From 3dfda0ac7f07514572a89463e12c3c0be8ac947d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20M=C3=A4gi?= Date: Thu, 29 Aug 2024 17:02:34 +0300 Subject: [PATCH] Rename oidc groups --- inventory-app/inventory.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/inventory-app/inventory.py b/inventory-app/inventory.py index 40c70ca..da00b0f 100644 --- a/inventory-app/inventory.py +++ b/inventory-app/inventory.py @@ -33,7 +33,7 @@ def view_inventory_view(item_id): template = "inventory_view_public.html" redirect_url = urllib.parse.quote_plus(request.full_path) else: - can_audit = "k-space:janitors" in user.get("groups", []) + can_audit = "k-space:inventory:audit" in user.get("groups", []) can_edit = check_edit_permission(item_id) is_using = item_user and item_user == user["username"] photo_url = get_image_url(item_id) @@ -147,9 +147,9 @@ def check_edit_permission(item_id): if not item: return False user_groups = user.get("groups", []) - if item.get("type") == "key" and "k-space:janitors" not in user_groups: + if item.get("type") == "key" and "k-space:inventory:keys" not in user_groups: return False - if "k-space:janitors" in user_groups: + if "k-space:inventory:edit" in user_groups: return True item_username = item.get("inventory", {}).get("owner", {}).get("username", False) user_username = user.get("username", False) @@ -166,7 +166,7 @@ def check_edit_permission(item_id): @login_required def view_inventory_edit(item_id=None, slug=None, clone_item_id=None): user = read_user() - has_edit_all = user and "k-space:janitors" in user.get("groups", []) + has_edit_all = user and "k-space:inventory:edit" in user.get("groups", []) item = None if item_id: if not check_edit_permission(item_id): @@ -275,7 +275,7 @@ def upload_photo(item_id): item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 }) if not item: return "Item not found", 404 - if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): + if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []): return abort(403) if "file" not in request.files: return "No file part", 400 @@ -411,7 +411,7 @@ def view_inventory(slug=None): else: fields.append(("inventory.owner.username", "Owner", str)) fields.append(("inventory.user.username", "User", str)) - can_audit = "k-space:janitors" in login_user.get("groups", []) + can_audit = "k-space:inventory:audit" in login_user.get("groups", []) if slug and not public_view: template = "inventory_pick.html" if request.path.startswith("/m/inventory/clone-with-slug"): @@ -447,7 +447,7 @@ def view_inventory(slug=None): @page_inventory.route("/m/inventory//audit", methods=["POST"]) -@login_required(groups=["k-space:janitors"]) +@login_required(groups=["k-space:inventory:audit"]) def view_inventory_audit(item_id): user = read_user() item = db.inventory.find_one(filter = { @@ -507,7 +507,7 @@ def view_inventory_claim(item_id): }) if not item: return abort(404) - if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): + if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []): return abort(403) db.inventory.update_one({ @@ -532,7 +532,7 @@ def view_inventory_use(item_id): }) if not item: return abort(404) - if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): + if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []): return abort(403) db.inventory.update_one({ @@ -557,7 +557,7 @@ def view_inventory_vacate(item_id): }) if not item: return abort(404) - if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): + if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []): return abort(403) db.inventory.update_one({