Exemple #1
0
 def provides(self):
     needs = [RoleNeed('authenticated'), UserNeed(self.uid)]
     for r in self.rolenames:
         needs.append(RoleNeed(r))
     if self.is_admin:
         needs.append(RoleNeed('admin'))
     return needs
Exemple #2
0
    def on_identity_loaded(sender, identity):
        if identity.id:
            if u'o' in identity.id:
                identity.provides.add(RoleNeed('org'))

            elif u'u' in identity.id:
                identity.provides.add(RoleNeed('user'))
Exemple #3
0
def on_identity_loaded(sender, identity):
	user = load_user(identity.id)
	if user is None:
		return

	identity.provides.add(UserNeed(user.get_name()))
	if user.is_user():
		identity.provides.add(RoleNeed("user"))
	if user.is_admin():
		identity.provides.add(RoleNeed("admin"))
Exemple #4
0
    def provides(self):
        needs = [RoleNeed('authenticated'), UserNeed(self.username)]

        if self.is_moderator:
            needs.append(RoleNeed('moderator'))

        if self.is_admin:
            needs.append(RoleNeed('admin'))

        return needs
Exemple #5
0
    def __init__(self, certificate_id, owner, roles):
        needs = [
            RoleNeed('admin'),
            CertificateCreatorNeed(certificate_id),
            RoleNeed(owner)
        ]
        for r in roles:
            needs.append(CertificateOwnerNeed(str(r)))

        super(CertificatePermission, self).__init__(*needs)
Exemple #6
0
    def on_identity_loaded(sender, identity):
        # Set the identity user object
        identity.user = current_user
        print "In __init_.py......:%s" %current_user

        # Add the UserNeed to the identity
        if hasattr(current_user, 'id'):
            identity.provides.add(UserNeed(current_user.id))
            print UserNeed(current_user.id)

        # Add each role to the identity
        if hasattr(current_user, 'roles'):
            for role in current_user.roles:
                identity.provides.add(RoleNeed(role.name))
                print RoleNeed(role.name)
Exemple #7
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    # Assuming the User model has a list of roles, update the
    # identity with the roles that the user provides
    if hasattr(current_user, 'role'):
        identity.provides.add(RoleNeed(current_user.role))

    if hasattr(current_user, 'roles'):
        for role in current_user.roles:
            identity.provides.add(RoleNeed(role.name))
Exemple #8
0
def on_identity_loaded(sender, identity):
    identity.user = current_user
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))
    if hasattr(current_user, 'is_admin'):
        if current_user.is_admin():
            identity.provides.add(RoleNeed('admin'))
Exemple #9
0
def on_identity_loaded(sender, identity):
    """
    Sets the identity of a given option, assigns additional permissions based on
    the role that the user is a part of.

    :param sender:
    :param identity:
    """
    # load the user
    user = user_service.get(identity.id)

    # add the UserNeed to the identity
    identity.provides.add(UserNeed(identity.id))

    # identity with the roles that the user provides
    if hasattr(user, 'roles'):
        for role in user.roles:
            identity.provides.add(ViewRoleCredentialsNeed(role.name))
            identity.provides.add(RoleNeed(role.name))

    # apply ownership for authorities
    if hasattr(user, 'authorities'):
        for authority in user.authorities:
            identity.provides.add(AuthorityCreatorNeed(authority.id))

