External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Move RBAC code to seperate file.

Browse Source
This commit is contained in:
Michael DeHaan 2013-03-21 00:34:59 -04:00
parent 060d7c307f
commit 8cae93c55f
2 changed files with 41 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/main/rbac.py Normal file
View File

@ -0,0 +1,39 @@
from lib.main.models import *
from lib.main.serializers import *
from rest_framework import permissions
from django.contrib.auth.models import AnonymousUser
# FIXME: this will probably need to be subclassed by object type
class CustomRbac(permissions.BasePermission):
def _common_user_check(self, request):
# no anonymous users
if type(request.user) == AnonymousUser:
return False
# superusers are always good
if request.user.is_superuser:
return True
# other users must have associated acom user records & be active
acom_user = User.objects.filter(auth_user = request.user)
if len(acom_user) != 1:
return False
if not acom_user[0].active:
return False
return True
def has_permission(self, request, view, obj=None):
if not self._common_user_check(request):
return False
if obj is None:
return True
else:
# haven't tested around these confines yet
raise Exception("FIXME")
def has_object_permission(self, request, view, obj):
if not self._common_user_check(request):
return False
# FIXME: TODO: verify the user is actually allowed to see this resource
return True

110
lib/main/views.py
View File

@ -1,56 +1,16 @@
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
#from rest_framework.renderers import JSONRenderer
#from rest_framework.parsers import JSONParser
from lib.main.models import *
from lib.main.serializers import *
from lib.main.rbac import *
from django.contrib.auth.models import AnonymousUser
from rest_framework import mixins
from rest_framework import generics
from rest_framework import permissions
#from rest_framework.authentication import authentication
# TODO: verify pagination
# TODO: how to add relative resources
# TODO:
class CustomRbac(permissions.BasePermission):
def _common_user_check(self, request):
# no anonymous users
if type(request.user) == AnonymousUser:
return False
# superusers are always good
if request.user.is_superuser:
return True
# other users must have associated acom user records & be active
acom_user = User.objects.filter(auth_user = request.user)
if len(acom_user) != 1:
return False
if not acom_user[0].active:
return False
return True
def has_permission(self, request, view, obj=None):
if not self._common_user_check(request):
return False
if obj is None:
return True
else:
# haven't tested around these confines yet
raise Exception("FIXME")
def has_object_permission(self, request, view, obj):
if not self._common_user_check(request):
return False
# FIXME: TODO: verify the user is actually allowed to see this resource
return True
class OrganizationsList(generics.ListCreateAPIView):
model = Organization
serializer_class = OrganizationSerializer
permission_classes = (CustomRbac,)
@ -59,6 +19,7 @@ class OrganizationsList(generics.ListCreateAPIView):
# obj.owner = self.request.user
def get_queryset(self):
if self.request.user.is_superuser:
return Organization.objects.filter(active=True)
return Organization.objects.filter(active = True, admins__in = [ self.request.user.application_user ]).distinct() | \
@ -74,72 +35,5 @@ class OrganizationsDetail(generics.RetrieveUpdateDestroyAPIView):
#def pre_save(self, obj):
# obj.owner = self.request.user
#class OrganizationsList(mixins.ListModelMixin, mixins.CreateModelMixin, generics.MultipleObjectAPIView):
#
# model = Organization
# serializer_class = OrganizationSerializer
#
# def get(self, request, *args, **kwargs):
# return self.list(request, *args, **kwargs)
#
# def post(self, request, *args, **kwargs):
# return self.create(request, *args, **kwargs)
#class JSONResponse(HttpResponse):
# """
# An HttpResponse that renders it's content into JSON.
# """
# def __init__(self, data, **kwargs):
# content = JSONRenderer().render(data)
# kwargs['content_type'] = 'application/json'
# super(JSONResponse, self).__init__(content, **kwargs)
#@csrf_exempt
#def organizations_list(request):
# """
# List all code snippets, or create a new snippet.
# """
# if request.method == 'GET':
# # TODO: FILTER
# organizations = Organization.objects.all()
# serializer = OrganizationSerializer(organizations, many=True)
# return JSONResponse(serializer.data)
#
# elif request.method == 'POST':
# data = JSONParser().parse(request)
# # TODO: DATA AUDIT
# serializer = OrganizationSerializer(data=data)
# if serializer.is_valid():
# serializer.save()
# return JSONResponse(serializer.data, status=201)
# else:
# return JSONResponse(serializer.errors, status=400)
#@csrf_exempt
#def snippet_detail(request, pk):
# """
# Retrieve, update or delete a code snippet.
# """
# try:
# snippet = Snippet.objects.get(pk=pk)
# except Snippet.DoesNotExist:
# return HttpResponse(status=404)
#
# if request.method == 'GET':
# serializer = SnippetSerializer(snippet)
# return JSONResponse(serializer.data)
#
# elif request.method == 'PUT':
# data = JSONParser().parse(request)
# serializer = SnippetSerializer(snippet, data=data)
# if serializer.is_valid():
# serializer.save()
# return JSONResponse(serializer.data)
# else:
# return JSONResponse(serializer.errors, status=400)
#
# elif request.method == 'DELETE':
# snippet.delete()
# return HttpResponse(status=204)