archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Use capability check instead of role check in strip_link_and_variations()

Browse Source
This commit is contained in:
Sybren A. Stüvel 2018-03-23 14:23:47 +01:00
parent e4f229cc70
commit 0cf45c0d78
2 changed files with 4 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pillar/api/file_storage/__init__.py
View File

@ -386,13 +386,8 @@ def before_returning_file(response):
def strip_link_and_variations(response): def strip_link_and_variations(response):
# Check the access level of the user. # Check the access level of the user.
if current_user.is_anonymous: capability = current_app.config['FULL_FILE_ACCESS_CAP']
has_full_access = False has_full_access = current_user.has_cap(capability)
else:
user_roles = current_user.roles
# TODO: convert to a capability and check for that.
access_roles = current_app.config['FULL_FILE_ACCESS_ROLES']
has_full_access = bool(user_roles.intersection(access_roles))
# Strip all file variations (unless image) and link to the actual file. # Strip all file variations (unless image) and link to the actual file.
if not has_full_access: if not has_full_access:

4
pillar/config.py
View File

@ -109,8 +109,8 @@ FILE_LINK_VALIDITY = defaultdict(
gcs=3600 * 23, # 23 hours for Google Cloud Storage. gcs=3600 * 23, # 23 hours for Google Cloud Storage.
) )
# Roles with full GET-access to all variations of files. # Capability with GET-access to all variations of files.
FULL_FILE_ACCESS_ROLES = {'admin', 'subscriber', 'demo'} FULL_FILE_ACCESS_CAP = 'subscriber'
# Client and Subclient IDs for Blender ID # Client and Subclient IDs for Blender ID
BLENDER_ID_CLIENT_ID = 'SPECIAL-SNOWFLAKE-57' BLENDER_ID_CLIENT_ID = 'SPECIAL-SNOWFLAKE-57'