def provides(self):
needs = [RoleNeed('authenticated'), UserNeed(self.uid)]
for r in self.rolenames:
needs.append(RoleNeed(r))
if self.is_admin:
needs.append(RoleNeed('admin'))
return needs
def on_identity_loaded(sender, identity):
if identity.id:
if u'o' in identity.id:
identity.provides.add(RoleNeed('org'))
elif u'u' in identity.id:
identity.provides.add(RoleNeed('user'))
def on_identity_loaded(sender, identity):
user = load_user(identity.id)
if user is None:
return
identity.provides.add(UserNeed(user.get_name()))
if user.is_user():
identity.provides.add(RoleNeed("user"))
if user.is_admin():
identity.provides.add(RoleNeed("admin"))
def provides(self):
needs = [RoleNeed('authenticated'), UserNeed(self.username)]
if self.is_moderator:
needs.append(RoleNeed('moderator'))
if self.is_admin:
needs.append(RoleNeed('admin'))
return needs
def __init__(self, certificate_id, owner, roles):
needs = [
RoleNeed('admin'),
CertificateCreatorNeed(certificate_id),
RoleNeed(owner)
]
for r in roles:
needs.append(CertificateOwnerNeed(str(r)))
super(CertificatePermission, self).__init__(*needs)
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
print "In __init_.py......:%s" %current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
print UserNeed(current_user.id)
# Add each role to the identity
if hasattr(current_user, 'roles'):
for role in current_user.roles:
identity.provides.add(RoleNeed(role.name))
print RoleNeed(role.name)
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
# Assuming the User model has a list of roles, update the
# identity with the roles that the user provides
if hasattr(current_user, 'role'):
identity.provides.add(RoleNeed(current_user.role))
if hasattr(current_user, 'roles'):
for role in current_user.roles:
identity.provides.add(RoleNeed(role.name))
def on_identity_loaded(sender, identity):
identity.user = current_user
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
if hasattr(current_user, 'is_admin'):
if current_user.is_admin():
identity.provides.add(RoleNeed('admin'))
def on_identity_loaded(sender, identity):
"""
Sets the identity of a given option, assigns additional permissions based on
the role that the user is a part of.
:param sender:
:param identity:
"""
# load the user
user = user_service.get(identity.id)
# add the UserNeed to the identity
identity.provides.add(UserNeed(identity.id))
# identity with the roles that the user provides
if hasattr(user, 'roles'):
for role in user.roles:
identity.provides.add(ViewRoleCredentialsNeed(role.name))
identity.provides.add(RoleNeed(role.name))
# apply ownership for authorities
if hasattr(user, 'authorities'):
for authority in user.authorities:
identity.provides.add(AuthorityCreatorNeed(authority.id))
# apply ownership of certificates
if hasattr(user, 'certificates'):
for certificate in user.certificates:
identity.provides.add(CertificateCreatorNeed(certificate.id))
g.user = user
def blogger_permission(self):
if self._blogger_permission is None:
if self.config.get("BLOGGING_PERMISSIONS", False):
self._blogger_permission = Permission(RoleNeed("blogger"))
else:
self._blogger_permission = Permission()
return self._blogger_permission
def _on_identity_loaded(sender, identity):
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
for role in current_user.roles:
identity.provides.add(RoleNeed(role.name))
identity.user = current_user
def current_user_identity():
if not session.get('user_id'):
return None
user_id = session['user_id']
identity = Identity(user_id)
user = UserModel.query.get(user_id)
if user and user.is_admin:
identity.provides.add(RoleNeed('panel'))
return identity
def on_identity_loaded(sender, identity):
print 'received from', str(sender)
identity.user = g.user
if hasattr(g.user, 'id'):
identity.provides.add(UserNeed(g.user.id))
if hasattr(g.user, 'roles'):
for role in g.user.roles:
print role.name
identity.provides.add(RoleNeed(role.name))
def on_identity_loaded(sender, identity):
identity.user = current_user
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(unicode(current_user.id)))
identity.provides.add(RoleNeed(unicode(current_user.role)))
_set_permissions(current_user.get_permissions_grids(), identity)
if current_user.teams:
for team in current_user.teams:
_set_permissions(team.get_permissions_grids(), identity)
def load_debug_auth():
auth_data = flask.session.get('auth')
if auth_data and auth_data.get('user_id'):
identity = Identity(id=auth_data['user_id'], auth_type='debug')
principals.set_identity(identity)
identity.provides.add(need.user_id(identity.id))
identity.provides.add(need.authenticated)
for role_name in auth_data.get('roles', []):
identity.provides.add(RoleNeed(role_name))
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
if hasattr(current_user, 'is_admin'):
if current_user.is_admin:
identity.provides.add(RoleNeed('admin'))
def on_identity_loaded(sender, identity):
identity.user = user
print "efe"
if hasattr(user, 'id'):
print user.id
identity.provides.add(UserNeed(user.id))
if hasattr(user, 'roles'):
for role in user.roles:
