mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-18 13:32:28 +00:00
a6b479db19
- /apps/activity/api/serializers.py - /apps/activity/api/urls.py - /apps/activity/api/views.py - /apps/activity/tests/test_activities.py - /apps/activity/__init__.py - /apps/activity/admin.py - /apps/activity/apps.py - /apps/activity/forms.py - /apps/activity/tables.py - /apps/activity/urls.py - /apps/activity/views.py - /apps/api/__init__.py - /apps/api/apps.py - /apps/api/serializers.py - /apps/api/tests.py - /apps/api/urls.py - /apps/api/views.py - /apps/api/viewsets.py - /apps/logs/signals.py - /apps/logs/apps.py - /apps/logs/__init__.py - /apps/logs/api/serializers.py - /apps/logs/api/urls.py - /apps/logs/api/views.py - /apps/member/api/serializers.py - /apps/member/api/urls.py - /apps/member/api/views.py - /apps/member/templatetags/memberinfo.py - /apps/member/__init__.py - /apps/member/admin.py - /apps/member/apps.py - /apps/member/auth.py - /apps/member/forms.py - /apps/member/hashers.py - /apps/member/signals.py - /apps/member/tables.py - /apps/member/urls.py - /apps/member/views.py - /apps/note/api/serializers.py - /apps/note/api/urls.py - /apps/note/api/views.py - /apps/note/models/__init__.py - /apps/note/static/note/js/consos.js - /apps/note/templates/note/mails/negative_balance.txt - /apps/note/templatetags/getenv.py - /apps/note/templatetags/pretty_money.py - /apps/note/tests/test_transactions.py - /apps/note/__init__.py - /apps/note/admin.py - /apps/note/apps.py - /apps/note/forms.py - /apps/note/signals.py - /apps/note/tables.py - /apps/note/urls.py - /apps/note/views.py - /apps/permission/api/serializers.py - /apps/permission/api/urls.py - /apps/permission/api/views.py - /apps/permission/templatetags/perms.py - /apps/permission/tests/test_oauth2.py - /apps/permission/tests/test_permission_denied.py - /apps/permission/tests/test_permission_queries.py - /apps/permission/tests/test_rights_page.py - /apps/permission/__init__.py - /apps/permission/admin.py - /apps/permission/backends.py - /apps/permission/apps.py - /apps/permission/decorators.py - /apps/permission/permissions.py - /apps/permission/scopes.py - /apps/permission/signals.py - /apps/permission/tables.py - /apps/permission/urls.py - /apps/permission/views.py - /apps/registration/tests/test_registration.py - /apps/registration/__init__.py - /apps/registration/apps.py - /apps/registration/forms.py - /apps/registration/tables.py - /apps/registration/tokens.py - /apps/registration/urls.py - /apps/registration/views.py - /apps/treasury/api/serializers.py - /apps/treasury/api/urls.py - /apps/treasury/api/views.py - /apps/treasury/templatetags/escape_tex.py - /apps/treasury/tests/test_treasury.py - /apps/treasury/__init__.py - /apps/treasury/admin.py - /apps/treasury/apps.py - /apps/treasury/forms.py - /apps/treasury/signals.py - /apps/treasury/tables.py - /apps/treasury/urls.py - /apps/treasury/views.py - /apps/wei/api/serializers.py - /apps/wei/api/urls.py - /apps/wei/api/views.py - /apps/wei/forms/surveys/__init__.py - /apps/wei/forms/surveys/base.py - /apps/wei/forms/surveys/wei2021.py - /apps/wei/forms/surveys/wei2022.py - /apps/wei/forms/surveys/wei2023.py - /apps/wei/forms/__init__.py - /apps/wei/forms/registration.py - /apps/wei/management/commands/export_wei_registrations.py - /apps/wei/management/commands/import_scores.py - /apps/wei/management/commands/wei_algorithm.py - /apps/wei/templates/wei/weilist_sample.tex - /apps/wei/tests/test_wei_algorithm_2021.py - /apps/wei/tests/test_wei_algorithm_2022.py - /apps/wei/tests/test_wei_algorithm_2023.py - /apps/wei/tests/test_wei_registration.py - /apps/wei/__init__.py - /apps/wei/admin.py - /apps/wei/apps.py - /apps/wei/tables.py - /apps/wei/urls.py - /apps/wei/views.py - /note_kfet/settings/__init__.py - /note_kfet/settings/base.py - /note_kfet/settings/development.py - /note_kfet/settings/secrets_example.py - /note_kfet/static/js/base.js - /note_kfet/admin.py - /note_kfet/inputs.py - /note_kfet/middlewares.py - /note_kfet/urls.py - /note_kfet/views.py - /note_kfet/wsgi.py - /entrypoint.sh
58 lines
2.2 KiB
Python
58 lines
2.2 KiB
Python
# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
from oauth2_provider.oauth2_validators import OAuth2Validator
|
|
from oauth2_provider.scopes import BaseScopes
|
|
from member.models import Club
|
|
from note_kfet.middlewares import get_current_request
|
|
|
|
from .backends import PermissionBackend
|
|
from .models import Permission
|
|
|
|
|
|
class PermissionScopes(BaseScopes):
|
|
"""
|
|
An OAuth2 scope is defined by a permission object and a club.
|
|
A token will have a subset of permissions from the owner of the application,
|
|
and can be useful to make queries through the API with limited privileges.
|
|
"""
|
|
|
|
def get_all_scopes(self):
|
|
return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
|
|
for p in Permission.objects.all() for club in Club.objects.all()}
|
|
|
|
def get_available_scopes(self, application=None, request=None, *args, **kwargs):
|
|
if not application:
|
|
return []
|
|
return [f"{p.id}_{p.membership.club.id}"
|
|
for t in Permission.PERMISSION_TYPES
|
|
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
|
|
|
|
def get_default_scopes(self, application=None, request=None, *args, **kwargs):
|
|
if not application:
|
|
return []
|
|
return [f"{p.id}_{p.membership.club.id}"
|
|
for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
|
|
|
|
|
|
class PermissionOAuth2Validator(OAuth2Validator):
|
|
def validate_scopes(self, client_id, scopes, client, request, *args, **kwargs):
|
|
"""
|
|
User can request as many scope as he wants, including invalid scopes,
|
|
but it will have only the permissions he has.
|
|
|
|
This allows clients to request more permission to get finally a
|
|
subset of permissions.
|
|
"""
|
|
|
|
valid_scopes = set()
|
|
|
|
for t in Permission.PERMISSION_TYPES:
|
|
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0]):
|
|
scope = f"{p.id}_{p.membership.club.id}"
|
|
if scope in scopes:
|
|
valid_scopes.add(scope)
|
|
|
|
request.scopes = valid_scopes
|
|
|
|
return valid_scopes
|