Merge pull request #45 from kevgliss/authByOwner

Fixes #35
2015-08-19 18:08:55 -07:00 · 2015-08-19 18:08:55 -07:00 · 0f0d11a828
parent 74525e8e8e 6b2da2fe6b
commit 0f0d11a828
4 changed files with 28 additions and 29 deletions
--- a/lemur/auth/permissions.py
+++ b/lemur/auth/permissions.py
@ -16,25 +16,19 @@ operator_permission = Permission(RoleNeed('operator'))
 admin_permission = Permission(RoleNeed('admin'))

 CertificateCreator = namedtuple('certificate', ['method', 'value'])
-CertificateCreatorNeed = partial(CertificateCreator, 'certificateView')
-
-CertificateOwner = namedtuple('certificate', ['method', 'value'])
-CertificateOwnerNeed = partial(CertificateOwner, 'certificateView')
+CertificateCreatorNeed = partial(CertificateCreator, 'key')


 class ViewKeyPermission(Permission):
-    def __init__(self, certificate_id, owner_id):
+    def __init__(self, certificate_id, owner):
        c_need = CertificateCreatorNeed(str(certificate_id))
-        o_need = CertificateOwnerNeed(str(owner_id))
-
-        super(ViewKeyPermission, self).__init__(o_need, c_need, RoleNeed('admin'))
+        super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))


 class UpdateCertificatePermission(Permission):
-    def __init__(self, role_id, certificate_id):
+    def __init__(self, certificate_id, owner):
        c_need = CertificateCreatorNeed(str(certificate_id))
-        o_need = CertificateOwnerNeed(str(role_id))
-        super(UpdateCertificatePermission, self).__init__(o_need, c_need, RoleNeed('admin'))
+        super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))


 RoleUser = namedtuple('role', ['method', 'value'])
--- a/lemur/auth/service.py
+++ b/lemur/auth/service.py
@ -29,7 +29,7 @@ from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers

 from lemur.users import service as user_service
-from lemur.auth.permissions import CertificateOwnerNeed, CertificateCreatorNeed, \
+from lemur.auth.permissions import CertificateCreatorNeed, \
    AuthorityCreatorNeed, ViewRoleCredentialsNeed


@ -165,7 +165,6 @@ def on_identity_loaded(sender, identity):
    # identity with the roles that the user provides
    if hasattr(user, 'roles'):
        for role in user.roles:
-            identity.provides.add(CertificateOwnerNeed(role.id))
            identity.provides.add(ViewRoleCredentialsNeed(role.id))
            identity.provides.add(RoleNeed(role.name))

--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -446,13 +446,14 @@ class CertificatePrivateKey(AuthenticatedResource):

        role = role_service.get_by_name(cert.owner)

-        permission = ViewKeyPermission(certificate_id, hasattr(role, 'id'))
+        if role:
+            permission = ViewKeyPermission(certificate_id, role.name)

-        if permission.can():
-            response = make_response(jsonify(key=cert.private_key), 200)
-            response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
-            response.headers['pragma'] = 'no-cache'
-            return response
+            if permission.can():
+                response = make_response(jsonify(key=cert.private_key), 200)
+                response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
+                response.headers['pragma'] = 'no-cache'
+                return response

        return dict(message='You are not authorized to view this key'), 403

@ -572,7 +573,7 @@ class Certificates(AuthenticatedResource):

        cert = service.get(certificate_id)
        role = role_service.get_by_name(cert.owner)
-        permission = UpdateCertificatePermission(certificate_id, hasattr(role, 'id'))
+        permission = UpdateCertificatePermission(certificate_id, role.name)

        if permission.can():
            return service.update(
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@ -107,7 +107,6 @@ angular.module('lemur')
            title: certificate.name,
            body: 'Successfully created!'
          });
-          $location.path('/certificates');
        },
        function (response) {
          toaster.pop({
@ -120,14 +119,21 @@ angular.module('lemur')
    };

    CertificateService.update = function (certificate) {
-      return LemurRestangular.copy(certificate).put().then(function () {
-        toaster.pop({
-          type: 'success',
-          title: certificate.name,
-          body: 'Successfully updated!'
+      return LemurRestangular.copy(certificate).put().then(
+        function () {
+          toaster.pop({
+            type: 'success',
+            title: certificate.name,
+            body: 'Successfully updated!'
+          });
+        },
+        function (response) {
+          toaster.pop({
+            type: 'error',
+            title: certificate.name,
+            body: 'Failed to update ' + response.data.message
+          });
        });
-        $location.path('certificates');
-      });
    };

    CertificateService.upload = function (certificate) {
@ -138,7 +144,6 @@ angular.module('lemur')
            title: certificate.name,
            body: 'Successfully uploaded!'
          });
-          $location.path('/certificates');
        },
        function (response) {
          toaster.pop({