diff options
author | Piotr Dobrowolski <admin@tastycode.pl> | 2017-04-12 00:38:32 +0200 |
---|---|---|
committer | Piotr Dobrowolski <admin@tastycode.pl> | 2017-04-12 00:38:32 +0200 |
commit | 24da996fe635bc1887ce5f45d7d7a6003d0fd4de (patch) | |
tree | f3c259d5d709d026fcb40960ca15ba780b4001ca | |
parent | ba98a32eb3dd72d13ffae50207ce421a72cf2824 (diff) | |
download | bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.gz bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.bz2 bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.tar.xz bitvend-24da996fe635bc1887ce5f45d7d7a6003d0fd4de.zip |
Add caps check
-rw-r--r-- | bitvend/auth.py | 48 | ||||
-rw-r--r-- | bitvend/views.py | 3 | ||||
-rw-r--r-- | requirements.txt | 1 |
3 files changed, 49 insertions, 3 deletions
diff --git a/bitvend/auth.py b/bitvend/auth.py index 6dce1d3..8f7f71b 100644 --- a/bitvend/auth.py +++ b/bitvend/auth.py @@ -1,7 +1,9 @@ import requests import functools -from flask import session, flash, redirect, request -from flask_login import login_user, LoginManager, logout_user +import time +from flask import session, flash, redirect, request, current_app, abort +from flask_login import login_user, LoginManager, logout_user, current_user +from flask_login.signals import user_logged_out from bitvend.models import User, db login_manager = LoginManager() @@ -29,3 +31,45 @@ def try_login(username, password): return True return False + + +def cap_check(capability, user=None): + user = user or current_user.get_id() + + if session.get('_caps', {}).get(capability, 0) > time.time(): + return True + + allowed = requests.get( + 'https://capacifier.hackerspace.pl/%s/%s' % (capability, user) + ).status_code == 200 + + if allowed: + if '_caps' not in session: + session['_caps'] = {} + + session['_caps'][capability] = \ + time.time() + current_app.config.get('CAP_TTL', 3600) + + return allowed + + +@user_logged_out.connect +def caps_cleanup(app, user): + # Cleanup caps cache + if '_caps' in session: + session.pop('_caps') + + +def cap_required(capability): + '''Checks if user has desired capacifier capability''' + + def inner(func): + @functools.wraps(func) + def wrapped(*args, **kwargs): + if not cap_check(capability): + abort(403) + + return func(*args, **kwargs) + + return wrapped + return inner diff --git a/bitvend/views.py b/bitvend/views.py index f9b6920..643aada 100644 --- a/bitvend/views.py +++ b/bitvend/views.py @@ -7,7 +7,7 @@ import qrcode.image.svg from bitvend import dev, proc from bitvend.models import db, User, Transaction, NoFunds -from bitvend.auth import try_login +from bitvend.auth import try_login, cap_required from bitvend.forms import TransferForm from flask_login import login_required, current_user, logout_user @@ -79,6 +79,7 @@ def logout(): @bp.route('/log') @login_required +@cap_required('staff') def log(): return render_template( 'log.html', transactions=Transaction.query.all()) diff --git a/requirements.txt b/requirements.txt index 79281d3..4c4c62d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,3 +18,4 @@ SQLAlchemy==1.1.4 websocket-client==0.40.0 Werkzeug==0.11.15 WTForms==2.1 +blinker>=1.3 |