示例#1
0
 def wrapped(*args, **kwargs):
     # user has no roles or no roles that match
     if not current_user.get_roles() or not (
             list(set(roles) & set(current_user.get_roles()))):
         flash(
             "Not authorized. You do not have a role that allows access to this feature.",
             "warning",
         )
         return redirect(url_for("index"))
     return f(*args, **kwargs)
示例#2
0
    def _authenticate(self):
        app = self.get_app()
        assert app, "Please initialize your application into Flask-RBAC."
        assert self._role_model, "Please set role model before authenticate."
        assert self._user_model, "Please set user model before authenticate."
        assert self._user_loader, "Please set user loader before authenticate."

        current_user = self._user_loader()
        if current_user is not None and not isinstance(current_user, self._user_model):
            return jsonify({"jsonrpc": "2.0", "result": False, "error": "%s is not an instance of %s" %
                (current_user, self._user_model.__class__)}), 401

        endpoint = request.endpoint
        resource = app.view_functions.get(endpoint, None)

        if not resource:
            abort(404)

        method = request.method

        if not hasattr(current_user, 'get_roles'):
            roles = [anonymous]
        else:
            roles = current_user.get_roles()

        permit = self._check_permission(roles, method, resource)

        if not permit:
            return self._deny_hook()
示例#3
0
    def _authenticate(self):
        app = self.get_app()
        assert app, "Please initialize your application into Flask-RBAC."
        assert self._role_model, "Please set role model before authenticate."
        assert self._user_model, "Please set user model before authenticate."
        assert self._user_loader, "Please set user loader before authenticate."

        current_user = self._user_loader()
        if current_user is not None and not isinstance(current_user,
                                                       self._user_model):
            raise TypeError("%s is not an instance of %s" %
                            (current_user, self._user_model.__class__))

        endpoint = request.endpoint
        resource = app.view_functions.get(endpoint, None)

        if not resource:
            abort(404)

        method = request.method

        if not hasattr(current_user, 'get_roles'):
            roles = [anonymous]
        else:
            roles = current_user.get_roles()

        permit = self._check_permission(roles, method, resource)

        if not permit:
            return self._deny_hook()
示例#4
0
def register():

    current_user.add_role('test')
    result = current_user.remove_role('athor')
    print(current_user.get_roles())
    print(result)
    form = registerForm()

    if request.method == "POST":
        if form.validate_on_submit():
            hashPassword = generate_password_hash(
                form.password.data, method='sha256')
            newUser = Users(
                username=form.username.data,
                email=form.email.data, password=hashPassword)
            db.session.add(newUser)
            db.session.commit()
            return jsonify(
                code=301, message="Registration Succesful")
        else:
            return jsonify(
                code=401, message="Validation Error",
                errors=form.errors)

    return render_template("admin-login.html", form=form)
示例#5
0
    def _authenticate(self):
        app = self.get_app()
        assert app, "Please initialize your application into Flask-RBAC."
        assert self._role_model, "Please set role model before authenticate."
        assert self._user_model, "Please set user model before authenticate."
        assert self._user_loader, "Please set user loader before authenticate."

        current_user = self._user_loader()

        # Compatible with flask-login anonymous user
        if hasattr(current_user, '_get_current_object'):
            current_user = current_user._get_current_object()

        if (current_user is not None
                and not isinstance(current_user,
                                   (self._user_model, anonymous_model))):
            raise TypeError("%s is not an instance of %s" %
                            (current_user, self._user_model.__class__))

        resource = request.endpoint

        if not resource:
            abort(404)

        method = request.method

        if not hasattr(current_user, 'get_roles'):
            roles = [anonymous]
        else:
            roles = current_user.get_roles()

        permit = self._check_permission(roles, method, resource)

        if not permit:
            return self._deny_hook()
示例#6
0
 def decorated_view(*args, **kwargs):
     if not current_user.is_authenticated:
         return flask_app.login_manager.unauthorized()
     uroles = current_user.get_roles()
     if (len(set(roles).intersection(uroles)) == 0) and ("ANY"
                                                         not in roles):
         return flask_app.login_manager.unauthorized()
     return fn(*args, **kwargs)
示例#7
0
文件: __init__.py 项目: larikkai/PHoF
        def decorated_view(*args, **kwargs):
            if not (current_user and current_user.is_authenticated):
                return login_manager.unauthorized()

