Restrict editing keys to k-space:janitors
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
37544700d5
commit
aa76374f1f
@ -142,10 +142,12 @@ def check_edit_permission(item_id):
|
|||||||
user = read_user()
|
user = read_user()
|
||||||
if not user:
|
if not user:
|
||||||
return False
|
return False
|
||||||
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 })
|
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "inventory.owner": 1 , "type": 1})
|
||||||
if not item:
|
if not item:
|
||||||
return False
|
return False
|
||||||
user_groups = user.get("groups", [])
|
user_groups = user.get("groups", [])
|
||||||
|
if item.get("type") == "key" and "k-space:janitors" not in user_groups:
|
||||||
|
return False
|
||||||
if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]):
|
if any(group in user_groups for group in ["k-space:board", "k-space:kubernetes:admins"]):
|
||||||
return True
|
return True
|
||||||
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
|
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
|
||||||
@ -266,9 +268,12 @@ def get_bucket():
|
|||||||
@page_inventory.route("/inventory/<item_id>/upload-photo", methods=["POST"])
|
@page_inventory.route("/inventory/<item_id>/upload-photo", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def upload_photo(item_id):
|
def upload_photo(item_id):
|
||||||
|
user = read_user()
|
||||||
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 })
|
item = db.inventory.find_one(filter = { "_id": ObjectId(item_id) }, projection = { "thumbs": 1 })
|
||||||
if not item:
|
if not item:
|
||||||
return "Item not found", 404
|
return "Item not found", 404
|
||||||
|
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
|
||||||
|
return abort(403)
|
||||||
if "file" not in request.files:
|
if "file" not in request.files:
|
||||||
return "No file part", 400
|
return "No file part", 400
|
||||||
file = request.files["file"]
|
file = request.files["file"]
|
||||||
@ -484,6 +489,8 @@ def view_inventory_claim(item_id):
|
|||||||
})
|
})
|
||||||
if not item:
|
if not item:
|
||||||
return abort(404)
|
return abort(404)
|
||||||
|
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
|
||||||
|
return abort(403)
|
||||||
|
|
||||||
db.inventory.update_one({
|
db.inventory.update_one({
|
||||||
"_id": ObjectId(item["_id"])
|
"_id": ObjectId(item["_id"])
|
||||||
@ -507,6 +514,8 @@ def view_inventory_use(item_id):
|
|||||||
})
|
})
|
||||||
if not item:
|
if not item:
|
||||||
return abort(404)
|
return abort(404)
|
||||||
|
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
|
||||||
|
return abort(403)
|
||||||
|
|
||||||
db.inventory.update_one({
|
db.inventory.update_one({
|
||||||
"_id": ObjectId(item["_id"])
|
"_id": ObjectId(item["_id"])
|
||||||
@ -530,6 +539,8 @@ def view_inventory_vacate(item_id):
|
|||||||
})
|
})
|
||||||
if not item:
|
if not item:
|
||||||
return abort(404)
|
return abort(404)
|
||||||
|
if item.get("type") == "key" and "k-space:janitors" not in user.get("groups", []):
|
||||||
|
return abort(403)
|
||||||
|
|
||||||
db.inventory.update_one({
|
db.inventory.update_one({
|
||||||
"_id": ObjectId(item["_id"])
|
"_id": ObjectId(item["_id"])
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user