Make the scopes dynamic based on app config.

2015-07-15 18:13:15 -04:00 · 2015-07-15 18:13:15 -04:00 · f5ee7a6697
commit f5ee7a6697
parent 053ceb6220
3 changed files with 14 additions and 7 deletions
--- a/auth/scopes.py
+++ b/auth/scopes.py
@ -69,8 +69,8 @@ SUPERUSER = Scope(scope='super:user',
                               'absolute trust in the requesting application before granting this '
                               'permission.'))

-ALL_SCOPES = {scope.scope:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
-                                              READ_USER, ORG_ADMIN)}
+ALL_SCOPES = {scope.scope: scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
+                                               READ_USER, ORG_ADMIN, SUPERUSER)}

 IMPLIED_SCOPES = {
  ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
@ -79,12 +79,18 @@ IMPLIED_SCOPES = {
  CREATE_REPO: {CREATE_REPO},
  READ_USER: {READ_USER},
  ORG_ADMIN: {ORG_ADMIN},
+  SUPERUSER: {SUPERUSER},
  None: set(),
 }

-if features.SUPER_USERS:
-  ALL_SCOPES[SUPERUSER.scope] = SUPERUSER
-  IMPLIED_SCOPES[SUPERUSER] = {SUPERUSER}
+
+def app_scopes(app_config):
+  if not app_config.get('FEATURE_SUPER_USERS', False):
+    scopes_from_config = dict(ALL_SCOPES)
+    del scopes_from_config[SUPERUSER.scope]
+    return scopes_from_config
+  return ALL_SCOPES
+

 def scopes_from_scope_string(scopes):
  if not scopes:
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@ -220,7 +220,8 @@ def swagger_route_data(include_internal=False, compact=False):
        "type": "oauth2",
        "flow": "implicit",
        "authorizationUrl": "%s://%s/oauth/authorize" % (PREFERRED_URL_SCHEME, SERVER_HOSTNAME),
-        'scopes': {scope.scope:scope.description for scope in scopes.ALL_SCOPES.values()},
+        'scopes': {scope.scope:scope.description
+                   for scope in scopes.app_scopes(app.config).values()},
      },
    },
    'paths': paths,
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -182,7 +182,7 @@ def render_page_template(name, **kwargs):
                                       feature_set=json.dumps(features.get_features()),
                                       config_set=json.dumps(getFrontendVisibleConfig(app.config)),
                                       oauth_set=json.dumps(get_oauth_config()),
-                                       scope_set=json.dumps(scopes.ALL_SCOPES),
+                                       scope_set=json.dumps(scopes.app_scopes(app.config)),
                                       mixpanel_key=app.config.get('MIXPANEL_KEY', ''),
                                       google_analytics_key=app.config.get('GOOGLE_ANALYTICS_KEY', ''),
                                       sentry_public_dsn=app.config.get('SENTRY_PUBLIC_DSN', ''),