From 19b928d663f3824e6a13dde3d044450e0f2ceffe Mon Sep 17 00:00:00 2001 From: kevgliss Date: Thu, 23 Jun 2016 13:29:59 -0700 Subject: [PATCH] Fixes #367 --- lemur/auth/permissions.py | 16 ++-------------- lemur/certificates/views.py | 13 +++++++------ 2 files changed, 9 insertions(+), 20 deletions(-) diff --git a/lemur/auth/permissions.py b/lemur/auth/permissions.py index 5b6d7902..5bd55624 100644 --- a/lemur/auth/permissions.py +++ b/lemur/auth/permissions.py @@ -27,21 +27,9 @@ class SensitiveDomainPermission(Permission): super(SensitiveDomainPermission, self).__init__(RoleNeed('admin')) -class ViewKeyPermission(Permission): - def __init__(self, certificate_id, owner): - c_need = CertificateCreatorNeed(certificate_id) - super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) - - -class UpdateCertificatePermission(Permission): - def __init__(self, certificate_id, owner): - c_need = CertificateCreatorNeed(certificate_id) - super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) - - class CertificatePermission(Permission): - def __init__(self, certificate_id, roles): - needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id)] + def __init__(self, certificate_id, owner, roles): + needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id), RoleNeed(owner)] for r in roles: needs.append(CertificateOwnerNeed(str(r))) diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 252f0fe8..b50e7f23 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -15,7 +15,7 @@ from lemur.common.schema import validate_schema from lemur.common.utils import paginated_parser from lemur.auth.service import AuthenticatedResource -from lemur.auth.permissions import ViewKeyPermission, AuthorityPermission, CertificatePermission +from lemur.auth.permissions import AuthorityPermission, CertificatePermission from lemur.certificates import service from lemur.certificates.schemas import certificate_input_schema, certificate_output_schema, \ @@ -399,9 +399,8 @@ class CertificatePrivateKey(AuthenticatedResource): if not cert: return dict(message="Cannot find specified certificate"), 404 - role = role_service.get_by_name(cert.owner) - - permission = ViewKeyPermission(certificate_id, getattr(role, 'name', None)) + owner_role = role_service.get_by_name(cert.owner) + permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles]) if permission.can(): response = make_response(jsonify(key=cert.private_key), 200) @@ -581,7 +580,8 @@ class Certificates(AuthenticatedResource): """ cert = service.get(certificate_id) - permission = CertificatePermission(cert.id, [x.name for x in cert.roles]) + owner_role = role_service.get_by_name(cert.owner) + permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles]) if permission.can(): return service.update( @@ -864,7 +864,8 @@ class CertificateExport(AuthenticatedResource): """ cert = service.get(certificate_id) - permission = CertificatePermission(cert.id, [x.name for x in cert.roles]) + owner_role = role_service.get_by_name(cert.owner) + permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles]) options = data['plugin']['plugin_options'] plugin = data['plugin']['plugin_object']