Refactor the code into modules, it was getting unweildy.

2013-09-25 12:45:12 -04:00 · 2013-09-25 12:45:12 -04:00 · ee5ea51532
commit ee5ea51532
parent 2611d70185
12 changed files with 73 additions and 70 deletions
--- a/auth/permissions.py
+++ b/auth/permissions.py
@ -0,0 +1,60 @@
+import logging
+
+from flask.ext.principal import identity_loaded, UserNeed, Permission
+from collections import namedtuple
+
+from data import model
+from app import app
+from auth import get_authenticated_user, get_validated_token
+
+
+logger = logging.getLogger(__name__)
+
+
+_RepositoryNeed = namedtuple('repository', ['namespace', 'name', 'role'])
+
+
+class ModifyRepositoryPermission(Permission):
+  def __init__(self, namespace, name):
+    admin_need = _RepositoryNeed(namespace, name, 'admin')
+    write_need = _RepositoryNeed(namespace, name, 'write')
+    super(ModifyRepositoryPermission, self).__init__(admin_need, write_need)
+
+
+class ReadRepositoryPermission(Permission):
+  def __init__(self, namespace, name):
+    admin_need = _RepositoryNeed(namespace, name, 'admin')
+    write_need = _RepositoryNeed(namespace, name, 'write')
+    read_need = _RepositoryNeed(namespace, name, 'read')
+    super(ReadRepositoryPermission, self).__init__(admin_need, write_need,
+                                                   read_need)
+
+
+class UserPermission(Permission):
+  def __init__(self, username):
+    user_need = UserNeed(username)
+    super(UserPermission, self).__init__(user_need)
+
+
+@identity_loaded.connect_via(app)
+def on_identity_loaded(sender, identity):
+  # We have verified an identity, load in all of the permissions
+  if get_authenticated_user():
+    identity.provides.add(UserNeed(get_authenticated_user().username))
+
+    for user in model.get_all_repo_permissions(get_authenticated_user()):
+      grant = _RepositoryNeed(user.repositorypermission.repository.namespace,
+                              user.repositorypermission.repository.name,
+                              user.repositorypermission.role.name)
+      logger.debug('User added permission: {0}'.format(grant))
+      identity.provides.add(grant)
+
+  if get_validated_token():
+    query = model.get_user_repo_permissions(get_validated_token().user,
+                                            get_validated_token().repository)
+    for permission in query:
+      t_grant = _RepositoryNeed(get_validated_token().repository.namespace,
+                                get_validated_token().repository.name,
+                                permission.role.name)
+      logger.debug('Token added permission: {0}'.format(t_grant))
+      identity.provides.add(t_grant)