Making roles more apparent for certificates and authorities. (#327)

2016-05-20 12:48:12 -07:00
parent e04c1e7dc9
commit bd727b825d
18 changed files with 136 additions and 61 deletions
--- a/lemur/authorities/views.py
+++ b/lemur/authorities/views.py
@ -5,7 +5,7 @@
    :license: Apache, see LICENSE for more details.
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
-from flask import Blueprint, g
+from flask import Blueprint
 from flask.ext.restful import reqparse, Api

 from lemur.common.utils import paginated_parser
@ -13,7 +13,6 @@ from lemur.common.schema import validate_schema
 from lemur.auth.service import AuthenticatedResource
 from lemur.auth.permissions import AuthorityPermission

-from lemur.roles import service as role_service
 from lemur.certificates import service as certificate_service

 from lemur.authorities import service
@ -270,24 +269,11 @@ class Authorities(AuthenticatedResource):
        if not authority:
            return dict(message='Not Found'), 404

-        role = role_service.get_by_name(authority.owner)
-
        # all the authority role members should be allowed
        roles = [x.name for x in authority.roles]
-
-        # allow "owner" roles by team DL
-        roles.append(role)
        permission = AuthorityPermission(authority_id, roles)

        if permission.can():
-            # we want to make sure that we cannot add roles that we are not members of
-            if not g.current_user.is_admin:
-                role_ids = set([r.id for r in data['roles']])
-                user_role_ids = set([r.id for r in g.current_user.roles])
-
-                if not role_ids.issubset(user_role_ids):
-                    return dict(message="You are not allowed to associate a role which you are not a member of."), 403
-
            return service.update(
                authority_id,
                owner=data['owner'],