2014-03-19 22:09:09 +00:00
|
|
|
from collections import namedtuple
|
2015-06-28 08:22:34 +00:00
|
|
|
import features
|
2014-03-12 16:37:06 +00:00
|
|
|
|
2014-08-06 00:53:00 +00:00
|
|
|
Scope = namedtuple('scope', ['scope', 'icon', 'dangerous', 'title', 'description'])
|
2014-03-12 16:37:06 +00:00
|
|
|
|
|
|
|
|
2014-03-19 22:09:09 +00:00
|
|
|
READ_REPO = Scope(scope='repo:read',
|
|
|
|
icon='fa-hdd-o',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=False,
|
2014-03-19 22:09:09 +00:00
|
|
|
title='View all visible repositories',
|
|
|
|
description=('This application will be able to view and pull all repositories '
|
|
|
|
'visible to the granting user or robot account'))
|
|
|
|
|
|
|
|
WRITE_REPO = Scope(scope='repo:write',
|
|
|
|
icon='fa-hdd-o',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=False,
|
2014-03-19 22:09:09 +00:00
|
|
|
title='Read/Write to any accessible repositories',
|
|
|
|
description=('This application will be able to view, push and pull to all '
|
|
|
|
'repositories to which the granting user or robot account has '
|
|
|
|
'write access'))
|
|
|
|
|
|
|
|
ADMIN_REPO = Scope(scope='repo:admin',
|
|
|
|
icon='fa-hdd-o',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=False,
|
2014-03-19 22:09:09 +00:00
|
|
|
title='Administer Repositories',
|
|
|
|
description=('This application will have administrator access to all '
|
|
|
|
'repositories to which the granting user or robot account has '
|
|
|
|
'access'))
|
|
|
|
|
|
|
|
CREATE_REPO = Scope(scope='repo:create',
|
2014-08-06 00:53:00 +00:00
|
|
|
icon='fa-plus',
|
|
|
|
dangerous=False,
|
|
|
|
title='Create Repositories',
|
|
|
|
description=('This application will be able to create repositories in to any '
|
|
|
|
'namespaces that the granting user or robot account is allowed '
|
|
|
|
'to create repositories'))
|
2014-03-18 23:21:27 +00:00
|
|
|
|
2014-03-19 22:09:09 +00:00
|
|
|
READ_USER = Scope(scope= 'user:read',
|
|
|
|
icon='fa-user',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=False,
|
2014-03-19 22:09:09 +00:00
|
|
|
title='Read User Information',
|
|
|
|
description=('This application will be able to read user information such as '
|
|
|
|
'username and email address.'))
|
|
|
|
|
2014-08-06 00:53:00 +00:00
|
|
|
ORG_ADMIN = Scope(scope='org:admin',
|
2014-08-06 01:21:22 +00:00
|
|
|
icon='fa-gear',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=True,
|
|
|
|
title='Administer Organization',
|
|
|
|
description=('This application will be able to administer your organizations '
|
|
|
|
'including creating robots, creating teams, adjusting team '
|
|
|
|
'membership, and changing billing settings. You should have '
|
|
|
|
'absolute trust in the requesting application before granting this '
|
|
|
|
'permission.'))
|
2014-03-19 22:09:09 +00:00
|
|
|
|
|
|
|
DIRECT_LOGIN = Scope(scope='direct_user_login',
|
|
|
|
icon='fa-exclamation-triangle',
|
2014-08-06 00:53:00 +00:00
|
|
|
dangerous=True,
|
2014-03-19 22:09:09 +00:00
|
|
|
title='Full Access',
|
|
|
|
description=('This scope should not be available to OAuth applications. '
|
|
|
|
'Never approve a request for this scope!'))
|
|
|
|
|
2015-06-28 08:22:34 +00:00
|
|
|
SUPERUSER = Scope(scope='super:user',
|
|
|
|
icon='fa-street-view',
|
|
|
|
dangerous=True,
|
|
|
|
title='Super User Access',
|
|
|
|
description=('This application will be able to administer your installation '
|
|
|
|
'including managing users, managing organizations and other '
|
|
|
|
'features found in the superuser panel. You should have '
|
|
|
|
'absolute trust in the requesting application before granting this '
|
|
|
|
'permission.'))
|
2014-03-19 22:09:09 +00:00
|
|
|
|
2015-07-15 22:13:15 +00:00
|
|
|
ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
|
|
|
|
READ_USER, ORG_ADMIN, SUPERUSER)}
|
2014-03-19 22:09:09 +00:00
|
|
|
|
|
|
|
IMPLIED_SCOPES = {
|
|
|
|
ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
|
|
|
|
WRITE_REPO: {WRITE_REPO, READ_REPO},
|
|
|
|
READ_REPO: {READ_REPO},
|
|
|
|
CREATE_REPO: {CREATE_REPO},
|
|
|
|
READ_USER: {READ_USER},
|
2014-08-06 00:53:00 +00:00
|
|
|
ORG_ADMIN: {ORG_ADMIN},
|
2015-07-15 22:13:15 +00:00
|
|
|
SUPERUSER: {SUPERUSER},
|
2014-03-19 22:09:09 +00:00
|
|
|
None: set(),
|
|
|
|
}
|
2014-03-12 20:31:37 +00:00
|
|
|
|
2015-07-15 22:13:15 +00:00
|
|
|
|
|
|
|
def app_scopes(app_config):
|
|
|
|
if not app_config.get('FEATURE_SUPER_USERS', False):
|
|
|
|
scopes_from_config = dict(ALL_SCOPES)
|
|
|
|
del scopes_from_config[SUPERUSER.scope]
|
|
|
|
return scopes_from_config
|
|
|
|
return ALL_SCOPES
|
|
|
|
|
2014-03-12 20:31:37 +00:00
|
|
|
|
|
|
|
def scopes_from_scope_string(scopes):
|
2014-11-24 17:20:54 +00:00
|
|
|
if not scopes:
|
2014-11-25 00:40:03 +00:00
|
|
|
scopes = ''
|
2014-11-24 21:07:38 +00:00
|
|
|
|
2014-03-19 22:09:09 +00:00
|
|
|
return {ALL_SCOPES.get(scope, None) for scope in scopes.split(',')}
|
2014-03-12 20:31:37 +00:00
|
|
|
|
|
|
|
|
|
|
|
def validate_scope_string(scopes):
|
|
|
|
decoded = scopes_from_scope_string(scopes)
|
|
|
|
return None not in decoded and len(decoded) > 0
|
2014-03-14 22:57:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
def is_subset_string(full_string, expected_string):
|
|
|
|
""" Returns true if the scopes found in expected_string are also found
|
|
|
|
in full_string.
|
|
|
|
"""
|
|
|
|
full_scopes = scopes_from_scope_string(full_string)
|
2014-03-19 22:09:09 +00:00
|
|
|
full_implied_scopes = set.union(*[IMPLIED_SCOPES[scope] for scope in full_scopes])
|
2014-03-14 22:57:28 +00:00
|
|
|
expected_scopes = scopes_from_scope_string(expected_string)
|
2014-03-19 22:09:09 +00:00
|
|
|
return expected_scopes.issubset(full_implied_scopes)
|
|
|
|
|
2014-03-14 22:57:28 +00:00
|
|
|
|
|
|
|
def get_scope_information(scopes_string):
|
|
|
|
scopes = scopes_from_scope_string(scopes_string)
|
|
|
|
scope_info = []
|
|
|
|
for scope in scopes:
|
2014-03-18 21:05:27 +00:00
|
|
|
if scope:
|
|
|
|
scope_info.append({
|
2014-03-19 22:09:09 +00:00
|
|
|
'title': scope.title,
|
|
|
|
'scope': scope.scope,
|
|
|
|
'description': scope.description,
|
|
|
|
'icon': scope.icon,
|
2014-08-06 01:21:22 +00:00
|
|
|
'dangerous': scope.dangerous,
|
2014-03-19 22:09:09 +00:00
|
|
|
})
|
2014-03-14 22:57:28 +00:00
|
|
|
|
|
|
|
return scope_info
|