Loading portal/database/models.py +1 −1 Original line number Diff line number Diff line Loading @@ -429,7 +429,7 @@ class Role(db.Model, EntityBase): def set_permissions(self, **kwargs): """Sets permissions for the role Args: **kwargs(dict): Permissions **kwargs: Permissions """ for k, w in kwargs.items(): if hasattr(self.permissions, k) and k not in ('id', 'role_id', 'role'): Loading portal/rest/__init__.py +1 −0 Original line number Diff line number Diff line Loading @@ -233,3 +233,4 @@ user_list_update_schema = UserListUpdateSchema(strict=True) group_import_schema = GroupImportSchema(strict=True) component_schema = ComponentSchema(strict=True) components_schema = ComponentSchema(strict=True, many=True) portal/rest/components/components.py +2 −2 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ from flask import Blueprint from flask_jwt_extended import jwt_required from flask_restful import Api, Resource from portal.rest import component_schema, rest_helpers from portal.rest import component_schema, rest_helpers, components_schema from portal.service import permissions, auth from portal.service.auth import find_client from portal.service.components import create_component, delete_component, update_component, \ Loading @@ -27,7 +27,7 @@ class ComponentList(Resource): raise ForbiddenError(uid=client.id) components_list = find_all_components() return component_schema.dump(components_list), 200 return components_schema.dump(components_list)[0], 200 @error_handler @jwt_required Loading portal/rest/courses/courses.py +2 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,8 @@ from flask_restful import Api, Resource from portal.rest import course_schema, courses_schema, course_import_schema, rest_helpers from portal.service.courses import delete_course, update_course, create_course, \ update_notes_token, copy_course, filter_course_dump, find_all_courses update_notes_token, copy_course, find_all_courses from portal.service.filters import filter_course_dump from portal.service.general import find_course from portal.service.errors import ForbiddenError from portal.service.permissions import check_client Loading portal/rest/groups/groups.py +20 −15 Original line number Diff line number Diff line Loading @@ -7,12 +7,12 @@ from flask_restful import Api, Resource from portal.service import general, auth from portal.service.groups import delete_group, update_group, create_group, \ update_user_group_membership, find_users_in_group_by_role, add_single_user_to_group, \ remove_single_user_from_group, import_group remove_single_user_from_group, import_group, list_groups from portal.service.permissions import check_client from portal.tools.decorators import error_handler from portal.rest import group_schema, groups_schema, users_schema, user_list_update_schema, \ group_import_schema, rest_helpers from portal.service.errors import PortalAPIError, ForbiddenError from portal.service.errors import ForbiddenError groups = Blueprint('groups', __name__) groups_api = Api(groups) Loading @@ -27,9 +27,8 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['view_course_full']) \ or not check_client(client=client, course=course, permissions=['view_course_limited']): permissions = ['view_course_full', 'view_course_limited', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -41,7 +40,7 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -54,7 +53,8 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -73,10 +73,11 @@ class GroupsList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['read_groups']): permissions = ['read_groups', 'update_course', 'write_groups'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) return groups_schema.dump(course.groups) return groups_schema.dump(list_groups(course, client=client)) @error_handler @jwt_required Loading @@ -84,7 +85,7 @@ class GroupsList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -102,7 +103,8 @@ class GroupUsersList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['read_groups']): permissions = ['read_groups', 'update_course', 'write_groups'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) role_id = request.args.get('role') Loading @@ -117,7 +119,8 @@ class GroupUsersList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -138,7 +141,8 @@ class GroupUser(Resource): course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -153,7 +157,7 @@ class GroupUser(Resource): course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -169,7 +173,8 @@ class GroupImport(Resource): client = auth.find_client() target_course = general.find_course(cid) # authorization if not check_client(client=client, course=target_course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=target_course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading Loading
portal/database/models.py +1 −1 Original line number Diff line number Diff line Loading @@ -429,7 +429,7 @@ class Role(db.Model, EntityBase): def set_permissions(self, **kwargs): """Sets permissions for the role Args: **kwargs(dict): Permissions **kwargs: Permissions """ for k, w in kwargs.items(): if hasattr(self.permissions, k) and k not in ('id', 'role_id', 'role'): Loading
portal/rest/__init__.py +1 −0 Original line number Diff line number Diff line Loading @@ -233,3 +233,4 @@ user_list_update_schema = UserListUpdateSchema(strict=True) group_import_schema = GroupImportSchema(strict=True) component_schema = ComponentSchema(strict=True) components_schema = ComponentSchema(strict=True, many=True)
portal/rest/components/components.py +2 −2 Original line number Diff line number Diff line Loading @@ -3,7 +3,7 @@ from flask import Blueprint from flask_jwt_extended import jwt_required from flask_restful import Api, Resource from portal.rest import component_schema, rest_helpers from portal.rest import component_schema, rest_helpers, components_schema from portal.service import permissions, auth from portal.service.auth import find_client from portal.service.components import create_component, delete_component, update_component, \ Loading @@ -27,7 +27,7 @@ class ComponentList(Resource): raise ForbiddenError(uid=client.id) components_list = find_all_components() return component_schema.dump(components_list), 200 return components_schema.dump(components_list)[0], 200 @error_handler @jwt_required Loading
portal/rest/courses/courses.py +2 −1 Original line number Diff line number Diff line Loading @@ -6,7 +6,8 @@ from flask_restful import Api, Resource from portal.rest import course_schema, courses_schema, course_import_schema, rest_helpers from portal.service.courses import delete_course, update_course, create_course, \ update_notes_token, copy_course, filter_course_dump, find_all_courses update_notes_token, copy_course, find_all_courses from portal.service.filters import filter_course_dump from portal.service.general import find_course from portal.service.errors import ForbiddenError from portal.service.permissions import check_client Loading
portal/rest/groups/groups.py +20 −15 Original line number Diff line number Diff line Loading @@ -7,12 +7,12 @@ from flask_restful import Api, Resource from portal.service import general, auth from portal.service.groups import delete_group, update_group, create_group, \ update_user_group_membership, find_users_in_group_by_role, add_single_user_to_group, \ remove_single_user_from_group, import_group remove_single_user_from_group, import_group, list_groups from portal.service.permissions import check_client from portal.tools.decorators import error_handler from portal.rest import group_schema, groups_schema, users_schema, user_list_update_schema, \ group_import_schema, rest_helpers from portal.service.errors import PortalAPIError, ForbiddenError from portal.service.errors import ForbiddenError groups = Blueprint('groups', __name__) groups_api = Api(groups) Loading @@ -27,9 +27,8 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['view_course_full']) \ or not check_client(client=client, course=course, permissions=['view_course_limited']): permissions = ['view_course_full', 'view_course_limited', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -41,7 +40,7 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -54,7 +53,8 @@ class GroupResource(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -73,10 +73,11 @@ class GroupsList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['read_groups']): permissions = ['read_groups', 'update_course', 'write_groups'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) return groups_schema.dump(course.groups) return groups_schema.dump(list_groups(course, client=client)) @error_handler @jwt_required Loading @@ -84,7 +85,7 @@ class GroupsList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -102,7 +103,8 @@ class GroupUsersList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['read_groups']): permissions = ['read_groups', 'update_course', 'write_groups'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) role_id = request.args.get('role') Loading @@ -117,7 +119,8 @@ class GroupUsersList(Resource): client = auth.find_client() course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading @@ -138,7 +141,8 @@ class GroupUser(Resource): course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=course, permissions=permissions): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -153,7 +157,7 @@ class GroupUser(Resource): course = general.find_course(cid) # authorization if not check_client(client=client, course=course, permissions=['write_groups']): if not check_client(client=client, course=course, permissions=['update_course']): raise ForbiddenError(uid=client.id) group = general.find_group(course, gid) Loading @@ -169,7 +173,8 @@ class GroupImport(Resource): client = auth.find_client() target_course = general.find_course(cid) # authorization if not check_client(client=client, course=target_course, permissions=['write_groups']): permissions = ['write_groups', 'update_course'] if not check_client(client=client, course=target_course, permissions=permissions): raise ForbiddenError(uid=client.id) data = rest_helpers.parse_request_data( Loading
