Rename oidc groups
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/manual/woodpecker Pipeline was successful

This commit is contained in:
Madis Mägi 2024-08-29 17:02:34 +03:00
parent 40c9753b69
commit 3dfda0ac7f

View File

@ -33,7 +33,7 @@ def view_inventory_view(item_id):
template = "inventory_view_public.html"
redirect_url = urllib.parse.quote_plus(request.full_path)
else:
can_audit = "k-space:janitors" in user.get("groups", [])
can_audit = "k-space:inventory:audit" in user.get("groups", [])
can_edit = check_edit_permission(item_id)
is_using = item_user and item_user == user["username"]
photo_url = get_image_url(item_id)
@ -147,9 +147,9 @@ def check_edit_permission(item_id):
if not item:
return False
user_groups = user.get("groups", [])
if item.get("type") == "key" and "k-space:janitors" not in user_groups:
if item.get("type") == "key" and "k-space:inventory:keys" not in user_groups:
return False
if "k-space:janitors" in user_groups:
if "k-space:inventory:edit" in user_groups:
return True
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
user_username = user.get("username", False)
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
@login_required
def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
user = read_user()
has_edit_all = user and "k-space:janitors" in user.get("groups", [])
has_edit_all = user and "k-space:inventory:edit" in user.get("groups", [])
item = None
if item_id:
if not check_edit_permission(item_id):
@ -275,7 +275,7 @@ def upload_photo(item_id):
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 })
if not item:
return "Item not found", 404
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403)
if "file" not in request.files:
return "No file part", 400
@ -411,7 +411,7 @@ def view_inventory(slug=None):
else:
fields.append(("inventory.owner.username", "Owner", str))
fields.append(("inventory.user.username", "User", str))
can_audit = "k-space:janitors" in login_user.get("groups", [])
can_audit = "k-space:inventory:audit" in login_user.get("groups", [])
if slug and not public_view:
template = "inventory_pick.html"
if request.path.startswith("/m/inventory/clone-with-slug"):
@ -447,7 +447,7 @@ def view_inventory(slug=None):
@page_inventory.route("/m/inventory/<item_id>/audit", methods=["POST"])
@login_required(groups=["k-space:janitors"])
@login_required(groups=["k-space:inventory:audit"])
def view_inventory_audit(item_id):
user = read_user()
item = db.inventory.find_one(filter = {
@ -507,7 +507,7 @@ def view_inventory_claim(item_id):
})
if not item:
return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403)
db.inventory.update_one({
@ -532,7 +532,7 @@ def view_inventory_use(item_id):
})
if not item:
return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403)
db.inventory.update_one({
@ -557,7 +557,7 @@ def view_inventory_vacate(item_id):
})
if not item:
return abort(404)
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
return abort(403)
db.inventory.update_one({