Fix some permissions problems still around due to some usage of scopes as strings.

2014-03-19 18:21:58 -04:00 · 2014-03-19 18:21:58 -04:00 · 0992c8a47e
commit 0992c8a47e
parent 3b7b12085d
4 changed files with 12 additions and 6 deletions
--- a/auth/auth.py
+++ b/auth/auth.py
@ -54,7 +54,7 @@ def process_basic_auth(auth):
      set_authenticated_user(robot)
      
      deferred_robot = QuayDeferredPermissionUser(robot.username, 'username',
-                                                  {'direct_user_login'})
+                                                  {scopes.DIRECT_LOGIN})
      identity_changed.send(app, identity=deferred_robot)
      return
    except model.InvalidRobotException:
@ -68,7 +68,7 @@ def process_basic_auth(auth):
      set_authenticated_user(authenticated)

      new_identity = QuayDeferredPermissionUser(authenticated.username, 'username',
-                                                {'direct_user_login'})
+                                                {scopes.DIRECT_LOGIN})
      identity_changed.send(app, identity=new_identity)
      return

@ -152,7 +152,7 @@ def process_oauth(f):
    elif not current_user.is_anonymous():
      logger.debug('Loading user from cookie: %s', current_user.get_id())
      set_authenticated_user_deferred(current_user.get_id())
-      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {'direct_user_login'})
+      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
      identity_changed.send(app, identity=loaded)
    else:
      logger.debug('No auth header or login cookie.')
--- a/auth/permissions.py
+++ b/auth/permissions.py
@ -217,7 +217,7 @@ def on_identity_loaded(sender, identity):

  elif identity.auth_type == 'username':
    logger.debug('Switching username permission to deferred object: %s', identity.id)
-    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username', {'direct_user_login'})
+    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username', {scopes.DIRECT_LOGIN})
    identity_changed.send(app, identity=switch_to_deferred)

  elif identity.auth_type == 'token':
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -12,6 +12,7 @@ from data import model
 from data.queue import dockerfile_build_queue
 from app import app, login_manager
 from auth.permissions import QuayDeferredPermissionUser
+from auth import scopes
 from endpoints.api.discovery import swagger_route_data
 from werkzeug.routing import BaseConverter

@ -70,7 +71,7 @@ class _LoginWrappedDBUser(UserMixin):
 def common_login(db_user):
  if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
    logger.debug('Successfully signed in as: %s' % db_user.username)
-    new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {'direct_user_login'})
+    new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {scopes.DIRECT_LOGIN})
    identity_changed.send(app, identity=new_identity)
    return True
  else:
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -32,7 +32,12 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                      RepositoryTeamPermissionList, RepositoryUserPermissionList)

-app.register_blueprint(api_bp, url_prefix='/api')
+try:
+  app.register_blueprint(api_bp, url_prefix='/api')
+except ValueError:
+  # This blueprint was already registered
+  pass
+
 app.register_blueprint(webhooks, url_prefix='/webhooks')

 NO_ACCESS_USER = 'freshuser'