aboutsummaryrefslogtreecommitdiff
path: root/gn2
diff options
context:
space:
mode:
Diffstat (limited to 'gn2')
-rw-r--r--gn2/wqflask/oauth2/groups.py24
-rw-r--r--gn2/wqflask/oauth2/roles.py56
-rw-r--r--gn2/wqflask/templates/oauth2/view-group-role.html102
3 files changed, 0 insertions, 182 deletions
diff --git a/gn2/wqflask/oauth2/groups.py b/gn2/wqflask/oauth2/groups.py
index 3bc4bcb2..e4028497 100644
--- a/gn2/wqflask/oauth2/groups.py
+++ b/gn2/wqflask/oauth2/groups.py
@@ -136,30 +136,6 @@ def reject_join_request():
handle_error("oauth2.group.list_join_requests"),
__success__)
-@groups.route("/role/<uuid:group_role_id>", methods=["GET"])
-@require_oauth2
-def group_role(group_role_id: uuid.UUID):
- """View the details of a particular role."""
- def __render_error__(**kwargs):
- return render_ui("oauth2/view-group-role.html", **kwargs)
-
- def __gprivs_success__(role, group_privileges):
- return render_ui(
- "oauth2/view-group-role.html", group_role=role,
- group_privileges=tuple(
- priv for priv in group_privileges
- if priv not in role["role"]["privileges"]))
-
- def __role_success__(role):
- return oauth2_get("auth/group/privileges").either(
- lambda err: __render_error__(
- group_role=group_role,
- group_privileges_error=process_error(err)),
- lambda privileges: __gprivs_success__(role, privileges))
-
- return oauth2_get(f"auth/group/role/{group_role_id}").either(
- lambda err: __render_error__(group_role_error=process_error(err)),
- __role_success__)
def add_delete_privilege_to_role(
group_role_id: uuid.UUID, direction: str) -> Response:
diff --git a/gn2/wqflask/oauth2/roles.py b/gn2/wqflask/oauth2/roles.py
index b0f990c7..2a21670e 100644
--- a/gn2/wqflask/oauth2/roles.py
+++ b/gn2/wqflask/oauth2/roles.py
@@ -21,59 +21,3 @@ def role(role_id: uuid.UUID):
return oauth2_get(f"auth/role/view/{role_id}").either(
request_error, __success__)
-@roles.route("/create", methods=["GET", "POST"])
-@require_oauth2
-def create_role():
- """Create a new role."""
- def __roles_error__(error):
- return render_ui(
- "oauth2/create-role.html", roles_error=process_error(error))
-
- def __gprivs_error__(roles, error):
- return render_ui(
- "oauth2/create-role.html", roles=roles,
- group_privileges_error=process_error(error))
-
- def __success__(roles, gprivs):
- uprivs = tuple(
- privilege["privilege_id"] for role in roles
- for privilege in role["privileges"])
- return render_ui(
- "oauth2/create-role.html", roles=roles, user_privileges=uprivs,
- group_privileges=gprivs,
- prev_role_name=request.args.get("role_name"))
-
- def __fetch_gprivs__(roles):
- return oauth2_get("auth/group/privileges").either(
- lambda err: __gprivs_error__(roles, err),
- lambda gprivs: __success__(roles, gprivs))
-
- if request.method == "GET":
- return oauth2_get("auth/user/roles").either(
- __roles_error__, __fetch_gprivs__)
-
- form = request.form
- role_name = form.get("role_name")
- privileges = form.getlist("privileges[]")
- if len(privileges) == 0:
- flash("You must assign at least one privilege to the role",
- "alert-danger")
- return redirect(url_for(
- "oauth2.role.create_role", role_name=role_name))
- def __create_error__(error):
- err = process_error(error)
- flash(f"{err['error']}: {err['error_description']}",
- "alert-danger")
- return redirect(url_for("oauth2.role.create_role"))
- def __create_success__(*args):
- flash("Role created successfully.", "alert-success")
- return redirect(url_for("oauth2.role.user_roles"))
-
- raise DeprecationWarning(
- f"The `{__name__}.create_role(…)` function, as is currently, can "
- "lead to unbounded privilege escalation. See "
- "https://issues.genenetwork.org/issues/gn-auth/problems-with-roles")
- # return oauth2_post(
- # "auth/group/role/create",data={
- # "role_name": role_name, "privileges[]": privileges}).either(
- # __create_error__,__create_success__)
diff --git a/gn2/wqflask/templates/oauth2/view-group-role.html b/gn2/wqflask/templates/oauth2/view-group-role.html
deleted file mode 100644
index 5da023bf..00000000
--- a/gn2/wqflask/templates/oauth2/view-group-role.html
+++ /dev/null
@@ -1,102 +0,0 @@
-{%extends "base.html"%}
-{%from "oauth2/profile_nav.html" import profile_nav%}
-{%from "oauth2/display_error.html" import display_error%}
-{%block title%}View User{%endblock%}
-{%block content%}
-<div class="container" style="min-width: 1250px;">
- {{profile_nav("roles", user_privileges)}}
- <h3>View Group Role</h3>
-
- {{flash_me()}}
-
- <div class="container-fluid">
- <div class="row">
- <h3>Role Details</h3>
- {%if group_role_error is defined%}
- {{display_error("Group Role", group_role_error)}}
- {%else%}
- <table class="table">
- <caption>Details for '{{group_role.role.role_name}}' Role</caption>
- <thead>
- <tr>
- <th>Privilege</th>
- <th>Description</th>
- <th>Action</th>
- </tr>
- </thead>
- <tbody>
- {%for privilege in group_role.role.privileges%}
- <tr>
- <td>{{privilege.privilege_id}}</td>
- <td>{{privilege.privilege_description}}</td>
- <td>
- <form action="{{url_for(
- 'oauth2.group.delete_privilege_from_role',
- group_role_id=group_role.group_role_id)}}"
- method="POST">
- <input type="hidden" name="privilege_id"
- value="{{privilege.privilege_id}}" />
- <input type="submit" class="btn btn-danger"
- value="Remove"
- {%if not group_role.role.user_editable%}
- disabled="disabled"
- {%endif%} />
- </form>
- </td>
- </tr>
- {%endfor%}
- </tbody>
- </table>
- {%endif%}
- </div>
-
- <div class="row">
- <h3>Other Privileges</h3>
- <table class="table">
- <caption>Other Privileges not Assigned to this Role</caption>
- <thead>
- <tr>
- <th>Privilege</th>
- <th>Description</th>
- <th>Action</th>
- </tr>
- </thead>
-
- <tbody>
- {%for priv in group_privileges%}
- <tr>
- <td>{{priv.privilege_id}}</td>
- <td>{{priv.privilege_description}}</td>
- <td>
- <form action="{{url_for(
- 'oauth2.group.add_privilege_to_role',
- group_role_id=group_role.group_role_id)}}"
- method="POST">
- <input type="hidden" name="privilege_id"
- value="{{priv.privilege_id}}" />
- <input type="submit" class="btn btn-warning"
- value="Add to Role"
- {%if not group_role.role.user_editable%}
- disabled="disabled"
- {%endif%} />
- </form>
- </td>
- </tr>
- {%else%}
- <tr>
- <td colspan="3">
- <span class="glyphicon glyphicon-info-sign text-info">
- </span>
- &nbsp;
- <span class="text-info">All privileges assigned!</span>
- </td>
- </tr>
- {%endfor%}
- </tbody>
- </table>
- </div>
-
- </div>
-
-</div>
-{%endblock%}