Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
pvk-tool
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
13
Issues
13
List
Boards
Labels
Service Desk
Milestones
Merge Requests
2
Merge Requests
2
Operations
Operations
Incidents
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
amiv
pvk-tool
Commits
73ef9193
Commit
73ef9193
authored
Mar 15, 2018
by
Alexander Dietmüller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Backend: Consistent function returns for security.py
parent
74220165
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
7 additions
and
5 deletions
+7
-5
Backend/security.py
Backend/security.py
+7
-5
No files found.
Backend/security.py
View file @
73ef9193
...
...
@@ -34,8 +34,7 @@ def api_get(endpoint, **params):
formatted
=
{
key
:
json
.
dumps
(
value
)
for
(
key
,
value
)
in
params
.
items
()}
response
=
requests
.
get
(
url
,
params
=
formatted
,
headers
=
headers
)
if
response
.
status_code
==
200
:
return
response
.
json
()
return
response
.
json
()
if
(
response
.
status_code
==
200
)
else
None
def
request_cache
(
key
):
...
...
@@ -64,6 +63,7 @@ def get_user():
)
if
response
:
return
response
[
'_items'
][
0
][
'user'
]
return
None
@
request_cache
(
'nethz'
)
...
...
@@ -72,6 +72,7 @@ def get_nethz():
if
get_user
()
is
not
None
:
response
=
api_get
(
'users/'
+
get_user
())
return
response
.
get
(
'nethz'
)
return
None
@
request_cache
(
'admin'
)
...
...
@@ -111,7 +112,7 @@ def is_admin():
class
APIAuth
(
TokenAuth
):
"""Verifies the request token with AMIVAPI."""
def
check_auth
(
self
,
token
,
allowed_roles
,
resource
,
method
):
def
check_auth
(
self
,
token
,
_
,
resource
,
method
):
"""Allow request if token exists in AMIVAPI.
Furthermore, grant admin rights if the user is member of the
...
...
@@ -135,8 +136,9 @@ class APIAuth(TokenAuth):
if
method
in
allowed_methods
or
is_admin
():
return
True
else
:
abort
(
403
)
abort
(
403
)
return
False
# Dynamic Visibility Filter
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment