.user_data.mail,
'tmp_readonly': not self.has_property('mail')}

@mail.setter
def mail(self, new_mail):
@@ -204,15 +205,19 @@ def id(self):

@active_prop
def use_cache(self):
tmp_readonly = not self.has_property('network_access')

if self.user_data.cache:
return {'value': gettext("Aktiviert"),
'raw_value': True,
'style': 'success',
'empty': False,
'tmp_readonly': tmp_readonly,
}
return {'value': gettext("Nicht aktiviert"),
'raw_value': False,
'empty': True}
'empty': True,
'tmp_readonly': tmp_readonly}

@use_cache.setter
def use_cache(self, new_use_cache):
@@ -287,7 +292,8 @@ def has_property(self, property):

@active_prop
def membership_end_date(self):
return {'value': parse_date(self.user_data.membership_end_date)}
return {'value': parse_date(self.user_data.membership_end_date),
'tmp_readonly': not self.is_member}

# Empty setter for "edit" capability
@membership_end_date.setter
@@ -314,7 +320,7 @@ def evaluate_status(status: UserStatus, user: User):
message, style = gettext('Trafficlimit überschritten'), 'danger'
elif not status.member:
message, style = gettext('Kein Mitglied'), 'muted'
elif status.member and user.membership_end_date.value:
elif status.member and user.membership_end_date.raw_value is not None:
message, style = "{} {}".format(gettext('Mitglied bis'), user.membership_end_date.value), \
'warning'
elif status.member:
@@ -37,7 +37,7 @@ <h2 id="hot-buttons">{{ _("Häufige Aktionen") }}</h2>
{{ _("Webmailer") }}
</a>
{% endif %}
{% if current_user.is_member and current_user.membership_end_date.capabilities.edit %}
{% if current_user.membership_end_date.capabilities.edit %}
{% if current_user.membership_end_date == None %}
<a href="{{ terminate_membership_url }}" class="btn btn-danger">
<span class="glyphicon glyphicon-remove-circle"></span>

0 comments on commit 933afda

Please sign in to comment.
You can’t perform that action at this time.