Making roles more apparent for certificates and authorities. (#327)

lemur/auth/permissions.py

@@ -18,6 +18,9 @@ admin_permission = Permission(RoleNeed('admin'))
 CertificateCreator = namedtuple('certificate', ['method', 'value'])
 CertificateCreatorNeed = partial(CertificateCreator, 'key')
 
+CertificateOwner = namedtuple('certificate', ['method', 'value'])
+CertificateOwnerNeed = partial(CertificateOwner, 'role')
+
 
 class SensitiveDomainPermission(Permission):
     def __init__(self):
@@ -36,6 +39,15 @@ class UpdateCertificatePermission(Permission):
         super(UpdateCertificatePermission, self).__init__(c_need, RoleNeed(owner), RoleNeed('admin'))
 
 
+class CertificatePermission(Permission):
+    def __init__(self, certificate_id, roles):
+        needs = [RoleNeed('admin'), CertificateCreatorNeed(certificate_id)]
+        for r in roles:
+            needs.append(CertificateOwnerNeed(str(r)))
+
+        super(CertificatePermission, self).__init__(*needs)
+
+
 RoleUser = namedtuple('role', ['method', 'value'])
 ViewRoleCredentialsNeed = partial(RoleUser, 'roleView')
 

lemur/auth/service.py

@@ -165,7 +165,7 @@ def on_identity_loaded(sender, identity):
     # identity with the roles that the user provides
     if hasattr(user, 'roles'):
         for role in user.roles:
-            identity.provides.add(ViewRoleCredentialsNeed(role.id))
+            identity.provides.add(ViewRoleCredentialsNeed(role.name))
             identity.provides.add(RoleNeed(role.name))
 
     # apply ownership for authorities