    # apply ownership of certificates
    if hasattr(user, 'certificates'):
        for certificate in user.certificates:
            identity.provides.add(CertificateCreatorNeed(certificate.id))

    g.user = user
Exemple #10
0
 def blogger_permission(self):
     if self._blogger_permission is None:
         if self.config.get("BLOGGING_PERMISSIONS", False):
             self._blogger_permission = Permission(RoleNeed("blogger"))
         else:
             self._blogger_permission = Permission()
     return self._blogger_permission
Exemple #11
0
def _on_identity_loaded(sender, identity):
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    for role in current_user.roles:
        identity.provides.add(RoleNeed(role.name))

    identity.user = current_user
Exemple #12
0
def current_user_identity():
    if not session.get('user_id'):
        return None
    user_id = session['user_id']
    identity = Identity(user_id)
    user = UserModel.query.get(user_id)
    if user and user.is_admin:
        identity.provides.add(RoleNeed('panel'))
    return identity
Exemple #13
0
 def on_identity_loaded(sender, identity):
     print 'received from', str(sender)
     identity.user = g.user
     if hasattr(g.user, 'id'):
         identity.provides.add(UserNeed(g.user.id))
     if hasattr(g.user, 'roles'):
         for role in g.user.roles:
             print role.name
             identity.provides.add(RoleNeed(role.name))
Exemple #14
0
def on_identity_loaded(sender, identity):
    identity.user = current_user
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(unicode(current_user.id)))
        identity.provides.add(RoleNeed(unicode(current_user.role)))
        _set_permissions(current_user.get_permissions_grids(), identity)
        if current_user.teams:
            for team in current_user.teams:
                _set_permissions(team.get_permissions_grids(), identity)
Exemple #15
0
def load_debug_auth():
    auth_data = flask.session.get('auth')
    if auth_data and auth_data.get('user_id'):
        identity = Identity(id=auth_data['user_id'], auth_type='debug')
        principals.set_identity(identity)

        identity.provides.add(need.user_id(identity.id))
        identity.provides.add(need.authenticated)
        for role_name in auth_data.get('roles', []):
            identity.provides.add(RoleNeed(role_name))
Exemple #16
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    if hasattr(current_user, 'is_admin'):
        if current_user.is_admin:
            identity.provides.add(RoleNeed('admin'))
Exemple #17
0
def on_identity_loaded(sender, identity):
    identity.user = user
    print "efe"
    if hasattr(user, 'id'):
        print user.id
        identity.provides.add(UserNeed(user.id))

    if hasattr(user, 'roles'):
        for role in user.roles:
            print role.name
            identity.provides.add(RoleNeed(role.name))
Exemple #18
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    # Add roles
    if hasattr(current_user, 'roles'):
        for role in current_user.roles:
            identity.provides.add(RoleNeed(role.name))
def on_identity_loaded(sender, identity):
    # Check for id as a proxy for non-AnonymousIdentity
    if hasattr(current_user, 'id'):
        account = Account.query.get(int(current_user.id))
        if account.email_confirmed():
            # Add Needs from each associated Role
            for role_name in roles:
                role = roles[role_name]['model'].lookup_from_account_id(
                    current_user.id)
                if role is not None:
                    identity.provides.add(RoleNeed(role_name))
                    identity.provides.update(role.needs())
    def find(self, **kwargs):
        _kwargs = self._set_default_filter_parameters({})

        if current_user.is_authenticated():
            kwargs['pk__in'] = [
                event.pk for event in filter(
                    lambda f: Permission(ItemNeed('access_event', f, 'object'),
                                         RoleNeed('admin')).can(),
                    self.__model__.objects.filter(**_kwargs))
            ]

        return super(EventsService, self).find(**kwargs)
Exemple #21
0
def on_identity_loaded(sender, identity):
    """
	Called whenever a new identity is loaded in the app
	"""
    identity.user = current_user

    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    if hasattr(current_user, 'roles'):
        for role in current_user.roles:
            identity.provides.add(RoleNeed(role))
Exemple #22
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'usu_login'):
        identity.provides.add(UserNeed(current_user.usu_login))

    # update the identity with the rol that the user provides
    if hasattr(current_user, 'usu_rol'):
        for rol in current_user.usu_rol.split('-'):
            identity.provides.add(RoleNeed(rol))
Exemple #23
0
def load_identity(identity, user):
    '''
    Handles loading the user identity
    '''

    identity.provides.add(RoleNeed("user"))

    if not user.active or not user.verified:
        return

    if not user.role:
        return

    keys = roles.keys()
    top = max(keys)
    identity.provides.add(RoleNeed(roles.get(user.role)))

    for k in keys:
        if k > user.role:
            role = roles.get(k, None)
            identity.provides.add(RoleNeed(roles.get(k)))
Exemple #24
0
 def decorated_view(*args, **kwargs):
     if not current_user.is_authenticated():
         return current_app.login_manager.unauthorized()
     if not current_user.active_member:
         flash('You need to be aproved as a member to access this resource', 'error')
         abort(403)
     for role in roles:
         if not Permission(RoleNeed(role)).can():
             flash('You need the permission \'' + str(role) +
                   '\' to access this resource.', 'error')
             abort(403)
     return fn(*args, **kwargs)
Exemple #25
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user

    # Add the UserNeed to the identity
    if hasattr(current_user, 'id'):
        identity.provides.add(UserNeed(current_user.id))

    # Assuming the User model has a list of roles, update the
    # identity with the roles that the user provides
    if hasattr(current_user, 'group'):
        print(current_user.id, current_user.group)
        identity.provides.add(RoleNeed(current_user.group))
Exemple #26
0
def on_identity_loaded(sender, identity):
    # Set the identity user object
    identity.user = current_user
    
    # Add the UserNeed to the identity
    if hasattr(current_user, "id"):
        identity.provides.add(UserNeed(current_user.id))
    
    # Assuming the User Model has a list of roles, update the identity
    # with the roles that the user provides
    if hasattr(current_user, "roles") and current_user.roles is not None:
        for role in current_user.roles:
            identity.provides.add(RoleNeed(role))
Exemple #27
0
def get_checklist_form_dashboard_menu(**kwargs):
    """Retrieves a list of forms that have the verification flag set

    :param form_type: The form type for the forms to be retrieved
    """
    return [{
        u'url': url_for(u'dashboard.checklists', form_id=str(form.id)),
        u'text': form.name,
        u'icon': u'<i class="glyphicon glyphicon-check"></i>',
        u'visible': True
    } for form in filter(
        lambda f: Permission(ItemNeed(u'view_forms', f, u'object'),
                             RoleNeed(u'admin')).can(),
        services.forms.find(**kwargs).order_by(u'name'))]
Exemple #28
0
def get_form_list_menu(**kwargs):
    """Retrieves a list of forms that the user has access to and returns it
    in a format that can be rendered on the menu

    :param form_type: The form type for the forms to be retrieved
    TODO: Actually restrict forms based on user permissions
    """
    return [{
        'url': url_for('submissions.submission_list', form_id=str(form.id)),
        'text': form.name,
        'visible': True
    } for form in filter(
        lambda f: Permission(ItemNeed('view_forms', f, 'object'),
                             RoleNeed('admin')).can(),
        services.forms.find(**kwargs))]
Exemple #29
0
    def has_permission(self, permission_type, objectId):
        if objectId is None:
            return True

        admin = Permission(RoleNeed(ROLE_ADMIN))
        if isinstance(permission_type, tuple):
            for permission_type_item in permission_type:
                permission = permission_type_item(unicode(objectId))
                if permission.can() or admin.can():
                    return True
        else:
            permission = permission_type(unicode(objectId))
            if permission.can() or admin.can():
                return True

        return False
Exemple #30
0
def _on_principal_init(sender, identity):
    # Standard, not lazy roles
    role_map = {
        'admin': (RoleNeed('admin'),),
        'manager': (RoleNeed('manager'),),
        'blogger': (RoleNeed('blogger'),),
        'admin_blogger': (RoleNeed('admin'), RoleNeed('blogger')),
        'manager_blogger': (RoleNeed('manager'), RoleNeed('blogger')),
    }

    roles = role_map.get(identity.id)
    if roles:
        for role in roles:
            identity.provides.add(role)