1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
"""Handle role endpoints"""
import uuid
from flask import flash, request, url_for, redirect, Blueprint
from .ui import render_ui
from .checks import require_oauth2
from .client import oauth2_get, oauth2_post
from .request_utils import request_error, process_error
roles = Blueprint("role", __name__)
@roles.route("/user", methods=["GET"])
@require_oauth2
def user_roles():
def __grerror__(roles, user_privileges, error):
return render_ui(
"oauth2/list_roles.html", roles=roles,
user_privileges=user_privileges,
group_roles_error=process_error(error))
def __grsuccess__(roles, user_privileges, group_roles):
return render_ui(
"oauth2/list_roles.html", roles=roles,
user_privileges=user_privileges, group_roles=group_roles)
def __role_success__(roles):
uprivs = tuple(
privilege["privilege_id"] for role in roles
for privilege in role["privileges"])
return oauth2_get("auth/group/roles").either(
lambda err: __grerror__(roles, uprivs, err),
lambda groles: __grsuccess__(roles, uprivs, groles))
return oauth2_get("auth/system/roles").either(
request_error, __role_success__)
@roles.route("/role/<uuid:role_id>", methods=["GET"])
@require_oauth2
def role(role_id: uuid.UUID):
def __success__(the_role):
return render_ui("oauth2/role.html",
role=the_role[0],
resource_id=uuid.UUID(the_role[1]))
return oauth2_get(f"auth/role/view/{role_id}").either(
request_error, __success__)
@roles.route("/create", methods=["GET", "POST"])
@require_oauth2
def create_role():
"""Create a new role."""
def __roles_error__(error):
return render_ui(
"oauth2/create-role.html", roles_error=process_error(error))
def __gprivs_error__(roles, error):
return render_ui(
"oauth2/create-role.html", roles=roles,
group_privileges_error=process_error(error))
def __success__(roles, gprivs):
uprivs = tuple(
privilege["privilege_id"] for role in roles
for privilege in role["privileges"])
return render_ui(
"oauth2/create-role.html", roles=roles, user_privileges=uprivs,
group_privileges=gprivs,
prev_role_name=request.args.get("role_name"))
def __fetch_gprivs__(roles):
return oauth2_get("auth/group/privileges").either(
lambda err: __gprivs_error__(roles, err),
lambda gprivs: __success__(roles, gprivs))
if request.method == "GET":
return oauth2_get("auth/user/roles").either(
__roles_error__, __fetch_gprivs__)
form = request.form
role_name = form.get("role_name")
privileges = form.getlist("privileges[]")
if len(privileges) == 0:
flash("You must assign at least one privilege to the role",
"alert-danger")
return redirect(url_for(
"oauth2.role.create_role", role_name=role_name))
def __create_error__(error):
err = process_error(error)
flash(f"{err['error']}: {err['error_description']}",
"alert-danger")
return redirect(url_for("oauth2.role.create_role"))
def __create_success__(*args):
flash("Role created successfully.", "alert-success")
return redirect(url_for("oauth2.role.user_roles"))
return oauth2_post(
"auth/group/role/create",data={
"role_name": role_name, "privileges[]": privileges}).either(
__create_error__,__create_success__)
|
