Log fixes (#534)

* tying up some loose ends with event logging

* Ensuring creators can access

lemur/auth/permissions.py

@@ -15,9 +15,6 @@ from flask_principal import Permission, RoleNeed
 operator_permission = Permission(RoleNeed('operator'))
 admin_permission = Permission(RoleNeed('admin'))
 
-CertificateCreator = namedtuple('certificate', ['method', 'value'])
-CertificateCreatorNeed = partial(CertificateCreator, 'key')
-
 CertificateOwner = namedtuple('certificate', ['method', 'value'])
 CertificateOwnerNeed = partial(CertificateOwner, 'role')
 
@@ -28,8 +25,8 @@ class SensitiveDomainPermission(Permission):
 
 
 class CertificatePermission(Permission):
-    def __init__(self, certificate_id, owner, roles):
-        needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id), RoleNeed(owner)]
+    def __init__(self, owner, roles):
+        needs = [RoleNeed('admin'), RoleNeed(owner), RoleNeed('creator')]
         for r in roles:
             needs.append(CertificateOwnerNeed(str(r)))
 

lemur/auth/service.py

@@ -27,8 +27,7 @@ from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
 
 from lemur.users import service as user_service
-from lemur.auth.permissions import CertificateCreatorNeed, \
-    AuthorityCreatorNeed, RoleMemberNeed
+from lemur.auth.permissions import AuthorityCreatorNeed, RoleMemberNeed
 
 
 def get_rsa_public_key(n, e):
@@ -155,11 +154,6 @@ def on_identity_loaded(sender, identity):
         for authority in user.authorities:
             identity.provides.add(AuthorityCreatorNeed(authority.id))
 
-    # apply ownership of certificates
-    if hasattr(user, 'certificates'):
-        for certificate in user.certificates:
-            identity.provides.add(CertificateCreatorNeed(certificate.id))
-
     g.user = user