[oauth2] Add view to generate authorization link per application with given scopes

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

apps/permission/templates/permission/scopes.html

@@ -0,0 +1,74 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+
+{% block content %}
+    <div class="card">
+        <div class="card-header text-center">
+            <h2>{% trans "Available scopes" %}</h2>
+        </div>
+        <div class="card-body">
+            <div class="accordion" id="accordionApps">
+                {% for app, app_scopes in scopes.items %}
+                    <div class="card">
+                        <div class="card-header" id="app-{{ app.name.lower }}-title">
+                            <a class="text-decoration-none collapsed" href="#" data-toggle="collapse"
+                               data-target="#app-{{ app.name.lower }}" aria-expanded="false"
+                               aria-controls="app-{{ app.name.lower }}">
+                                {{ app.name }}
+                            </a>
+                        </div>
+                        <div class="collapse" id="app-{{ app.name.lower }}" aria-labelledby="app-{{ app.name.lower }}" data-target="#accordionApps">
+                            <div class="card-body">
+                                {% for scope_id, scope_desc in app_scopes.items %}
+                                    <div class="form-group">
+                                        <label class="form-check-label" for="scope-{{ app.name.lower }}-{{ scope_id }}">
+                                            <input type="checkbox" id="scope-{{ app.name.lower }}-{{ scope_id }}"
+                                                   name="scope-{{ app.name.lower }}" class="checkboxinput form-check-input" value="{{ scope_id }}">
+                                            {{ scope_desc }}
+                                        </label>
+                                    </div>
+                                {% endfor %}
+                                <p id="url-{{ app.name.lower }}">
+                                    <a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code" target="_blank">
+                                        {{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code
+                                    </a>
+                                </p>
+                            </div>
+                        </div>
+                    </div>
+                {% empty %}
+                    <p>
+                        {% trans "No applications defined" %}.
+                        <a href="{% url 'oauth2_provider:register' %}">{% trans "Click here" %}</a> {% trans "if you want to register a new one" %}.
+                    </p>
+                {% endfor %}
+            </div>
+        </div>
+    </div>
+{% endblock %}
+
+{% block extrajavascript %}
+    <script>
+        {% for app in scopes.keys %}
+            let elements = document.getElementsByName("scope-{{ app.name.lower }}");
+            for (let element of elements) {
+                element.onchange = function (event) {
+                    let scope = ""
+                    for (let element of elements) {
+                        if (element.checked) {
+                            scope += element.value + "%20"
+                        }
+                    }
+
+                    scope = scope.substr(0, scope.length - 3)
+
+                    document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope
+                        + '<br><a href="{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='+ scope
+                        + '" target="_blank">{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope='
+                        + scope + '</a>'
+                }
+            }
+        {% endfor %}
+    </script>
+{% endblock %}

apps/permission/urls.py

@@ -1,10 +1,17 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
+from django.conf import settings
 from django.urls import path
-from permission.views import RightsView
+
+from .views import RightsView, ScopesView
 
 app_name = 'permission'
 urlpatterns = [
-    path('rights', RightsView.as_view(), name="rights"),
+    path('rights/', RightsView.as_view(), name="rights"),
 ]
+
+if "oauth2_provider" in settings.INSTALLED_APPS:
+    urlpatterns += [
+        path('scopes/', ScopesView.as_view(), name="scopes"),
+    ]

apps/permission/views.py

@@ -1,6 +1,6 @@
 # Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
-
+from collections import OrderedDict
 from datetime import date
 
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -143,3 +143,26 @@ class RightsView(TemplateView):
                                                    prefix="superusers-")
 
         return context
+
+
+class ScopesView(LoginRequiredMixin, TemplateView):
+    template_name = "permission/scopes.html"
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+
+        from oauth2_provider.models import Application
+        from .scopes import PermissionScopes
+
+        scopes = PermissionScopes()
+        context["scopes"] = {}
+        all_scopes = scopes.get_all_scopes()
+        for app in Application.objects.filter(Q(user=self.request.user) | Q(client_type='public')).all():
+            available_scopes = scopes.get_available_scopes(app)
+            context["scopes"][app] = OrderedDict()
+            items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes]
+            items.sort(key=lambda x: (int(x[0].split("_")[1]), int(x[0].split("_")[0])))
+            for k, v in items:
+                context["scopes"][app][k] = v
+
+        return context