k-space/inventory-app
11
0
Fork 0
Code Issues 14 Pull Requests Packages Activity

Rename oidc groups
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/manual/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Madis Mägi 2024-08-29 17:02:34 +03:00
parent 40c9753b69
commit 3dfda0ac7f
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
inventory-app/inventory.py
View File

@ -33,7 +33,7 @@ def view_inventory_view(item_id):
template = "inventory_view_public.html" template = "inventory_view_public.html"
redirect_url = urllib.parse.quote_plus(request.full_path) redirect_url = urllib.parse.quote_plus(request.full_path)
else: else:
can_audit = "k-space:janitors" in user.get("groups", []) can_audit = "k-space:inventory:audit" in user.get("groups", [])
can_edit = check_edit_permission(item_id) can_edit = check_edit_permission(item_id)
is_using = item_user and item_user == user["username"] is_using = item_user and item_user == user["username"]
photo_url = get_image_url(item_id) photo_url = get_image_url(item_id)
@ -147,9 +147,9 @@ def check_edit_permission(item_id):
if not item: if not item:
return False return False
user_groups = user.get("groups", []) user_groups = user.get("groups", [])
if item.get("type") == "key" and "k-space:janitors" not in user_groups: if item.get("type") == "key" and "k-space:inventory:keys" not in user_groups:
return False return False
if "k-space:janitors" in user_groups: if "k-space:inventory:edit" in user_groups:
return True return True
item_username = item.get("inventory", {}).get("owner", {}).get("username", False) item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
user_username = user.get("username", False) user_username = user.get("username", False)
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
@login_required @login_required
def view_inventory_edit(item_id=None, slug=None, clone_item_id=None): def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
user = read_user() user = read_user()
has_edit_all = user and "k-space:janitors" in user.get("groups", []) has_edit_all = user and "k-space:inventory:edit" in user.get("groups", [])
item = None item = None
if item_id: if item_id:
if not check_edit_permission(item_id): if not check_edit_permission(item_id):
@ -275,7 +275,7 @@ def upload_photo(item_id):
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 }) item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 })
if not item: if not item:
return "Item not found", 404 return "Item not found", 404
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403) return abort(403)
if "file" not in request.files: if "file" not in request.files:
return "No file part", 400 return "No file part", 400
@ -411,7 +411,7 @@ def view_inventory(slug=None):
else: else:
fields.append(("inventory.owner.username", "Owner", str)) fields.append(("inventory.owner.username", "Owner", str))
fields.append(("inventory.user.username", "User", str)) fields.append(("inventory.user.username", "User", str))
can_audit = "k-space:janitors" in login_user.get("groups", []) can_audit = "k-space:inventory:audit" in login_user.get("groups", [])
if slug and not public_view: if slug and not public_view:
template = "inventory_pick.html" template = "inventory_pick.html"
if request.path.startswith("/m/inventory/clone-with-slug"): if request.path.startswith("/m/inventory/clone-with-slug"):
@ -447,7 +447,7 @@ def view_inventory(slug=None):
@page_inventory.route("/m/inventory/<item_id>/audit", methods=["POST"]) @page_inventory.route("/m/inventory/<item_id>/audit", methods=["POST"])
@login_required(groups=["k-space:janitors"]) @login_required(groups=["k-space:inventory:audit"])
def view_inventory_audit(item_id): def view_inventory_audit(item_id):
user = read_user() user = read_user()
item = db.inventory.find_one(filter = { item = db.inventory.find_one(filter = {
@ -507,7 +507,7 @@ def view_inventory_claim(item_id):
}) })
if not item: if not item:
return abort(404) return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403) return abort(403)
db.inventory.update_one({ db.inventory.update_one({
@ -532,7 +532,7 @@ def view_inventory_use(item_id):
}) })
if not item: if not item:
return abort(404) return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403) return abort(403)
db.inventory.update_one({ db.inventory.update_one({
@ -557,7 +557,7 @@ def view_inventory_vacate(item_id):
}) })
if not item: if not item:
return abort(404) return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []): if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403) return abort(403)
db.inventory.update_one({ db.inventory.update_one({