Load flask principal permissions even for web and api endpoints.

2013-09-26 16:32:09 -04:00 · 2013-09-26 16:32:09 -04:00 · 9278871381
commit 9278871381
parent 23cbcb2979
6 changed files with 33 additions and 15 deletions
--- a/auth/permissions.py
+++ b/auth/permissions.py
@ -1,6 +1,7 @@
 import logging

 from flask.ext.principal import identity_loaded, UserNeed, Permission
+from flask.ext.login import current_user
 from collections import namedtuple
 from functools import partial

@ -42,22 +43,30 @@ class UserPermission(Permission):
 def on_identity_loaded(sender, identity):
  logger.debug('Identity loaded: %s' % identity)
  # We have verified an identity, load in all of the permissions
-  if get_authenticated_user():
-    identity.provides.add(UserNeed(get_authenticated_user().username))

-    for user in model.get_all_repo_permissions(get_authenticated_user()):
+  if identity.auth_type == 'username':
+    logger.debug('Computing permissions for user: %s' % identity.id)
+
+    user_object = model.get_user(identity.id)
+
+    identity.provides.add(UserNeed(user_object.username))
+    for user in model.get_all_repo_permissions(user_object):
      grant = _RepositoryNeed(user.repositorypermission.repository.namespace,
                              user.repositorypermission.repository.name,
                              user.repositorypermission.role.name)
      logger.debug('User added permission: {0}'.format(grant))
      identity.provides.add(grant)

-  if get_validated_token():
-    query = model.get_user_repo_permissions(get_validated_token().user,
-                                            get_validated_token().repository)
+  elif identity.auth_type == 'token':
+    logger.debug('Computing permissions for token: %s' % identity.id)
+
+    token = model.get_token(identity.id)
+    query = model.get_user_repo_permissions(token.user, token.repository)
    for permission in query:
-      t_grant = _RepositoryNeed(get_validated_token().repository.namespace,
-                                get_validated_token().repository.name,
-                                permission.role.name)
+      t_grant = _RepositoryNeed(token.repository.namespace,
+                                token.repository.name, permission.role.name)
      logger.debug('Token added permission: {0}'.format(t_grant))
      identity.provides.add(t_grant)
+
+  else:
+    logger.error('Unknown identity auth type: %s' % identity.auth_type)