vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add user admin scope

Browse source 
Also remove unused scope decorator.

fixes #890
This commit is contained in:
Matt Jibson 2015-11-18 12:01:40 -05:00
parent 206ffc65af
commit f02bb3caee
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
auth/scopes.py
View file

@ -43,6 +43,15 @@ READ_USER = Scope(scope= 'user:read',
description=('This application will be able to read user information such as ' description=('This application will be able to read user information such as '
'username and email address.')) 'username and email address.'))
ADMIN_USER = Scope(scope= 'user:admin',
icon='fa-gear',
dangerous=True,
title='Administer User',
description=('This application will be able to administer your account '
'including creating robots and granting them permissions '
'to your repositories. You should have absolute trust in the '
'requesting application before granting this permission.'))
ORG_ADMIN = Scope(scope='org:admin', ORG_ADMIN = Scope(scope='org:admin',
icon='fa-gear', icon='fa-gear',
dangerous=True, dangerous=True,
@ -71,7 +80,7 @@ SUPERUSER = Scope(scope='super:user',
'permission.')) 'permission.'))
ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO, ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
READ_USER, ORG_ADMIN, SUPERUSER)} READ_USER, ORG_ADMIN, SUPERUSER, ADMIN_USER)}
IMPLIED_SCOPES = { IMPLIED_SCOPES = {
ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO}, ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
@ -81,6 +90,7 @@ IMPLIED_SCOPES = {
READ_USER: {READ_USER}, READ_USER: {READ_USER},
ORG_ADMIN: {ORG_ADMIN}, ORG_ADMIN: {ORG_ADMIN},
SUPERUSER: {SUPERUSER}, SUPERUSER: {SUPERUSER},
ADMIN_USER: {ADMIN_USER},
None: set(), None: set(),
} }

3
endpoints/api/__init__.py
View file

@ -284,8 +284,7 @@ def require_user_permission(permission_class, scope=None):
require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER) require_user_read = require_user_permission(UserReadPermission, scopes.READ_USER)
require_user_admin = require_user_permission(UserAdminPermission, None) require_user_admin = require_user_permission(UserAdminPermission, scopes.ADMIN_USER)
require_fresh_user_admin = require_user_permission(UserAdminPermission, None)
def verify_not_prod(func): def verify_not_prod(func):