Added roles (user and admin) and according requirements
parent
1febcd671a
commit
93a73a0ad8
|
@ -2,10 +2,11 @@
|
||||||
__author__ = "Gina Häußge <osd@foosel.net>"
|
__author__ = "Gina Häußge <osd@foosel.net>"
|
||||||
__license__ = 'GNU Affero General Public License http://www.gnu.org/licenses/agpl.html'
|
__license__ = 'GNU Affero General Public License http://www.gnu.org/licenses/agpl.html'
|
||||||
|
|
||||||
from flask import Flask, request, render_template, jsonify, send_from_directory, abort, url_for
|
|
||||||
from werkzeug.utils import secure_filename
|
from werkzeug.utils import secure_filename
|
||||||
import tornadio2
|
import tornadio2
|
||||||
from flask.ext.login import LoginManager, login_user, logout_user, login_required, current_user, AnonymousUser
|
from flask import Flask, request, render_template, jsonify, send_from_directory, url_for, current_app, session
|
||||||
|
from flask.ext.login import LoginManager, login_user, logout_user, login_required, current_user
|
||||||
|
from flask.ext.principal import Principal, Permission, RoleNeed, Identity, identity_changed, AnonymousIdentity, identity_loaded, UserNeed
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import threading
|
import threading
|
||||||
|
@ -29,6 +30,10 @@ printer = None
|
||||||
gcodeManager = None
|
gcodeManager = None
|
||||||
userManager = None
|
userManager = None
|
||||||
|
|
||||||
|
principals = Principal(app)
|
||||||
|
admin_permission = Permission(RoleNeed("admin"))
|
||||||
|
user_permission = Permission(RoleNeed("user"))
|
||||||
|
|
||||||
#~~ Printer state
|
#~~ Printer state
|
||||||
|
|
||||||
class PrinterStateConnection(tornadio2.SocketConnection):
|
class PrinterStateConnection(tornadio2.SocketConnection):
|
||||||
|
@ -403,6 +408,7 @@ def getSettings():
|
||||||
|
|
||||||
@app.route(BASEURL + "settings", methods=["POST"])
|
@app.route(BASEURL + "settings", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
|
@admin_permission.require()
|
||||||
def setSettings():
|
def setSettings():
|
||||||
if "application/json" in request.headers["Content-Type"]:
|
if "application/json" in request.headers["Content-Type"]:
|
||||||
data = request.json
|
data = request.json
|
||||||
|
@ -449,6 +455,7 @@ def setSettings():
|
||||||
|
|
||||||
@app.route(BASEURL + "system", methods=["POST"])
|
@app.route(BASEURL + "system", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
|
@admin_permission.require()
|
||||||
def performSystemAction():
|
def performSystemAction():
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
if request.values.has_key("action"):
|
if request.values.has_key("action"):
|
||||||
|
@ -484,6 +491,7 @@ def login():
|
||||||
if user is not None:
|
if user is not None:
|
||||||
if user.check_password(users.UserManager.createPasswordHash(password)):
|
if user.check_password(users.UserManager.createPasswordHash(password)):
|
||||||
login_user(user, remember=remember)
|
login_user(user, remember=remember)
|
||||||
|
identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
|
||||||
return jsonify({"name": user.get_name(), "user": user.is_user(), "admin": user.is_admin()})
|
return jsonify({"name": user.get_name(), "user": user.is_user(), "admin": user.is_admin()})
|
||||||
return app.make_response(("User unknown or password incorrect", 401, []))
|
return app.make_response(("User unknown or password incorrect", 401, []))
|
||||||
elif "passive" in request.values.keys():
|
elif "passive" in request.values.keys():
|
||||||
|
@ -496,9 +504,27 @@ def login():
|
||||||
@app.route(BASEURL + "logout", methods=["POST"])
|
@app.route(BASEURL + "logout", methods=["POST"])
|
||||||
@login_required
|
@login_required
|
||||||
def logout():
|
def logout():
|
||||||
|
# Remove session keys set by Flask-Principal
|
||||||
|
for key in ('identity.name', 'identity.auth_type'):
|
||||||
|
del session[key]
|
||||||
|
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
|
||||||
|
|
||||||
logout_user()
|
logout_user()
|
||||||
|
|
||||||
return jsonify(SUCCESS)
|
return jsonify(SUCCESS)
|
||||||
|
|
||||||
|
@identity_loaded.connect_via(app)
|
||||||
|
def on_identity_loaded(sender, identity):
|
||||||
|
user = load_user(identity.name)
|
||||||
|
if user is None:
|
||||||
|
return
|
||||||
|
|
||||||
|
identity.provides.add(UserNeed(user.get_name()))
|
||||||
|
if user.is_user():
|
||||||
|
identity.provides.add(RoleNeed("user"))
|
||||||
|
if user.is_admin():
|
||||||
|
identity.provides.add(RoleNeed("admin"))
|
||||||
|
|
||||||
def load_user(id):
|
def load_user(id):
|
||||||
if userManager is not None:
|
if userManager is not None:
|
||||||
return userManager.findUser(id)
|
return userManager.findUser(id)
|
||||||
|
|
|
@ -50,7 +50,10 @@ class FilebasedUserManager(UserManager):
|
||||||
self._load()
|
self._load()
|
||||||
|
|
||||||
def _load(self):
|
def _load(self):
|
||||||
self._users = {"admin": User("admin", "7557160613d5258f883014a7c3c0428de53040fc152b1791f1cc04a62b428c0c2a9c46ed330cdce9689353ab7a5352ba2b2ceb459b96e9c8ed7d0cb0b2c0c076", True, UserManager.valid_roles)}
|
self._users = {
|
||||||
|
"admin": User("admin", "7557160613d5258f883014a7c3c0428de53040fc152b1791f1cc04a62b428c0c2a9c46ed330cdce9689353ab7a5352ba2b2ceb459b96e9c8ed7d0cb0b2c0c076", True, ["user", "admin"]),
|
||||||
|
"user": User("user", "ced28770ae4457f420e322a5c7b8abc5f31432aef2552871909d6f4f372d1e0d6e0e7be14114656971eeba88e6462d5ea596b656d521c847047a496fecc431a5", True, ["user"])
|
||||||
|
}
|
||||||
if os.path.exists(self._userfile) and os.path.isfile(self._userfile):
|
if os.path.exists(self._userfile) and os.path.isfile(self._userfile):
|
||||||
with open(self._userfile, "r") as f:
|
with open(self._userfile, "r") as f:
|
||||||
data = yaml.safe_load(f)
|
data = yaml.safe_load(f)
|
||||||
|
|
|
@ -4,4 +4,5 @@ pyserial>=2.6
|
||||||
tornado>=2.4.1
|
tornado>=2.4.1
|
||||||
tornadio2>=0.0.4
|
tornadio2>=0.0.4
|
||||||
PyYAML>=3.10
|
PyYAML>=3.10
|
||||||
Flask-Login>=0.1.3
|
Flask-Login>=0.1.3
|
||||||
|
Flask-Principal>=0.3.4
|
Loading…
Reference in New Issue