Commit 84bace71 by Belákovics Ádám

Add list and class level functionality to mixin

parent 5d36e1f3
from django.contrib.auth.models import Permission
from django.contrib import admin
admin.site.register(Permission)
...@@ -19,15 +19,19 @@ class AuthorizationMixin(): ...@@ -19,15 +19,19 @@ class AuthorizationMixin():
def has_perms_for_object(self, user, method, instance): def has_perms_for_object(self, user, method, instance):
auth_params = self.authorization[method] auth_params = self.authorization[method]
if auth_params: if auth_params:
for perm in auth_params["perms"]: for perm in auth_params["perms"]:
user.has_perm('') if not user.has_perm(perm, instance):
return False
return True
else: else:
logger.error(f"Invalid method for authorization: {method}") logger.error(f"Invalid method for authorization: {method}")
def has_perms_for_model(self, user, method, model): def has_perms_for_model(self, user, method):
auth_params = self.authorization[method] auth_params = self.authorization[method]
if auth_params: if auth_params:
pass for perm in auth_params["perms"]:
if not user.has_perm(perm):
return False
return True
else: else:
logger.error(f"Invalid method for authorization: {method}") logger.error(f"Invalid method for authorization: {method}")
# Generated by Django 2.2.4 on 2019-08-29 07:54
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('instance', '0011_auto_20190808_1137'),
]
operations = [
migrations.AlterModelOptions(
name='instance',
options={'default_permissions': (), 'permissions': (('create_instance', 'Can create a new VM.'), ('use_instance', 'Can access the VM connection info.'), ('operate_instance', 'Can use basic lifecycle methods of the VM.'), ('administer_instance', 'Can delete VM.'), ('access_console', 'Can access the graphical console of a VM.'), ('change_resources', 'Can change resources of a VM.'), ('manage_access', 'Can manage access rights for the VM.'), ('config_ports', 'Can configure port forwards.'))},
),
]
...@@ -83,6 +83,7 @@ class Instance(models.Model): ...@@ -83,6 +83,7 @@ class Instance(models.Model):
from template.models import ImageTemplate from template.models import ImageTemplate
class Meta: class Meta:
default_permissions = ()
permissions = ( permissions = (
('create_instance', 'Can create a new VM.'), ('create_instance', 'Can create a new VM.'),
('use_instance', 'Can access the VM connection info.'), ('use_instance', 'Can access the VM connection info.'),
......
...@@ -14,7 +14,7 @@ from authorization.mixins import AuthorizationMixin ...@@ -14,7 +14,7 @@ from authorization.mixins import AuthorizationMixin
authorization = { authorization = {
"list": {"auth_type": "filter", "perms": ["use_instance"]}, "list": {"auth_type": "filter", "perms": ["use_instance"]},
"create": {"auth_type": "class", "perms": ["create_instance"]}, "create": {"auth_type": "class", "perms": ["instance.create_instance"], "message": "No permission to create Virtual Machine."},
"retrieve": {"auth_type": "object", "perms": ["use_instance"]}, "retrieve": {"auth_type": "object", "perms": ["use_instance"]},
"destroy": {"auth_type": "object", "perms": ["administer_instance"]}, "destroy": {"auth_type": "object", "perms": ["administer_instance"]},
"template": {"auth_type": "object", "perms": ["use_instance"]}, "template": {"auth_type": "object", "perms": ["use_instance"]},
...@@ -42,6 +42,10 @@ class InstanceViewSet(AuthorizationMixin, ViewSet): ...@@ -42,6 +42,10 @@ class InstanceViewSet(AuthorizationMixin, ViewSet):
return Response(InstanceSerializer(instances, many=True).data) return Response(InstanceSerializer(instances, many=True).data)
def create(self, request): def create(self, request):
# TODO: Put this logic in Mixin
if not self.has_perms_for_model(request.user, 'create'):
return Response({"error": "No permission to create Virtual Machine."}, status=status.HTTP_401_UNAUTHORIZED)
data = request.data data = request.data
template = ImageTemplate.objects.get(pk=data["template"]) template = ImageTemplate.objects.get(pk=data["template"])
...@@ -68,6 +72,9 @@ class InstanceViewSet(AuthorizationMixin, ViewSet): ...@@ -68,6 +72,9 @@ class InstanceViewSet(AuthorizationMixin, ViewSet):
def retrieve(self, request, pk): def retrieve(self, request, pk):
instance = self.get_object(pk) instance = self.get_object(pk)
if not self.has_perms_for_object(request.user, 'retrieve', instance):
return Response({"error": "No permission to access the Virtual Machine."}, status=status.HTTP_401_UNAUTHORIZED)
instanceDict = InstanceSerializer(instance).data instanceDict = InstanceSerializer(instance).data
remoteInstance = instance.get_remote_instance() remoteInstance = instance.get_remote_instance()
remoteInstanceDict = remoteInstance.__dict__ remoteInstanceDict = remoteInstance.__dict__
......
Subproject commit 1a19e4355f4af1abb49a3f6e07dc3a6c3f8bdf47 Subproject commit e01d873c78ac17fed0438936f979de3cbaca6a5e
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment