def on_identity_loaded(sender, identity):
"""Add admin and project participation roles.
If user is authenticated and user has admin role in systenant,
he has role admin permission.
If user is authenticated and user participates in a tenant,
he has project member permission.
Exclude endpoints which do not require authentication/authorization.
"""
is_anon = identity.name == 'anon'
loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED']
is_loose = flask.request.endpoint in loose_endpoints
if is_loose or is_anon:
return
roles = (clients.admin_clients().identity_admin.roles.
roles_for_user(identity.name))
is_admin = False
for role_tenant in roles:
if clients.role_tenant_is_admin(role_tenant):
is_admin = True
if clients.role_is_member(role_tenant.role["name"]):
identity.provides.add(
('role', 'member', role_tenant.tenant["id"]))
if is_admin:
identity.provides.add(('role', 'admin'))
def on_identity_loaded(sender, identity):
"""Add admin and project participation roles.
If user is authenticated and user has admin role in systenant,
he has role admin permission.
If user is authenticated and user participates in a tenant,
he has project member permission.
Exclude endpoints which do not require authentication/authorization.
"""
is_anon = identity.name == 'anon'
loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED']
is_loose = flask.request.endpoint in loose_endpoints
if is_loose or is_anon:
return
roles = (clients.admin_clients().identity_admin.roles.roles_for_user(
identity.name))
is_admin = False
for role_tenant in roles:
if clients.role_tenant_is_admin(role_tenant):
is_admin = True
if clients.role_is_member(role_tenant.role["name"]):
identity.provides.add(('role', 'member', role_tenant.tenant["id"]))
if is_admin:
identity.provides.add(('role', 'admin'))
def index():
"""List users.
TODO(apugachev): find way to count users without fetching all users.
This would allow to use marker and limit to fetch one page only.
"""
identity_admin = clients.admin_clients().identity_admin
users = sorted(
identity_admin.users.list(limit=1000000),
key=lambda x: x.name)
p = pagination.Pagination(users)
data = p.slice(users)
potential_admins = set([
user.id
for user in (identity_admin.users.list(clients.get_systenant_id()))])
for user in data:
# TODO(apugachev) modify to work with form.DeleteUser
form = forms.DeleteUserForm()
form.user_id.data = user.id
user.delete_form = form
if user.id in potential_admins:
for role in (identity_admin.roles.
roles_for_user(user.id)):
if clients.role_tenant_is_admin(role):
user.is_global_admin = True
break
return {
'pagination': p,
'data': data,
'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
'subtitle': 'List of users'
}
def index():
"""List users.
TODO(apugachev): find way to count users without fetching all users.
This would allow to use marker and limit to fetch one page only.
"""
identity_admin = clients.admin_clients().identity_admin
users = sorted(identity_admin.users.list(limit=1000000),
key=lambda x: x.name)
p = pagination.Pagination(users)
data = p.slice(users)
potential_admins = set([
user.id
for user in (identity_admin.users.list(clients.get_systenant_id()))
])
for user in data:
# TODO(apugachev) modify to work with form.DeleteUser
form = forms.DeleteUserForm()
form.user_id.data = user.id
user.delete_form = form
if user.id in potential_admins:
for role in (identity_admin.roles.roles_for_user(user.id)):
if clients.role_tenant_is_admin(role):
user.is_global_admin = True
break
return {
'pagination': p,
'data': data,
'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(),
'subtitle': 'List of users'
}