Skip to content

Commit

Permalink
Updates to permissions
Browse files Browse the repository at this point in the history 
permissions are now returns as an object keyed by site_id
individual user requests include permissions
user/permission handlers take user_id to represent self.
  • Loading branch information
@gmjosack
gmjosack committed Jan 1, 2015
1 parent e03c21e commit dde973a
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 31 deletions.
6 changes: 5 additions & 1 deletion nsot/decorators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@


def _has_any_perm(user, site_id, perms):
permissions = user.get_permissions(site_id)
permissions = set(
user.get_permissions(site_id)
.get(site_id, {})
.get("permissions", [])
)
for perm in perms:
if perm in permissions:
return True
Expand Down
54 changes: 36 additions & 18 deletions nsot/handlers/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1357,11 +1357,18 @@ def get(self, user_id):
"user": {
"id": 1
"email": "user@localhost"
"permissions": {
1: {
"user_id": 1,
"site_id": 1,
"permissions": ["admin"]
}
}
}
}
}
:param user_id: ID of the User to retrieve.
:param user_id: ID of the User to retrieve or 0 for self.
:type user_id: int
:reqheader X-NSoT-Email: required for all api requests.
Expand All @@ -1371,17 +1378,20 @@ def get(self, user_id):
:statuscode 404: The Site at site_id was not found.
"""

user = self.session.query(models.User).filter_by(
id=user_id,
).scalar()
if user_id == "0":
user = self.current_user
else:
user = self.session.query(models.User).filter_by(
id=user_id,
).scalar()

if not user:
return self.notfound(
"No such User found at (id) = ({})".format(user_id)
)

self.success({
"user": user.to_dict(),
"user": user.to_dict(with_permissions=True),
})

class UserPermissionsHandler(ApiHandler):
Expand All @@ -1406,17 +1416,17 @@ def get(self, user_id):
{
"status": "ok",
"data": {
"permissions": [
{
"permissions": {
1: {
"user_id": 1,
"site_id": 1,
"permissions": ["admin"]
}
]
}
}
}
:param user_id: ID of the User to retrieve.
:param user_id: ID of the User to retrieve or 0 for self.
:type user_id: int
:reqheader X-NSoT-Email: required for all api requests.
Expand All @@ -1426,21 +1436,24 @@ def get(self, user_id):
:statuscode 404: The User was not found.
"""

user = self.session.query(models.User).filter_by(
id=user_id,
).scalar()
if user_id == "0":
user = self.current_user
else:
user = self.session.query(models.User).filter_by(
id=user_id,
).scalar()

if not user:
return self.notfound(
"No such User found at (id) = ({})".format(user_id)
)

permissions = self.session.query(models.Permission).filter_by(
user_id=user_id
user_id=user.id
)

self.success({
"permissions": [permission.to_dict() for permission in permissions],
"permissions": user.get_permissions(),
})

class UserPermissionHandler(ApiHandler):
Expand Down Expand Up @@ -1473,7 +1486,7 @@ def get(self, user_id, site_id):
}
}
:param user_id: ID of the User
:param user_id: ID of the User or 0 for self.
:type user_id: int
:param site_id: ID of the Site
Expand All @@ -1486,7 +1499,12 @@ def get(self, user_id, site_id):
:statuscode 404: The User or Site was not found.
"""

user = self.session.query(models.User).filter_by(id=user_id).scalar()
if user_id == "0":
user = self.current_user
else:
user = self.session.query(models.User).filter_by(
id=user_id,
).scalar()
if not user:
return self.notfound("No such User found at (id) = ({})".format(user_id))

Expand All @@ -1495,13 +1513,13 @@ def get(self, user_id, site_id):
return self.notfound("No such Site found at id {}".format(site_id))

permission = self.session.query(models.Permission).filter_by(
user_id=user_id, site_id=site_id
user_id=user.id, site_id=site_id
).scalar()

if not permission:
return self.notfound(
"No such Permission found at (user_id, site_id) = ({})".format(
user_id, site_id
user.id, site_id
)
)

Expand Down
29 changes: 18 additions & 11 deletions nsot/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,25 +197,32 @@ def validate_email(self, key, value):
raise exc.ValidationError("Must contain a valid e-mail address")
return value

def to_dict(self):
return {
def to_dict(self, with_permissions=False):
out = {
"id": self.id,
"email": self.email,
}
if with_permissions:
out["permissions"] = self.get_permissions()

return out

def get_permissions(self, site_id):
perm = self.session.query(Permission).filter_by(
site_id=site_id,
def get_permissions(self, site_id=None):
query = self.session.query(Permission).filter_by(
user_id=self.id
).scalar()
)

if perm is not None:
return set(perm.permissions)
if site_id is not None:
query = query.filter_by(site_id=site_id)

return set()
permissions = query.all()

def is_admin(self, site_id):
return get_permissions(site_id).has("admin")
return {
# JSON keys can't be ints so be consistent in
# python
str(permission.site_id): permission.to_dict()
for permission in permissions
}


class Permission(Model):
Expand Down
2 changes: 1 addition & 1 deletion tests/api_tests/test_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def test_permissions(tornado_server):

assert_success(
user_client.get("/users/1/permissions"),
{"permissions": [{"permissions": ["admin"], "site_id": 1, "user_id": 1}]}
{"permissions": {"1": {"permissions": ["admin"], "site_id": 1, "user_id": 1}}}
)

assert_success(
Expand Down

0 comments on commit dde973a

Please sign in to comment.