Commit 6cdc234b authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Add permissions for user types

parent 859bb780
......@@ -24,11 +24,16 @@ def user_info_default():
class User(AbstractUser):
USER_ALREADY_EXISTS = Exception('The user does already exist. This usually implies that the IdP changed the sub. Only possible fix: delete the old user')
TYPE_CHOICE_DOWNSTREAM = 'apiclient'
TYPE_CHOICE_USER = 'oidcuser'
TYPE_CHOICE_ADMIN = 'admin'
TYPE_CHOICE_UPSTREAM = 'upstream'
TYPE_CHOICES = (
('apiclient', 'Downstream Client'), # clients which connect to us via pubsub
('oidcuser', 'Webpage User'), # normal users which logged in using the webpage
('admin', 'Admin'), # admins of the django admin
('upstream', 'Upstream Client'), # E.g. an idP that provides us with fresh userinfos or access tokens
(TYPE_CHOICE_DOWNSTREAM, 'Downstream Client'), # clients which connect to us via pubsub
(TYPE_CHOICE_USER, 'Webpage User'), # normal users which logged in using the webpage
(TYPE_CHOICE_ADMIN, 'Admin'), # admins of the django admin
(TYPE_CHOICE_UPSTREAM, 'Upstream Client'), # E.g. an idP that provides us with fresh userinfos or access tokens
)
user_type = models.CharField(
max_length=20,
......
from rest_framework.permissions import IsAuthenticated
from .models import User
class TypeOnly(IsAuthenticated):
user_type = ''
def has_permission(self, request, view):
return super().has_permission(self, request, view) and request.user.user_type == self.user_type
class UpstreamOnly(IsAuthenticated):
user_type = User.TYPE_CHOICE_UPSTREAM
class DownstreamOnly(IsAuthenticated):
user_type = User.TYPE_CHOICE_DOWNSTREAM
class UserOnly(IsAuthenticated):
user_type = User.TYPE_CHOICE_USER
......@@ -14,16 +14,19 @@ from feudal.backend.auth.v1.models.vo import VO, Group, Entitlement
from feudal.backend.models import Site, Service, deployments
from feudal.backend.models.brokers import RabbitMQInstance
from feudal.backend.models.serializers import clients
from feudal.backend.permissions import DownstreamOnly
LOGGER = logging.getLogger(__name__)
# authentication class for the client api
AUTHENTICATION_CLASSES = (BasicAuthentication, )
AUTHENTICATION_CLASSES = (BasicAuthentication,)
PERMISSION_CLASSES = (DownstreamOnly,)
class DeploymentStateView(generics.UpdateAPIView):
authentication_classes = AUTHENTICATION_CLASSES
permission_classes = PERMISSION_CLASSES
serializer_class = clients.DeploymentStateSerializer
def get_object(self):
......@@ -59,7 +62,6 @@ class DeploymentStateView(generics.UpdateAPIView):
state.message,
)
# update the credential states of this deployment state
state.client_credential_states(self.request.data.get('credential_states', {}))
......@@ -75,6 +77,7 @@ class DeploymentStateView(generics.UpdateAPIView):
class DeploymentStateListView(generics.ListAPIView):
authentication_classes = AUTHENTICATION_CLASSES
permission_classes = PERMISSION_CLASSES
serializer_class = clients.DeploymentStateSerializer
def get_queryset(self):
......@@ -88,6 +91,7 @@ class DeploymentStateListView(generics.ListAPIView):
# the client has to fetch the configuration
class ConfigurationView(views.APIView):
authentication_classes = AUTHENTICATION_CLASSES
permission_classes = PERMISSION_CLASSES
sid_to_service = {}
......@@ -109,7 +113,6 @@ class ConfigurationView(views.APIView):
for dep in vo.vo_deployments.all():
dep.update()
# returns the service ID to service mapping contained in the request
def parse_sid_to_service(self, request):
self.sid_to_service = {}
......@@ -192,6 +195,7 @@ class ConfigurationView(views.APIView):
class DeregisterView(views.APIView):
authentication_classes = AUTHENTICATION_CLASSES
permission_classes = PERMISSION_CLASSES
def put(self, request):
......
......@@ -11,6 +11,7 @@ from rest_framework.permissions import AllowAny
from feudal.backend.auth.v1.models.serializers import VOSerializer
from feudal.backend.auth.v1.models.vo import VO
from feudal.backend.models import serializers, deployments, Service
from feudal.backend.permissions import UserOnly
LOGGER = logging.getLogger(__name__)
HELP_TEXT = """
......@@ -51,6 +52,8 @@ state/<id> GET Show your deployment state with id <id>
deployment state has state=questionnaire
"""
PERMISSION_CLASSES = (UserOnly,)
class HelpView(views.APIView):
permission_classes = (AllowAny,)
......@@ -60,6 +63,7 @@ class HelpView(views.APIView):
class UserDeletionView(generics.RetrieveDestroyAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.UserStateSerializer
def get_object(self):
......@@ -72,6 +76,7 @@ class UserDeletionView(generics.RetrieveDestroyAPIView):
class ServiceListView(generics.ListAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.ServiceSerializer
def get_queryset(self):
......@@ -79,6 +84,7 @@ class ServiceListView(generics.ListAPIView):
class ServiceView(generics.RetrieveAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.ServiceSerializer
def get_object(self):
......@@ -89,6 +95,7 @@ class ServiceView(generics.RetrieveAPIView):
class VOListView(generics.ListAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = VOSerializer
def get_queryset(self):
......@@ -96,6 +103,7 @@ class VOListView(generics.ListAPIView):
class VOView(generics.RetrieveAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = VOSerializer
def get_object(self):
......@@ -106,6 +114,7 @@ class VOView(generics.RetrieveAPIView):
class SSHPublicKeyListView(generics.ListCreateAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.SSHPublicKeySerializer
def get_queryset(self):
......@@ -117,6 +126,7 @@ class SSHPublicKeyListView(generics.ListCreateAPIView):
class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.SSHPublicKeySerializer
def get_object(self):
......@@ -130,6 +140,7 @@ class SSHPublicKeyView(generics.RetrieveDestroyAPIView):
class DeploymentListView(generics.ListAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.DeploymentSerializer
def get_queryset(self):
......@@ -142,6 +153,7 @@ class DeploymentListView(generics.ListAPIView):
class DeploymentView(generics.RetrieveUpdateAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.DeploymentSerializer
def get_serializer_context(self):
......@@ -199,6 +211,7 @@ class DeploymentView(generics.RetrieveUpdateAPIView):
class DeploymentStateListView(generics.ListCreateAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.DeploymentStateSerializer
def get_queryset(self):
......@@ -206,6 +219,7 @@ class DeploymentStateListView(generics.ListCreateAPIView):
class DeploymentStateView(generics.RetrieveUpdateAPIView):
permission_classes = PERMISSION_CLASSES
serializer_class = serializers.DeploymentStateSerializer
def get_object(self):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment