From dd7268bc0c2d841779ba488b13ca0b1f0e9ea6bc Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Mon, 17 Jun 2024 15:52:23 -0500 Subject: Remove deprecated endpoints/views and templates --- gn2/wqflask/oauth2/groups.py | 24 ------------------- gn2/wqflask/oauth2/roles.py | 56 -------------------------------------------- 2 files changed, 80 deletions(-) (limited to 'gn2/wqflask/oauth2') diff --git a/gn2/wqflask/oauth2/groups.py b/gn2/wqflask/oauth2/groups.py index 3bc4bcb2..e4028497 100644 --- a/gn2/wqflask/oauth2/groups.py +++ b/gn2/wqflask/oauth2/groups.py @@ -136,30 +136,6 @@ def reject_join_request(): handle_error("oauth2.group.list_join_requests"), __success__) -@groups.route("/role/", methods=["GET"]) -@require_oauth2 -def group_role(group_role_id: uuid.UUID): - """View the details of a particular role.""" - def __render_error__(**kwargs): - return render_ui("oauth2/view-group-role.html", **kwargs) - - def __gprivs_success__(role, group_privileges): - return render_ui( - "oauth2/view-group-role.html", group_role=role, - group_privileges=tuple( - priv for priv in group_privileges - if priv not in role["role"]["privileges"])) - - def __role_success__(role): - return oauth2_get("auth/group/privileges").either( - lambda err: __render_error__( - group_role=group_role, - group_privileges_error=process_error(err)), - lambda privileges: __gprivs_success__(role, privileges)) - - return oauth2_get(f"auth/group/role/{group_role_id}").either( - lambda err: __render_error__(group_role_error=process_error(err)), - __role_success__) def add_delete_privilege_to_role( group_role_id: uuid.UUID, direction: str) -> Response: diff --git a/gn2/wqflask/oauth2/roles.py b/gn2/wqflask/oauth2/roles.py index b0f990c7..2a21670e 100644 --- a/gn2/wqflask/oauth2/roles.py +++ b/gn2/wqflask/oauth2/roles.py @@ -21,59 +21,3 @@ def role(role_id: uuid.UUID): return oauth2_get(f"auth/role/view/{role_id}").either( request_error, __success__) -@roles.route("/create", methods=["GET", "POST"]) -@require_oauth2 -def create_role(): - """Create a new role.""" - def __roles_error__(error): - return render_ui( - "oauth2/create-role.html", roles_error=process_error(error)) - - def __gprivs_error__(roles, error): - return render_ui( - "oauth2/create-role.html", roles=roles, - group_privileges_error=process_error(error)) - - def __success__(roles, gprivs): - uprivs = tuple( - privilege["privilege_id"] for role in roles - for privilege in role["privileges"]) - return render_ui( - "oauth2/create-role.html", roles=roles, user_privileges=uprivs, - group_privileges=gprivs, - prev_role_name=request.args.get("role_name")) - - def __fetch_gprivs__(roles): - return oauth2_get("auth/group/privileges").either( - lambda err: __gprivs_error__(roles, err), - lambda gprivs: __success__(roles, gprivs)) - - if request.method == "GET": - return oauth2_get("auth/user/roles").either( - __roles_error__, __fetch_gprivs__) - - form = request.form - role_name = form.get("role_name") - privileges = form.getlist("privileges[]") - if len(privileges) == 0: - flash("You must assign at least one privilege to the role", - "alert-danger") - return redirect(url_for( - "oauth2.role.create_role", role_name=role_name)) - def __create_error__(error): - err = process_error(error) - flash(f"{err['error']}: {err['error_description']}", - "alert-danger") - return redirect(url_for("oauth2.role.create_role")) - def __create_success__(*args): - flash("Role created successfully.", "alert-success") - return redirect(url_for("oauth2.role.user_roles")) - - raise DeprecationWarning( - f"The `{__name__}.create_role(…)` function, as is currently, can " - "lead to unbounded privilege escalation. See " - "https://issues.genenetwork.org/issues/gn-auth/problems-with-roles") - # return oauth2_post( - # "auth/group/role/create",data={ - # "role_name": role_name, "privileges[]": privileges}).either( - # __create_error__,__create_success__) -- cgit v1.2.3