Rename oidc groups

2024-08-29 17:02:34 +03:00 · 2024-08-29 17:02:34 +03:00 · 3dfda0ac7f
commit 3dfda0ac7f
parent 40c9753b69
1 changed files with 10 additions and 10 deletions
--- a/inventory-app/inventory.py
+++ b/inventory-app/inventory.py
@ -33,7 +33,7 @@ def view_inventory_view(item_id):
        template = "inventory_view_public.html"
        redirect_url = urllib.parse.quote_plus(request.full_path)
    else:
-        can_audit = "k-space:janitors" in user.get("groups", [])
+        can_audit = "k-space:inventory:audit" in user.get("groups", [])
        can_edit = check_edit_permission(item_id)
        is_using = item_user and item_user == user["username"]
    photo_url = get_image_url(item_id)
@ -147,9 +147,9 @@ def check_edit_permission(item_id):
    if not item:
        return False
    user_groups = user.get("groups", [])
-    if item.get("type") == "key" and "k-space:janitors" not in user_groups:
+    if item.get("type") == "key" and "k-space:inventory:keys" not in user_groups:
        return False
-    if "k-space:janitors" in user_groups:
+    if "k-space:inventory:edit" in user_groups:
        return True
    item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
    user_username = user.get("username", False)
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
@login_required
 def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
    user = read_user()
-    has_edit_all = user and "k-space:janitors" in user.get("groups", [])
+    has_edit_all = user and "k-space:inventory:edit" in user.get("groups", [])
    item = None
    if item_id:
        if not check_edit_permission(item_id):
@ -275,7 +275,7 @@ def upload_photo(item_id):
    item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 })
    if not item:
        return "Item not found", 404
-    if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
+    if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
        return abort(403)
    if "file" not in request.files:
        return "No file part", 400
@ -411,7 +411,7 @@ def view_inventory(slug=None):
    else:
        fields.append(("inventory.owner.username", "Owner", str))
        fields.append(("inventory.user.username", "User", str))
-        can_audit = "k-space:janitors" in login_user.get("groups", [])
+        can_audit = "k-space:inventory:audit" in login_user.get("groups", [])
    if slug and not public_view:
        template = "inventory_pick.html"
        if request.path.startswith("/m/inventory/clone-with-slug"):
@ -447,7 +447,7 @@ def view_inventory(slug=None):


@page_inventory.route("/m/inventory/<item_id>/audit", methods=["POST"])
-@login_required(groups=["k-space:janitors"])
+@login_required(groups=["k-space:inventory:audit"])
 def view_inventory_audit(item_id):
    user = read_user()
    item = db.inventory.find_one(filter = {
@ -507,7 +507,7 @@ def view_inventory_claim(item_id):
    })
    if not item:
        return abort(404)
-    if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
+    if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
        return abort(403)

    db.inventory.update_one({
@ -532,7 +532,7 @@ def view_inventory_use(item_id):
    })
    if not item:
        return abort(404)
-    if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
+    if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
        return abort(403)

    db.inventory.update_one({
@ -557,7 +557,7 @@ def view_inventory_vacate(item_id):
    })
    if not item:
        return abort(404)
-    if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
+    if item.get("type") == "key" and "k-space:inventory:keys" not in user.get("groups", []):
        return abort(403)

    db.inventory.update_one({