def on_identity_loaded(sender, identity): """Add admin and project participation roles. If user is authenticated and user has admin role in systenant, he has role admin permission. If user is authenticated and user participates in a tenant, he has project member permission. Exclude endpoints which do not require authentication/authorization. """ is_anon = identity.name == 'anon' loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED'] is_loose = flask.request.endpoint in loose_endpoints if is_loose or is_anon: return roles = (clients.admin_clients().identity_admin.roles. roles_for_user(identity.name)) is_admin = False for role_tenant in roles: if clients.role_tenant_is_admin(role_tenant): is_admin = True if clients.role_is_member(role_tenant.role["name"]): identity.provides.add( ('role', 'member', role_tenant.tenant["id"])) if is_admin: identity.provides.add(('role', 'admin'))
def on_identity_loaded(sender, identity): """Add admin and project participation roles. If user is authenticated and user has admin role in systenant, he has role admin permission. If user is authenticated and user participates in a tenant, he has project member permission. Exclude endpoints which do not require authentication/authorization. """ is_anon = identity.name == 'anon' loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED'] is_loose = flask.request.endpoint in loose_endpoints if is_loose or is_anon: return roles = (clients.admin_clients().identity_admin.roles.roles_for_user( identity.name)) is_admin = False for role_tenant in roles: if clients.role_tenant_is_admin(role_tenant): is_admin = True if clients.role_is_member(role_tenant.role["name"]): identity.provides.add(('role', 'member', role_tenant.tenant["id"])) if is_admin: identity.provides.add(('role', 'admin'))
def user_tenants_list(keystone_user): """ Returns a list of tenants in which keystone_user has admin or member role. Important: Should return dicts instead of Keystone client internal objects because this value will be stored in session and cannot be normally serialized. """ roles = (clients.admin_clients().identity_admin.roles. roles_for_user(keystone_user)) user_tenants = {} for role_tenant in roles: if (clients.role_is_admin(role_tenant.role["name"]) or clients.role_is_member(role_tenant.role["name"])): user_tenants[role_tenant.tenant["id"]] = role_tenant.tenant return user_tenants.values()
def user_tenants_list(keystone_user): """ Returns a list of tenants in which keystone_user has admin or member role. Important: Should return dicts instead of Keystone client internal objects because this value will be stored in session and cannot be normally serialized. """ roles = (clients.admin_clients().identity_admin.roles.roles_for_user( keystone_user)) user_tenants = {} for role_tenant in roles: if (clients.role_is_admin(role_tenant.role["name"]) or clients.role_is_member(role_tenant.role["name"])): user_tenants[role_tenant.tenant["id"]] = role_tenant.tenant return user_tenants.values()