def permission_user_new(auth_client):
if auth_client.user:
form = UserPermissionAssignForm()
elif auth_client.organization:
form = TeamPermissionAssignForm()
form.organization = auth_client.organization
form.team_id.choices = [(team.buid, team.title)
for team in auth_client.organization.teams]
else:
abort(403) # This should never happen. Clients always have an owner.
if form.validate_on_submit():
perms = set()
if auth_client.user:
permassign = AuthClientUserPermissions.get(auth_client=auth_client,
user=form.user.data)
if permassign:
perms.update(permassign.access_permissions.split())
else:
permassign = AuthClientUserPermissions(user=form.user.data,
auth_client=auth_client)
db.session.add(permassign)
else:
permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
team=form.team)
if permassign:
perms.update(permassign.access_permissions.split())
else:
permassign = AuthClientTeamPermissions(team=form.team,
auth_client=auth_client)
db.session.add(permassign)
perms.update(form.perms.data.split())
permassign.access_permissions = ' '.join(sorted(perms))
db.session.commit()
if auth_client.user:
flash(
_("Permissions have been assigned to user {pname}").format(
pname=form.user.data.pickername),
'success',
)
else:
flash(
_("Permissions have been assigned to team ‘{pname}’").format(
pname=permassign.team.pickername),
'success',
)
return render_redirect(url_for('.client_info', key=auth_client.buid),
code=303)
return render_form(
form=form,
title=_("Assign permissions"),
formid='perm_assign',
submit=_("Assign permissions"),
)
def client_info(auth_client):
if auth_client.user:
permassignments = AuthClientUserPermissions.all_forclient(
auth_client).all()
else:
permassignments = AuthClientTeamPermissions.all_forclient(
auth_client).all()
return render_template(
'client_info.html.jinja2',
auth_client=auth_client,
permassignments=permassignments,
)
def client_edit(auth_client):
form = RegisterClientForm(obj=auth_client, model=AuthClient)
form.edit_user = current_auth.user
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
if auth_client.user:
form.client_owner.data = auth_client.user.buid
else:
form.client_owner.data = auth_client.organization.buid
if form.validate_on_submit():
if (auth_client.user != form.user
or auth_client.organization != form.organization):
# Ownership has changed. Remove existing permission assignments
AuthClientUserPermissions.all_forclient(auth_client).delete(
synchronize_session=False)
AuthClientTeamPermissions.all_forclient(auth_client).delete(
synchronize_session=False)
flash(
_("This application’s owner has changed, so all previously assigned permissions "
"have been revoked"),
'warning',
)
form.populate_obj(auth_client)
auth_client.user = form.user
auth_client.organization = form.organization
db.session.commit()
return render_redirect(url_for('.client_info', key=auth_client.buid),
code=303)
return render_form(
form=form,
title=_("Edit application"),
formid='client_edit',
submit=_("Save changes"),
ajax=True,
)
def permission_user_delete(auth_client, kwargs):
if auth_client.user:
user = User.get(buid=kwargs['buid'])
if not user:
abort(404)
permassign = AuthClientUserPermissions.get(auth_client=auth_client,
user=user)
if not permassign:
abort(404)
return render_delete_sqla(
permassign,
db,
title=_("Confirm delete"),
message=
_("Remove all permissions assigned to user {pname} for app ‘{title}’?"
).format(pname=user.pickername, title=auth_client.title),
success=_("You have revoked permisions for user {pname}").format(
pname=user.pickername),
next=url_for('.client_info', key=auth_client.buid),
)
else:
team = Team.get(buid=kwargs['buid'])
if not team:
abort(404)
permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
team=team)
if not permassign:
abort(404)
return render_delete_sqla(
permassign,
db,
title=_("Confirm delete"),
message=
_("Remove all permissions assigned to team ‘{pname}’ for app ‘{title}’?"