print role.name
identity.provides.add(RoleNeed(role.name))
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
# Add roles
if hasattr(current_user, 'roles'):
for role in current_user.roles:
identity.provides.add(RoleNeed(role.name))
def on_identity_loaded(sender, identity):
# Check for id as a proxy for non-AnonymousIdentity
if hasattr(current_user, 'id'):
account = Account.query.get(int(current_user.id))
if account.email_confirmed():
# Add Needs from each associated Role
for role_name in roles:
role = roles[role_name]['model'].lookup_from_account_id(
current_user.id)
if role is not None:
identity.provides.add(RoleNeed(role_name))
identity.provides.update(role.needs())
def find(self, **kwargs):
_kwargs = self._set_default_filter_parameters({})
if current_user.is_authenticated():
kwargs['pk__in'] = [
event.pk for event in filter(
lambda f: Permission(ItemNeed('access_event', f, 'object'),
RoleNeed('admin')).can(),
self.__model__.objects.filter(**_kwargs))
]
return super(EventsService, self).find(**kwargs)
def on_identity_loaded(sender, identity):
"""
Called whenever a new identity is loaded in the app
"""
identity.user = current_user
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
if hasattr(current_user, 'roles'):
for role in current_user.roles:
identity.provides.add(RoleNeed(role))
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'usu_login'):
identity.provides.add(UserNeed(current_user.usu_login))
# update the identity with the rol that the user provides
if hasattr(current_user, 'usu_rol'):
for rol in current_user.usu_rol.split('-'):
identity.provides.add(RoleNeed(rol))
def load_identity(identity, user):
'''
Handles loading the user identity
'''
identity.provides.add(RoleNeed("user"))
if not user.active or not user.verified:
return
if not user.role:
return
keys = roles.keys()
top = max(keys)
identity.provides.add(RoleNeed(roles.get(user.role)))
for k in keys:
if k > user.role:
role = roles.get(k, None)
identity.provides.add(RoleNeed(roles.get(k)))
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated():
return current_app.login_manager.unauthorized()
if not current_user.active_member:
flash('You need to be aproved as a member to access this resource', 'error')
abort(403)
for role in roles:
if not Permission(RoleNeed(role)).can():
flash('You need the permission \'' + str(role) +
'\' to access this resource.', 'error')
abort(403)
return fn(*args, **kwargs)
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, 'id'):
identity.provides.add(UserNeed(current_user.id))
# Assuming the User model has a list of roles, update the
# identity with the roles that the user provides
if hasattr(current_user, 'group'):
print(current_user.id, current_user.group)
identity.provides.add(RoleNeed(current_user.group))
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# Add the UserNeed to the identity
if hasattr(current_user, "id"):
identity.provides.add(UserNeed(current_user.id))
# Assuming the User Model has a list of roles, update the identity
# with the roles that the user provides
if hasattr(current_user, "roles") and current_user.roles is not None:
for role in current_user.roles:
identity.provides.add(RoleNeed(role))
def get_checklist_form_dashboard_menu(**kwargs):
"""Retrieves a list of forms that have the verification flag set
:param form_type: The form type for the forms to be retrieved
"""
return [{
u'url': url_for(u'dashboard.checklists', form_id=str(form.id)),
u'text': form.name,
u'icon': u'<i class="glyphicon glyphicon-check"></i>',
u'visible': True
} for form in filter(
lambda f: Permission(ItemNeed(u'view_forms', f, u'object'),
RoleNeed(u'admin')).can(),
services.forms.find(**kwargs).order_by(u'name'))]
def get_form_list_menu(**kwargs):
"""Retrieves a list of forms that the user has access to and returns it
in a format that can be rendered on the menu
:param form_type: The form type for the forms to be retrieved
TODO: Actually restrict forms based on user permissions
"""
return [{
'url': url_for('submissions.submission_list', form_id=str(form.id)),
'text': form.name,
'visible': True
} for form in filter(
lambda f: Permission(ItemNeed('view_forms', f, 'object'),
RoleNeed('admin')).can(),
services.forms.find(**kwargs))]
def has_permission(self, permission_type, objectId):
if objectId is None:
return True
admin = Permission(RoleNeed(ROLE_ADMIN))
if isinstance(permission_type, tuple):
for permission_type_item in permission_type:
permission = permission_type_item(unicode(objectId))
if permission.can() or admin.can():
return True
else:
permission = permission_type(unicode(objectId))
if permission.can() or admin.can():
return True
return False
def _on_principal_init(sender, identity):
# Standard, not lazy roles
role_map = {
'admin': (RoleNeed('admin'),),
'manager': (RoleNeed('manager'),),
'blogger': (RoleNeed('blogger'),),
'admin_blogger': (RoleNeed('admin'), RoleNeed('blogger')),
'manager_blogger': (RoleNeed('manager'), RoleNeed('blogger')),
}
roles = role_map.get(identity.id)
if roles:
for role in roles:
identity.provides.add(role)