archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Extend CHECK_PERMISSIONS_IMPLEMENTED_FOR

Browse Source 
We support flamenco.jobs. This is a temporary workaround until we
implement check permissions in a way that can be extended by extensions.
This commit is contained in:
Francesco Siddi
2016-11-30 23:50:19 +01:00
parent f06b3c94eb
commit d9b56f485b
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pillar/api/utils/authorization.py
View File

@@ -7,7 +7,7 @@ from flask import abort
from flask import current_app from flask import current_app
from werkzeug.exceptions import Forbidden from werkzeug.exceptions import Forbidden
CHECK_PERMISSIONS_IMPLEMENTED_FOR = {'projects', 'nodes'} CHECK_PERMISSIONS_IMPLEMENTED_FOR = {'projects', 'nodes', 'flamenco.jobs'}
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@@ -135,6 +135,14 @@ def compute_aggr_permissions(collection_name, resource, check_node_type=None):
if check_node_type is None: if check_node_type is None:
return project['permissions'] return project['permissions']
node_type_name = check_node_type node_type_name = check_node_type
elif 'node_type' not in resource:
# Neither a project, nor a node, therefore is another collection
projects_collection = current_app.data.driver.db['projects']
project = projects_collection.find_one(
ObjectId(resource['project']),
{'permissions': 1})
return project['permissions']
else: else:
# Not a project, so it's a node. # Not a project, so it's a node.
assert 'project' in resource assert 'project' in resource