User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.
This commit is contained in:
jakedt
parent
c93c62600d
commit
3b7b12085d
6 changed files with 103 additions and 76 deletions
|
|
@ -4,6 +4,8 @@ from flask.ext.principal import identity_loaded, Permission, Identity, identity_
|
|||
from collections import namedtuple, defaultdict
|
||||
from functools import partial
|
||||
|
||||
import scopes
|
||||
|
||||
from data import model
|
||||
from app import app
|
||||
|
||||
|
|
@ -31,22 +33,22 @@ TEAM_REPO_ROLES = {
|
|||
|
||||
SCOPE_MAX_REPO_ROLES = defaultdict(lambda: None)
|
||||
SCOPE_MAX_REPO_ROLES.update({
|
||||
'repo:read': 'read',
|
||||
'repo:write': 'write',
|
||||
'repo:admin': 'admin',
|
||||
'direct_user_login': 'admin',
|
||||
scopes.READ_REPO: 'read',
|
||||
scopes.WRITE_REPO: 'write',
|
||||
scopes.ADMIN_REPO: 'admin',
|
||||
scopes.DIRECT_LOGIN: 'admin',
|
||||
})
|
||||
|
||||
SCOPE_MAX_TEAM_ROLES = defaultdict(lambda: None)
|
||||
SCOPE_MAX_TEAM_ROLES.update({
|
||||
'repo:create': 'creator',
|
||||
'direct_user_login': 'admin',
|
||||
scopes.CREATE_REPO: 'creator',
|
||||
scopes.DIRECT_LOGIN: 'admin',
|
||||
})
|
||||
|
||||
SCOPE_MAX_USER_ROLES = defaultdict(lambda: None)
|
||||
SCOPE_MAX_USER_ROLES.update({
|
||||
'user:read': 'admin',
|
||||
'direct_user_login': 'admin',
|
||||
scopes.READ_USER: 'read',
|
||||
scopes.DIRECT_LOGIN: 'admin',
|
||||
})
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue