def on_identity_loaded(sender, identity): """Add admin and project participation roles. If user is authenticated and user has admin role in systenant, he has role admin permission. If user is authenticated and user participates in a tenant, he has project member permission. Exclude endpoints which do not require authentication/authorization. """ is_anon = identity.name == 'anon' loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED'] is_loose = flask.request.endpoint in loose_endpoints if is_loose or is_anon: return roles = (clients.admin_clients().identity_admin.roles. roles_for_user(identity.name)) is_admin = False for role_tenant in roles: if clients.role_tenant_is_admin(role_tenant): is_admin = True if clients.role_is_member(role_tenant.role["name"]): identity.provides.add( ('role', 'member', role_tenant.tenant["id"])) if is_admin: identity.provides.add(('role', 'admin'))
def on_identity_loaded(sender, identity): """Add admin and project participation roles. If user is authenticated and user has admin role in systenant, he has role admin permission. If user is authenticated and user participates in a tenant, he has project member permission. Exclude endpoints which do not require authentication/authorization. """ is_anon = identity.name == 'anon' loose_endpoints = flask.current_app.config['ANONYMOUS_ALLOWED'] is_loose = flask.request.endpoint in loose_endpoints if is_loose or is_anon: return roles = (clients.admin_clients().identity_admin.roles.roles_for_user( identity.name)) is_admin = False for role_tenant in roles: if clients.role_tenant_is_admin(role_tenant): is_admin = True if clients.role_is_member(role_tenant.role["name"]): identity.provides.add(('role', 'member', role_tenant.tenant["id"])) if is_admin: identity.provides.add(('role', 'admin'))
def index(): """List users. TODO(apugachev): find way to count users without fetching all users. This would allow to use marker and limit to fetch one page only. """ identity_admin = clients.admin_clients().identity_admin users = sorted( identity_admin.users.list(limit=1000000), key=lambda x: x.name) p = pagination.Pagination(users) data = p.slice(users) potential_admins = set([ user.id for user in (identity_admin.users.list(clients.get_systenant_id()))]) for user in data: # TODO(apugachev) modify to work with form.DeleteUser form = forms.DeleteUserForm() form.user_id.data = user.id user.delete_form = form if user.id in potential_admins: for role in (identity_admin.roles. roles_for_user(user.id)): if clients.role_tenant_is_admin(role): user.is_global_admin = True break return { 'pagination': p, 'data': data, 'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(), 'subtitle': 'List of users' }
def index(): """List users. TODO(apugachev): find way to count users without fetching all users. This would allow to use marker and limit to fetch one page only. """ identity_admin = clients.admin_clients().identity_admin users = sorted(identity_admin.users.list(limit=1000000), key=lambda x: x.name) p = pagination.Pagination(users) data = p.slice(users) potential_admins = set([ user.id for user in (identity_admin.users.list(clients.get_systenant_id())) ]) for user in data: # TODO(apugachev) modify to work with form.DeleteUser form = forms.DeleteUserForm() form.user_id.data = user.id user.delete_form = form if user.id in potential_admins: for role in (identity_admin.roles.roles_for_user(user.id)): if clients.role_tenant_is_admin(role): user.is_global_admin = True break return { 'pagination': p, 'data': data, 'title': bp.name.replace('global_', '').replace('_', ' ').capitalize(), 'subtitle': 'List of users' }