Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes #35

Browse Source
This commit is contained in:
kevgliss
2015-08-19 18:05:18 -07:00
parent 39c022dbf3
commit 6b2da2fe6b
4 changed files with 28 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lemur/auth/permissions.py
View File

@ -16,25 +16,19 @@ operator_permission = Permission(RoleNeed('operator'))
admin_permission = Permission(RoleNeed('admin'))
CertificateCreator = namedtuple('certificate', ['method', 'value'])
CertificateCreatorNeed = partial(CertificateCreator, 'certificateView')
CertificateOwner = namedtuple('certificate', ['method', 'value'])
CertificateOwnerNeed = partial(CertificateOwner, 'certificateView')
CertificateCreatorNeed = partial(CertificateCreator, 'key')
class ViewKeyPermission(Permission):
def __init__(self, certificate_id, owner_id):
def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id))
o_need = CertificateOwnerNeed(str(owner_id))
super(ViewKeyPermission, self).__init__(o_need, c_need, RoleNeed('admin'))
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
class UpdateCertificatePermission(Permission):
def __init__(self, role_id, certificate_id):
def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id))
o_need = CertificateOwnerNeed(str(role_id))
super(UpdateCertificatePermission, self).__init__(o_need, c_need, RoleNeed('admin'))
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
RoleUser = namedtuple('role', ['method', 'value'])

3
lemur/auth/service.py
View File

@ -29,7 +29,7 @@ from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from lemur.users import service as user_service
from lemur.auth.permissions import CertificateOwnerNeed, CertificateCreatorNeed, \
from lemur.auth.permissions import CertificateCreatorNeed, \
AuthorityCreatorNeed, ViewRoleCredentialsNeed
@ -165,7 +165,6 @@ def on_identity_loaded(sender, identity):
# identity with the roles that the user provides
if hasattr(user, 'roles'):
for role in user.roles:
identity.provides.add(CertificateOwnerNeed(role.id))
identity.provides.add(ViewRoleCredentialsNeed(role.id))
identity.provides.add(RoleNeed(role.name))