This commit is contained in:
kevgliss 2015-08-19 18:05:18 -07:00
parent 39c022dbf3
commit 6b2da2fe6b
4 changed files with 28 additions and 29 deletions

View File

@ -16,25 +16,19 @@ operator_permission = Permission(RoleNeed('operator'))
admin_permission = Permission(RoleNeed('admin')) admin_permission = Permission(RoleNeed('admin'))
CertificateCreator = namedtuple('certificate', ['method', 'value']) CertificateCreator = namedtuple('certificate', ['method', 'value'])
CertificateCreatorNeed = partial(CertificateCreator, 'certificateView') CertificateCreatorNeed = partial(CertificateCreator, 'key')
CertificateOwner = namedtuple('certificate', ['method', 'value'])
CertificateOwnerNeed = partial(CertificateOwner, 'certificateView')
class ViewKeyPermission(Permission): class ViewKeyPermission(Permission):
def __init__(self, certificate_id, owner_id): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(str(certificate_id))
o_need = CertificateOwnerNeed(str(owner_id)) super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
super(ViewKeyPermission, self).__init__(o_need, c_need, RoleNeed('admin'))
class UpdateCertificatePermission(Permission): class UpdateCertificatePermission(Permission):
def __init__(self, role_id, certificate_id): def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(str(certificate_id)) c_need = CertificateCreatorNeed(str(certificate_id))
o_need = CertificateOwnerNeed(str(role_id)) super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
super(UpdateCertificatePermission, self).__init__(o_need, c_need, RoleNeed('admin'))
RoleUser = namedtuple('role', ['method', 'value']) RoleUser = namedtuple('role', ['method', 'value'])

View File

@ -29,7 +29,7 @@ from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
from lemur.users import service as user_service from lemur.users import service as user_service
from lemur.auth.permissions import CertificateOwnerNeed, CertificateCreatorNeed, \ from lemur.auth.permissions import CertificateCreatorNeed, \
AuthorityCreatorNeed, ViewRoleCredentialsNeed AuthorityCreatorNeed, ViewRoleCredentialsNeed
@ -165,7 +165,6 @@ def on_identity_loaded(sender, identity):
# identity with the roles that the user provides # identity with the roles that the user provides
if hasattr(user, 'roles'): if hasattr(user, 'roles'):
for role in user.roles: for role in user.roles:
identity.provides.add(CertificateOwnerNeed(role.id))
identity.provides.add(ViewRoleCredentialsNeed(role.id)) identity.provides.add(ViewRoleCredentialsNeed(role.id))
identity.provides.add(RoleNeed(role.name)) identity.provides.add(RoleNeed(role.name))

View File

@ -446,7 +446,8 @@ class CertificatePrivateKey(AuthenticatedResource):
role = role_service.get_by_name(cert.owner) role = role_service.get_by_name(cert.owner)
permission = ViewKeyPermission(certificate_id, hasattr(role, 'id')) if role:
permission = ViewKeyPermission(certificate_id, role.name)
if permission.can(): if permission.can():
response = make_response(jsonify(key=cert.private_key), 200) response = make_response(jsonify(key=cert.private_key), 200)
@ -572,7 +573,7 @@ class Certificates(AuthenticatedResource):
cert = service.get(certificate_id) cert = service.get(certificate_id)
role = role_service.get_by_name(cert.owner) role = role_service.get_by_name(cert.owner)
permission = UpdateCertificatePermission(certificate_id, hasattr(role, 'id')) permission = UpdateCertificatePermission(certificate_id, role.name)
if permission.can(): if permission.can():
return service.update( return service.update(

View File

@ -107,7 +107,6 @@ angular.module('lemur')
title: certificate.name, title: certificate.name,
body: 'Successfully created!' body: 'Successfully created!'
}); });
$location.path('/certificates');
}, },
function (response) { function (response) {
toaster.pop({ toaster.pop({
@ -120,13 +119,20 @@ angular.module('lemur')
}; };
CertificateService.update = function (certificate) { CertificateService.update = function (certificate) {
return LemurRestangular.copy(certificate).put().then(function () { return LemurRestangular.copy(certificate).put().then(
function () {
toaster.pop({ toaster.pop({
type: 'success', type: 'success',
title: certificate.name, title: certificate.name,
body: 'Successfully updated!' body: 'Successfully updated!'
}); });
$location.path('certificates'); },
function (response) {
toaster.pop({
type: 'error',
title: certificate.name,
body: 'Failed to update ' + response.data.message
});
}); });
}; };
@ -138,7 +144,6 @@ angular.module('lemur')
title: certificate.name, title: certificate.name,
body: 'Successfully uploaded!' body: 'Successfully uploaded!'
}); });
$location.path('/certificates');
}, },
function (response) { function (response) {
toaster.pop({ toaster.pop({