User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.

2014-03-19 18:09:09 -04:00 · 2014-03-19 18:09:09 -04:00 · 3b7b12085d
commit 3b7b12085d
parent c93c62600d
6 changed files with 103 additions and 76 deletions
--- a/endpoints/api/init.py
+++ b/endpoints/api/init.py
@ -197,7 +197,7 @@ def require_user_permission(permission_class, scope=None):
      if not user:
        raise Unauthorized()

-      logger.debug('Checking permission %s for user', permission_class, user.username)
+      logger.debug('Checking permission %s for user %s', permission_class, user.username)
      permission = permission_class(user.username)
      if permission.can():
        return func(self, *args, **kwargs)
@ -212,7 +212,7 @@ require_user_admin = require_user_permission(UserAdminPermission, None)

 def require_scope(scope_object):
  def wrapper(func):
-    @add_method_metadata('oauth2_scope', scope_object['scope'])
+    @add_method_metadata('oauth2_scope', scope_object)
    @wraps(func)
    def wrapped(*args, **kwargs):
      return func(*args, **kwargs)