Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #368 from kevgliss/367-role-permission 

Fixes #367
This commit is contained in:
kevgliss 2016-06-23 13:44:46 -07:00 committed by GitHub
parent 5193342b3a 19b928d663
commit 9ae27f1415
2 changed files with 9 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lemur/auth/permissions.py
View File

@ -27,21 +27,9 @@ class SensitiveDomainPermission(Permission):
super(SensitiveDomainPermission, self).__init__(RoleNeed('admin')) super(SensitiveDomainPermission, self).__init__(RoleNeed('admin'))
class ViewKeyPermission(Permission):
def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(certificate_id)
super(ViewKeyPermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
class UpdateCertificatePermission(Permission):
def __init__(self, certificate_id, owner):
c_need = CertificateCreatorNeed(certificate_id)
super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
class CertificatePermission(Permission): class CertificatePermission(Permission):
def __init__(self, certificate_id, roles): def __init__(self, certificate_id, owner, roles):
needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id)] needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id), RoleNeed(owner)]
for r in roles: for r in roles:
needs.append(CertificateOwnerNeed(str(r))) needs.append(CertificateOwnerNeed(str(r)))

13
lemur/certificates/views.py
View File

@ -15,7 +15,7 @@ from lemur.common.schema import validate_schema
from lemur.common.utils import paginated_parser from lemur.common.utils import paginated_parser
from lemur.auth.service import AuthenticatedResource from lemur.auth.service import AuthenticatedResource
from lemur.auth.permissions import ViewKeyPermission, AuthorityPermission, CertificatePermission from lemur.auth.permissions import AuthorityPermission, CertificatePermission
from lemur.certificates import service from lemur.certificates import service
from lemur.certificates.schemas import certificate_input_schema, certificate_output_schema, \ from lemur.certificates.schemas import certificate_input_schema, certificate_output_schema, \
@ -399,9 +399,8 @@ class CertificatePrivateKey(AuthenticatedResource):
if not cert: if not cert:
return dict(message="Cannot find specified certificate"), 404 return dict(message="Cannot find specified certificate"), 404
role = role_service.get_by_name(cert.owner) owner_role = role_service.get_by_name(cert.owner)
permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles])
permission = ViewKeyPermission(certificate_id, getattr(role, 'name', None))
if permission.can(): if permission.can():
response = make_response(jsonify(key=cert.private_key), 200) response = make_response(jsonify(key=cert.private_key), 200)
@ -581,7 +580,8 @@ class Certificates(AuthenticatedResource):
""" """
cert = service.get(certificate_id) cert = service.get(certificate_id)
permission = CertificatePermission(cert.id, [x.name for x in cert.roles]) owner_role = role_service.get_by_name(cert.owner)
permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles])
if permission.can(): if permission.can():
return service.update( return service.update(
@ -864,7 +864,8 @@ class CertificateExport(AuthenticatedResource):
""" """
cert = service.get(certificate_id) cert = service.get(certificate_id)
permission = CertificatePermission(cert.id, [x.name for x in cert.roles]) owner_role = role_service.get_by_name(cert.owner)
permission = CertificatePermission(cert.id, owner_role, [x.name for x in cert.roles])
options = data['plugin']['plugin_options'] options = data['plugin']['plugin_options']
plugin = data['plugin']['plugin_object'] plugin = data['plugin']['plugin_object']