This repository has been archived by the owner on Feb 23, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #396 from multinet-app/workspace-permission
Filter workspaces based on user permissions
- Loading branch information
Showing
9 changed files
with
224 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
from arango import ArangoClient | ||
import getpass | ||
import sys | ||
|
||
from mypy_extensions import TypedDict | ||
|
||
|
||
HostAnalysis = TypedDict( | ||
"HostAnalysis", {"protocol": str, "hostname": str, "port": int} | ||
) | ||
|
||
|
||
def analyze_host(host: str) -> HostAnalysis: | ||
if host[:8] == "https://": | ||
protocol = "https" | ||
elif host[:7] == "http://": | ||
protocol = "http" | ||
else: | ||
print(f"bad protocol: {host}", file=sys.stderr) | ||
raise RuntimeError | ||
|
||
parts = host[len(f"{protocol}://") :].split(":") | ||
hostname = parts[0] | ||
|
||
try: | ||
port = int(parts[1]) | ||
except IndexError: | ||
port = 8529 | ||
except ValueError: | ||
print(f"bad port: {parts[1]}", file=sys.stderr) | ||
raise RuntimeError | ||
|
||
return {"protocol": protocol, "hostname": hostname, "port": port} | ||
|
||
|
||
def main(): | ||
if len(sys.argv) < 2: | ||
print("usage: ensure_workspace_metadata.py <arango-host>", file=sys.stderr) | ||
return 1 | ||
|
||
# Split apart the host parameter into constituents. | ||
try: | ||
args = analyze_host(sys.argv[1]) | ||
except RuntimeError: | ||
return 1 | ||
|
||
# Create a connection to the database. | ||
client = ArangoClient( | ||
protocol=args["protocol"], host=args["hostname"], port=args["port"] | ||
) | ||
|
||
# Get a password from the user. | ||
password = getpass.getpass("Password: ") | ||
|
||
# Retrieve the workspace mapping collection from the system database. | ||
db = client.db(name="_system", password=password) | ||
coll = db.collection("workspace_mapping") | ||
|
||
# Loop through the documents and correct ones with a missing "permissions" | ||
# field. | ||
for doc in coll.all(): | ||
if "permissions" not in doc: | ||
doc["permissions"] = { | ||
"owner": "", | ||
"maintainers": [], | ||
"writers": [], | ||
"readers": [], | ||
"public": True, | ||
} | ||
|
||
print(f"updating {doc['name']}...", end="") | ||
db.update_document(doc) | ||
print("done") | ||
|
||
|
||
if __name__ == "__main__": | ||
sys.exit(main()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
"""Utility functions for auth.""" | ||
|
||
from typing import Any, Optional, Callable | ||
|
||
from multinet.errors import Unauthorized | ||
from multinet.types import Workspace | ||
from multinet.auth.types import UserInfo | ||
from multinet.user import current_user | ||
|
||
|
||
# NOTE: unfortunately, it is difficult to write a type signature for this | ||
# decorator. I've opened an issue to ask about this here: | ||
# https://github.com/python/mypy/issues/9032. | ||
def require_login(f: Callable) -> Callable: | ||
"""Decorate an API endpoint to check for a logged in user.""" | ||
|
||
def wrapper(*args: Any, **kwargs: Any) -> Any: | ||
user = current_user() | ||
if user is None: | ||
raise Unauthorized("You must be logged in to perform this action") | ||
|
||
return f(*args, **kwargs) | ||
|
||
return wrapper | ||
|
||
|
||
def is_reader(user: Optional[UserInfo], workspace: Workspace) -> bool: | ||
"""Indicate whether `user` has read permissions for `workspace`.""" | ||
perms = workspace["permissions"] | ||
|
||
# A non-logged-in user, by definition, is a reader of public workspaces. | ||
if user is None: | ||
return perms["public"] | ||
|
||
# Otherwise, check to see if the workspace is public, or the user is at | ||
# least a Reader of the workspace. | ||
sub = user.sub | ||
return ( | ||
perms["public"] | ||
or sub in perms["readers"] | ||
or sub in perms["writers"] | ||
or sub in perms["maintainers"] | ||
or perms["owner"] == sub | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters