summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Dobrowolski <admin@tastycode.pl>2017-04-12 00:38:32 +0200
committerPiotr Dobrowolski <admin@tastycode.pl>2017-04-12 00:38:32 +0200
commit24da996fe635bc1887ce5f45d7d7a6003d0fd4de (patch)
treef3c259d5d709d026fcb40960ca15ba780b4001ca
parentba98a32eb3dd72d13ffae50207ce421a72cf2824 (diff)
downloadbitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.gz
bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.bz2
bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.xz
bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.zip
Add caps check
-rw-r--r--bitvend/auth.py48
-rw-r--r--bitvend/views.py3
-rw-r--r--requirements.txt1
3 files changed, 49 insertions, 3 deletions
diff --git a/bitvend/auth.py b/bitvend/auth.py
index 6dce1d3..8f7f71b 100644
--- a/bitvend/auth.py
+++ b/bitvend/auth.py
@@ -1,7 +1,9 @@
import requests
import functools
-from flask import session, flash, redirect, request
-from flask_login import login_user, LoginManager, logout_user
+import time
+from flask import session, flash, redirect, request, current_app, abort
+from flask_login import login_user, LoginManager, logout_user, current_user
+from flask_login.signals import user_logged_out
from bitvend.models import User, db
login_manager = LoginManager()
@@ -29,3 +31,45 @@ def try_login(username, password):
return True
return False
+
+
+def cap_check(capability, user=None):
+ user = user or current_user.get_id()
+
+ if session.get('_caps', {}).get(capability, 0) > time.time():
+ return True
+
+ allowed = requests.get(
+ 'https://capacifier.hackerspace.pl/%s/%s' % (capability, user)
+ ).status_code == 200
+
+ if allowed:
+ if '_caps' not in session:
+ session['_caps'] = {}
+
+ session['_caps'][capability] = \
+ time.time() + current_app.config.get('CAP_TTL', 3600)
+
+ return allowed
+
+
+@user_logged_out.connect
+def caps_cleanup(app, user):
+ # Cleanup caps cache
+ if '_caps' in session:
+ session.pop('_caps')
+
+
+def cap_required(capability):
+ '''Checks if user has desired capacifier capability'''
+
+ def inner(func):
+ @functools.wraps(func)
+ def wrapped(*args, **kwargs):
+ if not cap_check(capability):
+ abort(403)
+
+ return func(*args, **kwargs)
+
+ return wrapped
+ return inner
diff --git a/bitvend/views.py b/bitvend/views.py
index f9b6920..643aada 100644
--- a/bitvend/views.py
+++ b/bitvend/views.py
@@ -7,7 +7,7 @@ import qrcode.image.svg
from bitvend import dev, proc
from bitvend.models import db, User, Transaction, NoFunds
-from bitvend.auth import try_login
+from bitvend.auth import try_login, cap_required
from bitvend.forms import TransferForm
from flask_login import login_required, current_user, logout_user
@@ -79,6 +79,7 @@ def logout():
@bp.route('/log')
@login_required
+@cap_required('staff')
def log():
return render_template(
'log.html', transactions=Transaction.query.all())
diff --git a/requirements.txt b/requirements.txt
index 79281d3..4c4c62d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,3 +18,4 @@ SQLAlchemy==1.1.4
websocket-client==0.40.0
Werkzeug==0.11.15
WTForms==2.1
+blinker>=1.3