From 91a26793f547b8eb071e84b6694ede2a9eec3709 Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Fri, 10 Nov 2017 10:38:33 -0500 Subject: [PATCH 1/6] Remove trailing dot in url --- app/config/staging.default.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/staging.default.py b/app/config/staging.default.py index 36a1f6d..21bdbcb 100644 --- a/app/config/staging.default.py +++ b/app/config/staging.default.py @@ -17,7 +17,7 @@ SERVICE_CONFIG = { 'app_secret': 'x-blocpower-app-secret'}, 'urls': { 'app': 'http://staging.app.s.blocpower.us', - 'user': 'http://staging.user.s.blocpower.us.' + 'user': 'http://staging.user.s.blocpower.us' } } -- GitLab From d53ab01dea878a9b346325d39873162eec91de80 Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Wed, 15 Nov 2017 11:30:29 -0500 Subject: [PATCH 2/6] Add permissions and groups to flask.g --- app/permissions/authorization.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/app/permissions/authorization.py b/app/permissions/authorization.py index fcb5a1c..a3b9c8c 100644 --- a/app/permissions/authorization.py +++ b/app/permissions/authorization.py @@ -26,19 +26,20 @@ def secured(f): from flask import session auth0_header = current_app.config.get('AUTH0_AUTH_HEADER') - headers = {} - headers[auth0_header] = request.headers.get(auth0_header) - params = {'permissions': 'true'} + headers = {auth0_header: request.headers.get(auth0_header)} + params = {'expand': ''} - response = services.user.get('/user/{}'.format(g.sub), params=params, headers=headers) + response = services.user.get('/user/{}'.format(g.sub), headers=headers, params=params) if not response.status_code == 200: raise Unauthorized data = response.json() - permissions = data['data'][g.sub]['permissions'] + g.permissions = data['data'][g.sub]['permissions'] + g.groups = data['data'][g.sub]['groups'] + action_resource = '{action}::{resource}'.format(action=action, resource=resource) - if action_resource not in permissions: + if action_resource not in g.permissions: raise Unauthorized else: -- GitLab From d622657f3cc69073f61a4af0b20a6421fbf79b6c Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Wed, 15 Nov 2017 11:32:43 -0500 Subject: [PATCH 3/6] Update bpvalve version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c824063..7f1e1df 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ arrow==0.7.0 blessed==1.9.5 botocore==1.5.48 -git+ssh://git@github.com/Blocp/bpvalve.git@v1.2.0 +git+ssh://git@github.com/Blocp/bpvalve.git@v1.3.0 cement==2.4.0 colorama==0.3.3 docker-py==1.1.0 -- GitLab From 3f5560dd389ab9b00fc5f6ca563d679018e4df64 Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Wed, 15 Nov 2017 11:34:15 -0500 Subject: [PATCH 4/6] Rename variable to REST_TO_CRUD --- app/permissions/authorization.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/permissions/authorization.py b/app/permissions/authorization.py index a3b9c8c..58af320 100644 --- a/app/permissions/authorization.py +++ b/app/permissions/authorization.py @@ -4,7 +4,7 @@ from flask import current_app, g, request from werkzeug.exceptions import Unauthorized from ..lib.service import services -CRUD_TO_REST = { +REST_TO_CRUD = { 'POST': 'create', 'GET': 'read', 'PUT': 'update', # TODO: if no id 'create' @@ -19,7 +19,7 @@ def secured(f): if g.sub is not None: current_app.logger.info('{} accessing {}'.format(g.sub, request.endpoint)) - action = CRUD_TO_REST[request.method] + action = REST_TO_CRUD[request.method] resource = request.endpoint.split(':').pop(0) if resource.endswith('View'): resource = resource[:-4] -- GitLab From 177af04b84705b7ced351f3315cbe7dc7cc48771 Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Wed, 15 Nov 2017 15:57:58 -0500 Subject: [PATCH 5/6] Add user prefix to groups and permissions variable --- app/permissions/authorization.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/permissions/authorization.py b/app/permissions/authorization.py index 58af320..cc93908 100644 --- a/app/permissions/authorization.py +++ b/app/permissions/authorization.py @@ -35,11 +35,11 @@ def secured(f): data = response.json() - g.permissions = data['data'][g.sub]['permissions'] - g.groups = data['data'][g.sub]['groups'] + g.user_permissions = data['data'][g.sub]['permissions'] + g.user_groups = data['data'][g.sub]['groups'] action_resource = '{action}::{resource}'.format(action=action, resource=resource) - if action_resource not in g.permissions: + if action_resource not in g.user_permissions: raise Unauthorized else: -- GitLab From ab99afcdfcdeb6c08d92cabce97bbeb0984b8197 Mon Sep 17 00:00:00 2001 From: Alessandro DiMarco Date: Thu, 16 Nov 2017 11:33:20 -0500 Subject: [PATCH 6/6] Add user group model --- app/models/base.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/base.py b/app/models/base.py index c4470e2..bb0f150 100644 --- a/app/models/base.py +++ b/app/models/base.py @@ -64,6 +64,10 @@ class User: user_modified = db.Column(db.String(64)) +class UserGroup: + user_group = db.Column(db.String(36)) + + class Tracked(object): """A mixin to include tracking datetime fields.""" created = db.Column(columns.Arrow, default=func.now()) -- GitLab