Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
pvk-tool
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
13
Issues
13
List
Boards
Labels
Service Desk
Milestones
Merge Requests
2
Merge Requests
2
Operations
Operations
Incidents
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
amiv
pvk-tool
Commits
3869a466
Commit
3869a466
authored
Nov 27, 2017
by
Alexander Dietmüller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Backend: Fix security bugs
parent
ccf54733
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
6 deletions
+11
-6
Backend/security.py
Backend/security.py
+11
-6
No files found.
Backend/security.py
View file @
3869a466
...
...
@@ -18,6 +18,7 @@ The important bits are:
"""
from
functools
import
wraps
import
json
import
requests
from
eve.auth
import
TokenAuth
from
flask
import
g
,
current_app
,
abort
...
...
@@ -30,7 +31,9 @@ def api_get(endpoint, **params):
url
=
requests
.
compat
.
urljoin
(
current_app
.
config
[
'AMIVAPI_URL'
],
endpoint
)
headers
=
{
'Authorization'
:
"Token %s"
%
g
.
token
}
response
=
requests
.
get
(
url
,
params
=
params
,
headers
=
headers
)
formatted
=
{
key
:
json
.
dumps
(
value
)
for
(
key
,
value
)
in
params
.
items
()}
response
=
requests
.
get
(
url
,
params
=
formatted
,
headers
=
headers
)
if
response
.
status_code
==
200
:
return
response
.
json
()
...
...
@@ -42,7 +45,6 @@ def request_cache(key):
def
_wrapper
(
*
args
,
**
kwargs
):
try
:
# If the value is already in g, don't call function
print
(
key
,
getattr
(
g
,
key
))
return
getattr
(
g
,
key
)
except
AttributeError
:
setattr
(
g
,
key
,
function
(
*
args
,
**
kwargs
))
...
...
@@ -51,7 +53,7 @@ def request_cache(key):
return
_decorator
@
request_cache
(
'user'
)
@
request_cache
(
'
api
user'
)
def
get_user
():
"""Return user id if the token is valid, None otherwise."""
response
=
api_get
(
...
...
@@ -60,14 +62,18 @@ def get_user():
projection
=
{
'user'
:
1
}
)
if
response
:
print
(
'Resp'
,
response
[
'_items'
][
0
])
return
response
[
'_items'
][
0
][
'user'
]
else
:
raise
FileNotFoundError
@
request_cache
(
'nethz'
)
def
get_nethz
():
"""Return nethz of current user."""
if
get_user
()
is
not
None
:
response
=
api_get
(
'users'
,
projection
=
{
'nethz'
:
1
})
response
=
api_get
(
'users/'
+
get_user
())
print
(
'users/'
+
get_user
(),
response
)
return
response
.
get
(
'nethz'
)
...
...
@@ -86,8 +92,7 @@ def is_admin():
where
=
{
'name'
:
current_app
.
config
[
'ADMIN_GROUP_NAME'
]},
projection
=
{
'_id'
:
1
}
)
if
groups
:
print
(
groups
)
if
groups
and
groups
[
'_items'
]:
group_id
=
groups
[
'_items'
][
0
][
'_id'
]
membership
=
api_get
(
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment