diff options
-rw-r--r-- | gn2/wqflask/oauth2/groups.py | 24 | ||||
-rw-r--r-- | gn2/wqflask/oauth2/roles.py | 56 | ||||
-rw-r--r-- | gn2/wqflask/templates/oauth2/view-group-role.html | 102 |
3 files changed, 0 insertions, 182 deletions
diff --git a/gn2/wqflask/oauth2/groups.py b/gn2/wqflask/oauth2/groups.py index 3bc4bcb2..e4028497 100644 --- a/gn2/wqflask/oauth2/groups.py +++ b/gn2/wqflask/oauth2/groups.py @@ -136,30 +136,6 @@ def reject_join_request(): handle_error("oauth2.group.list_join_requests"), __success__) -@groups.route("/role/<uuid:group_role_id>", methods=["GET"]) -@require_oauth2 -def group_role(group_role_id: uuid.UUID): - """View the details of a particular role.""" - def __render_error__(**kwargs): - return render_ui("oauth2/view-group-role.html", **kwargs) - - def __gprivs_success__(role, group_privileges): - return render_ui( - "oauth2/view-group-role.html", group_role=role, - group_privileges=tuple( - priv for priv in group_privileges - if priv not in role["role"]["privileges"])) - - def __role_success__(role): - return oauth2_get("auth/group/privileges").either( - lambda err: __render_error__( - group_role=group_role, - group_privileges_error=process_error(err)), - lambda privileges: __gprivs_success__(role, privileges)) - - return oauth2_get(f"auth/group/role/{group_role_id}").either( - lambda err: __render_error__(group_role_error=process_error(err)), - __role_success__) def add_delete_privilege_to_role( group_role_id: uuid.UUID, direction: str) -> Response: diff --git a/gn2/wqflask/oauth2/roles.py b/gn2/wqflask/oauth2/roles.py index b0f990c7..2a21670e 100644 --- a/gn2/wqflask/oauth2/roles.py +++ b/gn2/wqflask/oauth2/roles.py @@ -21,59 +21,3 @@ def role(role_id: uuid.UUID): return oauth2_get(f"auth/role/view/{role_id}").either( request_error, __success__) -@roles.route("/create", methods=["GET", "POST"]) -@require_oauth2 -def create_role(): - """Create a new role.""" - def __roles_error__(error): - return render_ui( - "oauth2/create-role.html", roles_error=process_error(error)) - - def __gprivs_error__(roles, error): - return render_ui( - "oauth2/create-role.html", roles=roles, - group_privileges_error=process_error(error)) - - def __success__(roles, gprivs): - uprivs = tuple( - privilege["privilege_id"] for role in roles - for privilege in role["privileges"]) - return render_ui( - "oauth2/create-role.html", roles=roles, user_privileges=uprivs, - group_privileges=gprivs, - prev_role_name=request.args.get("role_name")) - - def __fetch_gprivs__(roles): - return oauth2_get("auth/group/privileges").either( - lambda err: __gprivs_error__(roles, err), - lambda gprivs: __success__(roles, gprivs)) - - if request.method == "GET": - return oauth2_get("auth/user/roles").either( - __roles_error__, __fetch_gprivs__) - - form = request.form - role_name = form.get("role_name") - privileges = form.getlist("privileges[]") - if len(privileges) == 0: - flash("You must assign at least one privilege to the role", - "alert-danger") - return redirect(url_for( - "oauth2.role.create_role", role_name=role_name)) - def __create_error__(error): - err = process_error(error) - flash(f"{err['error']}: {err['error_description']}", - "alert-danger") - return redirect(url_for("oauth2.role.create_role")) - def __create_success__(*args): - flash("Role created successfully.", "alert-success") - return redirect(url_for("oauth2.role.user_roles")) - - raise DeprecationWarning( - f"The `{__name__}.create_role(…)` function, as is currently, can " - "lead to unbounded privilege escalation. See " - "https://issues.genenetwork.org/issues/gn-auth/problems-with-roles") - # return oauth2_post( - # "auth/group/role/create",data={ - # "role_name": role_name, "privileges[]": privileges}).either( - # __create_error__,__create_success__) diff --git a/gn2/wqflask/templates/oauth2/view-group-role.html b/gn2/wqflask/templates/oauth2/view-group-role.html deleted file mode 100644 index 5da023bf..00000000 --- a/gn2/wqflask/templates/oauth2/view-group-role.html +++ /dev/null @@ -1,102 +0,0 @@ -{%extends "base.html"%} -{%from "oauth2/profile_nav.html" import profile_nav%} -{%from "oauth2/display_error.html" import display_error%} -{%block title%}View User{%endblock%} -{%block content%} -<div class="container" style="min-width: 1250px;"> - {{profile_nav("roles", user_privileges)}} - <h3>View Group Role</h3> - - {{flash_me()}} - - <div class="container-fluid"> - <div class="row"> - <h3>Role Details</h3> - {%if group_role_error is defined%} - {{display_error("Group Role", group_role_error)}} - {%else%} - <table class="table"> - <caption>Details for '{{group_role.role.role_name}}' Role</caption> - <thead> - <tr> - <th>Privilege</th> - <th>Description</th> - <th>Action</th> - </tr> - </thead> - <tbody> - {%for privilege in group_role.role.privileges%} - <tr> - <td>{{privilege.privilege_id}}</td> - <td>{{privilege.privilege_description}}</td> - <td> - <form action="{{url_for( - 'oauth2.group.delete_privilege_from_role', - group_role_id=group_role.group_role_id)}}" - method="POST"> - <input type="hidden" name="privilege_id" - value="{{privilege.privilege_id}}" /> - <input type="submit" class="btn btn-danger" - value="Remove" - {%if not group_role.role.user_editable%} - disabled="disabled" - {%endif%} /> - </form> - </td> - </tr> - {%endfor%} - </tbody> - </table> - {%endif%} - </div> - - <div class="row"> - <h3>Other Privileges</h3> - <table class="table"> - <caption>Other Privileges not Assigned to this Role</caption> - <thead> - <tr> - <th>Privilege</th> - <th>Description</th> - <th>Action</th> - </tr> - </thead> - - <tbody> - {%for priv in group_privileges%} - <tr> - <td>{{priv.privilege_id}}</td> - <td>{{priv.privilege_description}}</td> - <td> - <form action="{{url_for( - 'oauth2.group.add_privilege_to_role', - group_role_id=group_role.group_role_id)}}" - method="POST"> - <input type="hidden" name="privilege_id" - value="{{priv.privilege_id}}" /> - <input type="submit" class="btn btn-warning" - value="Add to Role" - {%if not group_role.role.user_editable%} - disabled="disabled" - {%endif%} /> - </form> - </td> - </tr> - {%else%} - <tr> - <td colspan="3"> - <span class="glyphicon glyphicon-info-sign text-info"> - </span> - - <span class="text-info">All privileges assigned!</span> - </td> - </tr> - {%endfor%} - </tbody> - </table> - </div> - - </div> - -</div> -{%endblock%} |