            if role not in current_user.get_roles(current_user.id):
                return login_manager.unauthorized()

            return func(*args, **kwargs)
示例#8
0
 def check(*args, **kwargs):
     if current_user.is_authenticated:
         if role in current_user.get_roles():
             return function(*args, **kwargs)
         else:
             if role == "Merchant":
                 flash('Permission Denied', "danger")
                 if "Admin" in current_user.get_roles():
                     return redirect(url_for("admin.login"))
                 elif "Delivery" in current_user.get_roles():
                     return redirect(url_for("delivery.login"))
                 elif "User" in current_user.get_roles():
                     return redirect(url_for(".login"))
             else:
                 flash('Permission Denied', "danger")
                 return redirect(url_for(".dashboard"))
     return redirect(url_for(".login"))
示例#9
0
 def decorated_view(*args, **kwargs):
     if not current_user.is_authenticated:
         return login.unauthorized()
     urole = current_user.get_roles()
     if ((roles[0] not in urole) and (roles[0] != "ANY")
             and (roles[1] not in urole) and (roles[0] != "ANY")):
         print("Error!!!")
         return login.unauthorized_callback()
     return fn(*args, **kwargs)
示例#10
0
def navbar_access():
    uroles = current_user.get_roles()
    user_access = {}
    for page, auth_roles in PAGE_ACCESS.items():
        if (len(set(uroles).intersection(auth_roles)) > 0) or ("ANY"
                                                               in auth_roles):
            user_access[page] = True
        else:
            user_access[page] = False
    return user_access
示例#11
0
        def wrapped(*args, **kwargs):
            # Store whether or not the user is authenticated
            authenticated = current_user.is_authenticated

            # Check for an authenticated user with the proper roles
            if authenticated and set(roles).issubset(current_user.get_roles()):
                return f(*args, **kwargs)

            # Abort at this point as the user is not authorized
            abort(401)
示例#12
0
 def get_roles(self):
     try:
         if current_user.is_superuser():
             return super().get_roles()
     except AttributeError:
         pass
     user_roles = current_user.get_roles()
     roles = super().get_roles()
     return {
         key: list(set(values) & set(user_roles))
         for key, values in roles.items()
     }
        def func_wrapper(*args, **kwargs):
            if config.LOGIN_DISABLED == 'True':
                return func(*args, **kwargs)
            if current_user.is_authenticated:
                current_app.logger.info('LIST OF ROLES: ' + str(current_user.get_roles()))
                if current_user.has_role(role):
                    return func(*args, **kwargs)
                else:
                    error = errors.get("verification_ui", "ADFS_ROLE_LOGGED_IN_ERROR", filler=str(role))

                    raise ApplicationError(*error)
            else:
                raise ApplicationError(*errors.get("verification_ui", "ADFS_ROLE_LOGGED_OUT_ERROR", filler=str(role)))
示例#14
0
def user_info():
    prepare = {
        "id": current_user.get_id(),
        "email": current_user.email,
        "username": current_user.username,
        "password_hash": current_user.password_hash,
        "is_active": current_user.is_active,
        "is_anonymous": current_user.is_anonymous,
        "is_authenticated": current_user.is_authenticated,
        "metadata": current_user.metadata.info,
        "uroles": current_user.get_roles(),
    }
    return jsonify(prepare)
示例#15
0
def messages_delete(message_id):
  m = Message.query.get(message_id)
  topic_id = m.topic_id

  if "ADMIN" not in current_user.get_roles():
    if str(m.account_id) != str(current_user.id):
      return redirect(url_for('messages_index', topic_id = topic_id))
  
  # if user is ADMIN or the creator of the message
  db.session().delete(m)
  db.session().commit()

  return redirect(url_for('messages_index', topic_id = topic_id))
示例#16
0
def get_highest_role():
    """ If a user has more than one role pick the `highest` role