).format(pname=team.title, title=auth_client.title),
success=_("You have revoked permisions for team {title}").format(
title=team.title),
next=url_for('.client_info', key=auth_client.buid),
)
def get_userinfo(user,
auth_client,
scope=[],
user_session=None,
get_permissions=True):
teams = {}
if '*' in scope or 'id' in scope or 'id/*' in scope:
userinfo = {
'userid': user.buid,
'buid': user.buid,
'uuid': user.uuid,
'username': user.username,
'fullname': user.fullname,
'timezone': user.timezone,
'avatar': user.avatar,
'oldids': [o.buid for o in user.oldids],
'olduuids': [o.uuid for o in user.oldids],
}
else:
userinfo = {}
if user_session:
userinfo['sessionid'] = user_session.buid
if '*' in scope or 'email' in scope or 'email/*' in scope:
userinfo['email'] = str(user.email)
if '*' in scope or 'phone' in scope or 'phone/*' in scope:
userinfo['phone'] = str(user.phone)
if '*' in scope or 'organizations' in scope or 'organizations/*' in scope:
userinfo['organizations'] = {
'owner': [{
'userid': org.buid,
'buid': org.buid,
'uuid': org.uuid,
'name': org.name,
'title': org.title,
} for org in user.organizations_owned()],
'member': [{
'userid': org.buid,
'buid': org.buid,
'uuid': org.uuid,
'name': org.name,
'title': org.title,
} for org in user.organizations_memberof()],
'all': [{
'userid': org.buid,
'buid': org.buid,
'uuid': org.uuid,
'name': org.name,
'title': org.title,
} for org in user.organizations()],
}
if ('*' in scope or 'organizations' in scope or 'teams' in scope
or 'organizations/*' in scope or 'teams/*' in scope):
for team in user.teams:
teams[team.buid] = {
'userid': team.buid,
'buid': team.buid,
'uuid': team.uuid,
'title': team.title,
'org': team.organization.buid,
'org_uuid': team.organization.uuid,
'owners': team == team.organization.owners,
'member': True,
}
if '*' in scope or 'teams' in scope or 'teams/*' in scope:
for org in user.organizations_owned():
for team in org.teams:
if team.buid not in teams:
teams[team.buid] = {
'userid': team.buid,
'buid': team.buid,
'uuid': team.uuid,
'title': team.title,
'org': team.organization.buid,
'org_uuid': team.organization.uuid,
'owners': team == team.organization.owners,
'member': False,
}
if teams:
userinfo['teams'] = list(teams.values())
if get_permissions:
if auth_client.user:
perms = AuthClientUserPermissions.get(auth_client=auth_client,
user=user)
if perms:
userinfo['permissions'] = perms.access_permissions.split(' ')
else:
permsset = set()
if user.teams:
perms = AuthClientTeamPermissions.all_for(
auth_client=auth_client, user=user).all()
for permob in perms:
permsset.update(permob.access_permissions.split(' '))
userinfo['permissions'] = sorted(permsset)
return userinfo
def permission_user_edit(auth_client, kwargs):
if auth_client.user:
user = User.get(buid=kwargs['buid'])
if not user:
abort(404)
permassign = AuthClientUserPermissions.get(auth_client=auth_client,
user=user)
if not permassign:
abort(404)
elif auth_client.organization:
team = Team.get(buid=kwargs['buid'])
if not team:
abort(404)
permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
team=team)
if not permassign:
abort(404)
form = PermissionEditForm()
if request.method == 'GET':
if permassign:
form.perms.data = permassign.access_permissions
if form.validate_on_submit():
perms = ' '.join(sorted(form.perms.data.split()))
if not perms:
db.session.delete(permassign)
else:
permassign.access_permissions = perms
db.session.commit()
if perms:
if auth_client.user:
flash(
_("Permissions have been updated for user {pname}").format(
pname=user.pickername),
'success',
)
else:
flash(
_("Permissions have been updated for team {title}").format(
title=team.title),
'success',
)
else:
if auth_client.user:
flash(
_("All permissions have been revoked for user {pname}").
format(pname=user.pickername),
'success',
)
else:
flash(
_("All permissions have been revoked for team {title}").
format(title=team.title),
'success',
)
return render_redirect(url_for('.client_info', key=auth_client.buid),
code=303)
return render_form(
form=form,
title=_("Edit permissions"),
formid='perm_edit',
submit=_("Save changes"),
ajax=True,
)
def make_fixtures(self):
"""
Create users, attach them to organizations. Create test client app, add test
resource, action and message.
"""
crusoe = User(username="******", fullname="Crusoe Celebrity Dachshund")
oakley = User(username="******")
piglet = User(username="******")
nameless = User(fullname="Nameless")
db.session.add_all([crusoe, oakley, piglet, nameless])
self.crusoe = crusoe
self.oakley = oakley
self.piglet = piglet
self.nameless = nameless
crusoe_email = UserEmail(
email="*****@*****.**", user=crusoe, primary=True
)
crusoe_phone = UserPhone(phone="+8080808080", user=crusoe, primary=True)
oakley_email = UserEmail(email="*****@*****.**", user=oakley)
db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
self.crusoe_email = crusoe_email
self.crusoe_phone = crusoe_phone
batdog = Organization(name='batdog', title='Batdog')
batdog.owners.users.append(crusoe)
db.session.add(batdog)
self.batdog = batdog
specialdachs = Organization(name="specialdachs", title="Special Dachshunds")
specialdachs.owners.users.append(oakley)
db.session.add(specialdachs)
self.specialdachs = specialdachs
auth_client = AuthClient(
title="Batdog Adventures",
organization=batdog,
confidential=True,
namespace='fun.batdogadventures.com',
website="http://batdogadventures.com",
)
db.session.add(auth_client)
self.auth_client = auth_client
dachshunds = Team(title="Dachshunds", organization=batdog)
db.session.add(dachshunds)
self.dachshunds = dachshunds
auth_client_team_permissions = AuthClientTeamPermissions(
team=dachshunds, auth_client=auth_client, access_permissions="admin"
)
self.auth_client_team_permissions = auth_client_team_permissions
db.session.add(auth_client_team_permissions)
auth_client_user_permissions = AuthClientUserPermissions(
user=crusoe, auth_client=auth_client
)
db.session.add(auth_client_user_permissions)
self.auth_client_user_permissions = auth_client_user_permissions
message = SMSMessage(
phone_number=crusoe_phone.phone,
transactionid="Ruff" * 5,
message="Wuff Wuff",
)
db.session.add(message)
db.session.commit()
self.message = message