From 6b2da2fe6be471818bfaf5dfa440ae8dbfd6c0c6 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Wed, 19 Aug 2015 18:05:18 -0700 Subject: [PATCH] Fixes #35 --- lemur/auth/permissions.py | 16 ++++--------- lemur/auth/service.py | 3 +-- lemur/certificates/views.py | 15 ++++++------ .../app/angular/certificates/services.js | 23 +++++++++++-------- 4 files changed, 28 insertions(+), 29 deletions(-) diff --git a/lemur/auth/permissions.py b/lemur/auth/permissions.py index 79950b36..c07119d4 100644 --- a/lemur/auth/permissions.py +++ b/lemur/auth/permissions.py @@ -16,25 +16,19 @@ operator_permission = Permission(RoleNeed('operator')) admin_permission = Permission(RoleNeed('admin')) CertificateCreator = namedtuple('certificate', ['method', 'value']) -CertificateCreatorNeed = partial(CertificateCreator, 'certificateView') - -CertificateOwner = namedtuple('certificate', ['method', 'value']) -CertificateOwnerNeed = partial(CertificateOwner, 'certificateView') +CertificateCreatorNeed = partial(CertificateCreator, 'key') class ViewKeyPermission(Permission): - def __init__(self, certificate_id, owner_id): + def __init__(self, certificate_id, owner): c_need = CertificateCreatorNeed(str(certificate_id)) - o_need = CertificateOwnerNeed(str(owner_id)) - - super(ViewKeyPermission, self).__init__(o_need, c_need, RoleNeed('admin')) + super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) class UpdateCertificatePermission(Permission): - def __init__(self, role_id, certificate_id): + def __init__(self, certificate_id, owner): c_need = CertificateCreatorNeed(str(certificate_id)) - o_need = CertificateOwnerNeed(str(role_id)) - super(UpdateCertificatePermission, self).__init__(o_need, c_need, RoleNeed('admin')) + super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin')) RoleUser = namedtuple('role', ['method', 'value']) diff --git a/lemur/auth/service.py b/lemur/auth/service.py index 6f4e29b5..ba19c509 100644 --- a/lemur/auth/service.py +++ b/lemur/auth/service.py @@ -29,7 +29,7 @@ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers from lemur.users import service as user_service -from lemur.auth.permissions import CertificateOwnerNeed, CertificateCreatorNeed, \ +from lemur.auth.permissions import CertificateCreatorNeed, \ AuthorityCreatorNeed, ViewRoleCredentialsNeed @@ -165,7 +165,6 @@ def on_identity_loaded(sender, identity): # identity with the roles that the user provides if hasattr(user, 'roles'): for role in user.roles: - identity.provides.add(CertificateOwnerNeed(role.id)) identity.provides.add(ViewRoleCredentialsNeed(role.id)) identity.provides.add(RoleNeed(role.name)) diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index eaf0c53d..3e10b7fb 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -446,13 +446,14 @@ class CertificatePrivateKey(AuthenticatedResource): role = role_service.get_by_name(cert.owner) - permission = ViewKeyPermission(certificate_id, hasattr(role, 'id')) + if role: + permission = ViewKeyPermission(certificate_id, role.name) - if permission.can(): - response = make_response(jsonify(key=cert.private_key), 200) - response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store' - response.headers['pragma'] = 'no-cache' - return response + if permission.can(): + response = make_response(jsonify(key=cert.private_key), 200) + response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store' + response.headers['pragma'] = 'no-cache' + return response return dict(message='You are not authorized to view this key'), 403 @@ -572,7 +573,7 @@ class Certificates(AuthenticatedResource): cert = service.get(certificate_id) role = role_service.get_by_name(cert.owner) - permission = UpdateCertificatePermission(certificate_id, hasattr(role, 'id')) + permission = UpdateCertificatePermission(certificate_id, role.name) if permission.can(): return service.update( diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js index 9344a3e9..a6d1ba7a 100644 --- a/lemur/static/app/angular/certificates/services.js +++ b/lemur/static/app/angular/certificates/services.js @@ -107,7 +107,6 @@ angular.module('lemur') title: certificate.name, body: 'Successfully created!' }); - $location.path('/certificates'); }, function (response) { toaster.pop({ @@ -120,14 +119,21 @@ angular.module('lemur') }; CertificateService.update = function (certificate) { - return LemurRestangular.copy(certificate).put().then(function () { - toaster.pop({ - type: 'success', - title: certificate.name, - body: 'Successfully updated!' + return LemurRestangular.copy(certificate).put().then( + function () { + toaster.pop({ + type: 'success', + title: certificate.name, + body: 'Successfully updated!' + }); + }, + function (response) { + toaster.pop({ + type: 'error', + title: certificate.name, + body: 'Failed to update ' + response.data.message + }); }); - $location.path('certificates'); - }); }; CertificateService.upload = function (certificate) { @@ -138,7 +144,6 @@ angular.module('lemur') title: certificate.name, body: 'Successfully uploaded!' }); - $location.path('/certificates'); }, function (response) { toaster.pop({