Add UUID to User model and use in cookie.
This commit is contained in:
Jimmy Zelinskie
Jimmy Zelinskie
parent
b3886570eb
commit
9d677b8eb3
8 changed files with 91 additions and 61 deletions
|
|
@ -58,8 +58,8 @@ SCOPE_MAX_USER_ROLES.update({
|
|||
|
||||
|
||||
class QuayDeferredPermissionUser(Identity):
|
||||
def __init__(self, db_id, auth_type, scopes):
|
||||
super(QuayDeferredPermissionUser, self).__init__(db_id, auth_type)
|
||||
def __init__(self, id, auth_type, scopes):
|
||||
super(QuayDeferredPermissionUser, self).__init__(id, auth_type)
|
||||
|
||||
self._permissions_loaded = False
|
||||
self._scope_set = scopes
|
||||
|
|
@ -88,14 +88,14 @@ class QuayDeferredPermissionUser(Identity):
|
|||
def can(self, permission):
|
||||
if not self._permissions_loaded:
|
||||
logger.debug('Loading user permissions after deferring.')
|
||||
user_object = model.get_user_by_id(self.id)
|
||||
user_object = model.get_user_by_uuid(self.id)
|
||||
|
||||
# Add the superuser need, if applicable.
|
||||
if (user_object.username is not None and
|
||||
user_object.username in app.config.get('SUPER_USERS', [])):
|
||||
self.provides.add(_SuperUserNeed())
|
||||
|
||||
# Add the user specific permissions, only for non-oauth permission
|
||||
# Add the user specific permissions, only for non-oauth permission
|
||||
user_grant = _UserNeed(user_object.username, self._user_role_for_scopes('admin'))
|
||||
logger.debug('User permission: {0}'.format(user_grant))
|
||||
self.provides.add(user_grant)
|
||||
|
|
@ -217,7 +217,7 @@ class ViewTeamPermission(Permission):
|
|||
team_admin = _TeamNeed(org_name, team_name, 'admin')
|
||||
team_creator = _TeamNeed(org_name, team_name, 'creator')
|
||||
team_member = _TeamNeed(org_name, team_name, 'member')
|
||||
admin_org = _OrganizationNeed(org_name, 'admin')
|
||||
admin_org = _OrganizationNeed(org_name, 'admin')
|
||||
super(ViewTeamPermission, self).__init__(team_admin, team_creator,
|
||||
team_member, admin_org)
|
||||
|
||||
|
|
@ -228,11 +228,11 @@ def on_identity_loaded(sender, identity):
|
|||
# We have verified an identity, load in all of the permissions
|
||||
|
||||
if isinstance(identity, QuayDeferredPermissionUser):
|
||||
logger.debug('Deferring permissions for user: %s', identity.id)
|
||||
logger.debug('Deferring permissions for user with uuid: %s', identity.id)
|
||||
|
||||
elif identity.auth_type == 'user_db_id':
|
||||
logger.debug('Switching username permission to deferred object: %s', identity.id)
|
||||
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_db_id', {scopes.DIRECT_LOGIN})
|
||||
elif identity.auth_type == 'user_uuid':
|
||||
logger.debug('Switching username permission to deferred object with uuid: %s', identity.id)
|
||||
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
identity_changed.send(app, identity=switch_to_deferred)
|
||||
|
||||
elif identity.auth_type == 'token':
|
||||
|
|
|
|||
Reference in a new issue