    :rtype string
    :return the role name for the current_user or None
    """
    try:
        roles = current_user.get_roles()
    except Exception:
        return None

    if ROLE_ADMIN in roles:
        return ROLE_ADMIN
    if ROLE_TECHNICIAN in roles:
        return ROLE_TECHNICIAN
    return None
示例#17
0
def profile_delete(account_id):
    # Tarkista että käyttäjän oma profiili
    if "ADMIN" not in current_user.get_roles():
        if str(current_user.id) != str(account_id):
            return redirect(
                url_for('profile_settings', account_id=current_user.id))

    # Hae user. Päivitä ennen jokaista jos tarve
    u = User.query.get(account_id)

    # Poista Category jonka account_id on account_id
    categories = u.categories
    for c in categories:
        c_topics = c.topics
        # Poista kategorian topicit
        for t in c_topics:
            c_t_messages = t.messages
            # Poista topicin viestit
            for m in c_t_messages:
                db.session().delete(m)
            db.session().delete(t)
        db.session().delete(c)

    # Poista Role jonka account_id on account_id
    roles = u.roles
    for r in roles:
        db.session().delete(r)

    # Poista Topic jonka account_id on account_id
    topics = u.topics
    for t in topics:
        t_messages = t.messages
        # Poista topicin viestit
        for m in t_messages:
            db.session().delete(m)
        db.session().delete(t)

    # Poista Message, jonka account_id on account_id
    messages = u.messages
    for m in messages:
        db.session().delete(m)

    # POISTA LOPUKSI USER
    db.session().delete(u)
    db.session().commit()

    return redirect(url_for('categories_index'))
示例#18
0
def login():
    if current_user.is_authenticated:
        return (403, 'USER_ALREADY_LOGGED_IN')

    email = request.form['email']
    password = request.form['password']
    remember = request.form['remember']
    user = User.get(User.email == email)
    if bcrypt.check_password_hash(user.password, password):
        login_user(user, remember=remember)
        data = model_to_dict(user, exclude=[User.password])

        if current_user.has_role('ADMIN'):
            data['roles'] = current_user.get_roles()
        else:
            data['roles'] = []

        return data

    return abort(401, 'INCORRECT_PASSWORD')
示例#19
0
def get_role_landing_page():
    """
    Get the landing page for a user with specific role
    :return None if the
    """
    if not hasattr(current_user, 'roles'):
        return None

    roles = current_user.get_roles()

    if ROLE_ADMIN in roles:
        role_landing_page = url_for('admin')
    elif ROLE_TECHNICIAN in roles:
        role_landing_page = url_for('start_upload')
    elif ROLE_RESEARCHER_ONE in roles:
        role_landing_page = url_for('researcher_one')
    elif ROLE_RESEARCHER_TWO in roles:
        role_landing_page = url_for('researcher_two')

    return request.args.get('next') or role_landing_page
示例#20
0
def get_role_landing_page():
    """
    Get the landing page for a user with specific role
    :return None if the
    """
    if not hasattr(current_user, 'roles'):
        return None

    roles = current_user.get_roles()

    if ROLE_ADMIN in roles:
        role_landing_page = url_for('admin')
    elif ROLE_TECHNICIAN in roles:
        role_landing_page = url_for('start_upload')
    elif ROLE_RESEARCHER_ONE in roles:
        role_landing_page = url_for('researcher_one')
    elif ROLE_RESEARCHER_TWO in roles:
        role_landing_page = url_for('researcher_two')

    return request.args.get('next') or role_landing_page
示例#21
0
        def decorated_view(*args, **kwargs):
            if not current_user:
                return login_manager.unauthorized()

            if not current_user.is_authenticated:
                return login_manager.unauthorized()

            unauthorized = False

            if role != "ANY":
                unauthorized = True

                for user_role in current_user.get_roles():
                    if user_role == role:
                        unauthorized = False
                        break

            if unauthorized:
                return login_manager.unauthorized()

            return fn(*args, **kwargs)
示例#22
0
def get_highest_role():
    """ If a user has more than one role pick the `highest` role

