Add scopes to many org admin methods and remove the internal_only on ones we can now expose
This commit is contained in:
Joseph Schorr
parent
53fb7f4136
commit
4fd249589d
6 changed files with 39 additions and 19 deletions
|
|
@ -1,9 +1,11 @@
|
|||
from flask import request
|
||||
|
||||
from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
|
||||
log_action, Unauthorized, NotFound, internal_only, path_param)
|
||||
log_action, Unauthorized, NotFound, internal_only, path_param,
|
||||
require_scope)
|
||||
from auth.permissions import AdministerOrganizationPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from data import model
|
||||
|
||||
|
||||
|
|
@ -55,7 +57,6 @@ def log_prototype_action(action_kind, orgname, prototype, **kwargs):
|
|||
|
||||
@resource('/v1/organization/<orgname>/prototypes')
|
||||
@path_param('orgname', 'The name of the organization')
|
||||
@internal_only
|
||||
class PermissionPrototypeList(ApiResource):
|
||||
""" Resource for listing and creating permission prototypes. """
|
||||
schemas = {
|
||||
|
|
@ -116,6 +117,7 @@ class PermissionPrototypeList(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('getOrganizationPrototypePermissions')
|
||||
def get(self, orgname):
|
||||
""" List the existing prototypes for this organization. """
|
||||
|
|
@ -132,6 +134,7 @@ class PermissionPrototypeList(ApiResource):
|
|||
|
||||
raise Unauthorized()
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('createOrganizationPrototypePermission')
|
||||
@validate_json_request('NewPrototype')
|
||||
def post(self, orgname):
|
||||
|
|
@ -182,7 +185,6 @@ class PermissionPrototypeList(ApiResource):
|
|||
@resource('/v1/organization/<orgname>/prototypes/<prototypeid>')
|
||||
@path_param('orgname', 'The name of the organization')
|
||||
@path_param('prototypeid', 'The ID of the prototype')
|
||||
@internal_only
|
||||
class PermissionPrototype(ApiResource):
|
||||
""" Resource for managingin individual permission prototypes. """
|
||||
schemas = {
|
||||
|
|
@ -207,6 +209,7 @@ class PermissionPrototype(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('deleteOrganizationPrototypePermission')
|
||||
def delete(self, orgname, prototypeid):
|
||||
""" Delete an existing permission prototype. """
|
||||
|
|
@ -227,6 +230,7 @@ class PermissionPrototype(ApiResource):
|
|||
|
||||
raise Unauthorized()
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('updateOrganizationPrototypePermission')
|
||||
@validate_json_request('PrototypeUpdate')
|
||||
def put(self, orgname, prototypeid):
|
||||
|
|
|
|||
Reference in a new issue