    :rtype string
    :return the role name for the current_user or None
    """

    try:
        roles = current_user.get_roles()
    except Exception as exc:
        app.logger.debug("get_highest_role() problem: {}".format(exc))
        return None

    if ROLE_ADMIN in roles:
        return ROLE_ADMIN
    if ROLE_TECHNICIAN in roles:
        return ROLE_TECHNICIAN
    if ROLE_RESEARCHER_ONE in roles:
        return ROLE_RESEARCHER_ONE
    if ROLE_RESEARCHER_TWO in roles:
        return ROLE_RESEARCHER_TWO
    return None
示例#23
0
def get_highest_role():
    """ If a user has more than one role pick the `highest` role

    :rtype string
    :return the role name for the current_user or None
    """

    try:
        roles = current_user.get_roles()
    except Exception as exc:
        app.logger.debug("get_highest_role() problem: {}".format(exc))
        return None

    if ROLE_ADMIN in roles:
        return ROLE_ADMIN
    if ROLE_TECHNICIAN in roles:
        return ROLE_TECHNICIAN
    if ROLE_RESEARCHER_ONE in roles:
        return ROLE_RESEARCHER_ONE
    if ROLE_RESEARCHER_TWO in roles:
        return ROLE_RESEARCHER_TWO
    return None
示例#24
0
    def _authenticate(self):
        app = self.get_app()
        assert app, "Please initialize your application into Flask-RBAC."
        assert self._role_model, "Please set role model before authenticate."
        assert self._user_model, "Please set user model before authenticate."
        assert self._user_loader, "Please set user loader before authenticate."

        current_user = self._user_loader()

        # Compatible with flask-login anonymous user
        if hasattr(current_user, '_get_current_object'):
            current_user = current_user._get_current_object()

        if (current_user is not None
                and not isinstance(current_user,
                                   (self._user_model, anonymous_model))):
            raise TypeError(
                "%s is not an instance of %s" %
                (current_user, self._user_model.__class__))

        resource = request.endpoint

        if not resource:
            abort(404)

        method = request.method

        if not hasattr(current_user, 'get_roles'):
            roles = [anonymous]
        else:
            roles = current_user.get_roles()

        permit = self._check_permission(roles, method, resource)

        if not permit:
            return self._deny_hook()
示例#25
0
文件: server.py 项目: jprester/pyfra
    def _fn():

        is_authorized = any(
            [role in current_user.get_roles() for role in allowed_roles])

        if not is_authorized:
            flash("You are not authorized to view this page.")
            return redirect(url_for('index'))

        if has_form:
            form = form_class()()

            html = ""
            if form.validate_on_submit():
                data = {
                    field.name: field.data
                    for field in form
                    if field.name not in ["submit", "csrf_token"]
                }

                ret = callback(data)
                html = ret if ret is not None else ""

                if redirect_index:
                    flash("Form successfully submitted")
                    return redirect(url_for('index'))
        else:
            html = callback({})
            form = None

        return render_template_string(fread(template_path /
                                            'form_template.html'),
                                      body=html,
                                      form=form,
                                      title=pretty_name,
                                      has_form=has_form)
示例#26
0
def get_authorized():
    roles = [role.name for role in current_user.get_roles()]

    return jsonify({'status': 200, 'message': HTTP_STATUS_CODES[200], 'roles': roles}), 200
 def funcao_decorada(*args, **kwargs):
     if not any([role in current_user.get_roles() for role in roles]):
         return redirect(url_for('denied'))
     return f(*args, **kwargs)
示例#28
0
 def is_accessible(self):
     return 'dev' in current_user.get_roles(
     ) if current_user.is_authenticated else False
示例#29
0
 def endpoints(self):
     if current_user.is_superuser():
         return super().endpoints()
     user_roles = current_user.get_roles()
     endpoints = super().endpoints()
     return self._filter(endpoints, user_roles)
示例#30
0
文件: server.py 项目: jprester/pyfra
 def is_accessible(self):
     return "admin" in current_user.get_roles()
示例#31
0
文件: server.py 项目: jprester/pyfra
def index():
    roles = current_user.get_roles()
    pages = registry.get_pages(roles)
    return render_template('index.html', pages=pages)