Loading management/data/shared.py +2 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,8 @@ PERM_TEACHER = dict( write_groups=True, write_projects=True, archive_projects=True, create_submissions_other=True, create_submissions=True, resubmit_submissions=True, evaluate_submissions=True, write_reviews_all=True Loading portal/database/models.py +4 −3 Original line number Diff line number Diff line Loading @@ -71,9 +71,9 @@ class Client(db.Model): id: UUID string name: custom name for the secret type: client type (worker or user) secrets: a list of secrets for this client roles: roles associated with this client owner_id: reference to the enclosing entity of the client - secrets: a list of secrets for this client - roles: roles associated with this client - owner_id: reference to the enclosing entity of the client """ __tablename__ = 'client' id = db.Column(db.String(length=36), default=lambda: str( Loading Loading @@ -744,6 +744,7 @@ class RolePermissions(db.Model, EntityBase): archive_projects = db.Column(db.Boolean, default=False, nullable=False) create_submissions = db.Column(db.Boolean, default=False, nullable=False) create_submissions_other = db.Column(db.Boolean, default=False, nullable=False) resubmit_submissions = db.Column(db.Boolean, default=False, nullable=False) evaluate_submissions = db.Column(db.Boolean, default=False, nullable=False) Loading portal/rest/courses.py +7 −7 Original line number Diff line number Diff line Loading @@ -53,10 +53,10 @@ class CourseResource(Resource): course = find_course(cid) # authorization perm_service = permissions.PermissionsService(course=course) if perm_service.check.client(['view_course_full']): if perm_service.check.permissions(['view_course_full']): return course_schema.dump(course) elif perm_service.check.client(['view_course_limited']): elif perm_service.check.permissions(['view_course_limited']): dump = course_schema.dump(course) filtered_course = filter_course_dump(course, dump.data, client) return filtered_course Loading @@ -78,7 +78,7 @@ class CourseResource(Resource): def put(self, cid: str): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['update_course']) permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( schema=course_schema, action='update', resource='course', partial=True Loading @@ -98,7 +98,7 @@ class CourseNotesToken(Resource): def get(self, cid): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['handle_notes_access_token']) permissions.PermissionsService(course=course).require.course_access_token() return course.notes_access_token @jwt_required Loading @@ -108,7 +108,7 @@ class CourseNotesToken(Resource): def put(self, cid): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['handle_notes_access_token']) permissions.PermissionsService(course=course).require.course_access_token() json_data = rest_helpers.require_data( action='update_notes_token', resource='course') Loading @@ -128,7 +128,7 @@ class CourseImport(Resource): def put(self, cid: str): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['update_course']) permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( course_import_schema, action='import', resource='course' Loading @@ -154,7 +154,7 @@ class CourseUsers(Resource): @courses_namespace.response(403, 'Not allowed to see users in the course') def get(self, cid): course = find_course(cid) permissions.PermissionsService(course=course).require.client(['view_course_full']) permissions.PermissionsService(course=course).require.permissions(['view_course_full']) group_ids = request.args.getlist('group') role_ids = request.args.getlist('role') users = CourseService(course=course).get_users_filtered(group_ids, role_ids) Loading portal/rest/groups.py +1 −3 Original line number Diff line number Diff line Loading @@ -33,9 +33,7 @@ class GroupsList(Resource): # authorization permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( group_schema, action='create', resource='group' ) data = rest_helpers.parse_request_data(group_schema, action='create', resource='group') new_group = GroupService().create_group(course, **data) return group_schema.dump(new_group)[0], 201 Loading portal/rest/login.py +6 −6 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ from flask_restplus import Namespace, Resource, fields from portal import logger from portal.database.models import Client from portal.service.auth import login_gitlab, login_username_password, login_secret from portal.service.auth import login_gitlab, login_secret, login_username_password from portal.service.errors import PortalAPIError, UnauthorizedError log = logger.get_logger(__name__) Loading Loading @@ -50,8 +50,8 @@ class Refresh(Resource): @auth_namespace.marshal_with(refresh_schema) @auth_namespace.response(401, 'Client is not authorized') def post(self): client = authorized_client() return dict(access_token=create_access_token(identity=client)) client_id = authorized_client() return dict(access_token=create_access_token(identity=client_id)) @auth_namespace.route('/logout') Loading @@ -60,11 +60,11 @@ class Logout(Resource): @auth_namespace.marshal_with(logout_schema) @auth_namespace.response(401, 'Client is not authorized') def post(self): authorized_client() return dict(access_token=None, refresh_token=None) client_id = authorized_client() return dict(id=client_id, access_token=None, refresh_token=None) def authorized_client(): def authorized_client() -> str: client = get_jwt_identity() if not client: raise UnauthorizedError() Loading Loading
management/data/shared.py +2 −0 Original line number Diff line number Diff line Loading @@ -35,6 +35,8 @@ PERM_TEACHER = dict( write_groups=True, write_projects=True, archive_projects=True, create_submissions_other=True, create_submissions=True, resubmit_submissions=True, evaluate_submissions=True, write_reviews_all=True Loading
portal/database/models.py +4 −3 Original line number Diff line number Diff line Loading @@ -71,9 +71,9 @@ class Client(db.Model): id: UUID string name: custom name for the secret type: client type (worker or user) secrets: a list of secrets for this client roles: roles associated with this client owner_id: reference to the enclosing entity of the client - secrets: a list of secrets for this client - roles: roles associated with this client - owner_id: reference to the enclosing entity of the client """ __tablename__ = 'client' id = db.Column(db.String(length=36), default=lambda: str( Loading Loading @@ -744,6 +744,7 @@ class RolePermissions(db.Model, EntityBase): archive_projects = db.Column(db.Boolean, default=False, nullable=False) create_submissions = db.Column(db.Boolean, default=False, nullable=False) create_submissions_other = db.Column(db.Boolean, default=False, nullable=False) resubmit_submissions = db.Column(db.Boolean, default=False, nullable=False) evaluate_submissions = db.Column(db.Boolean, default=False, nullable=False) Loading
portal/rest/courses.py +7 −7 Original line number Diff line number Diff line Loading @@ -53,10 +53,10 @@ class CourseResource(Resource): course = find_course(cid) # authorization perm_service = permissions.PermissionsService(course=course) if perm_service.check.client(['view_course_full']): if perm_service.check.permissions(['view_course_full']): return course_schema.dump(course) elif perm_service.check.client(['view_course_limited']): elif perm_service.check.permissions(['view_course_limited']): dump = course_schema.dump(course) filtered_course = filter_course_dump(course, dump.data, client) return filtered_course Loading @@ -78,7 +78,7 @@ class CourseResource(Resource): def put(self, cid: str): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['update_course']) permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( schema=course_schema, action='update', resource='course', partial=True Loading @@ -98,7 +98,7 @@ class CourseNotesToken(Resource): def get(self, cid): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['handle_notes_access_token']) permissions.PermissionsService(course=course).require.course_access_token() return course.notes_access_token @jwt_required Loading @@ -108,7 +108,7 @@ class CourseNotesToken(Resource): def put(self, cid): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['handle_notes_access_token']) permissions.PermissionsService(course=course).require.course_access_token() json_data = rest_helpers.require_data( action='update_notes_token', resource='course') Loading @@ -128,7 +128,7 @@ class CourseImport(Resource): def put(self, cid: str): course = find_course(cid) # authorization permissions.PermissionsService(course=course).require.client(['update_course']) permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( course_import_schema, action='import', resource='course' Loading @@ -154,7 +154,7 @@ class CourseUsers(Resource): @courses_namespace.response(403, 'Not allowed to see users in the course') def get(self, cid): course = find_course(cid) permissions.PermissionsService(course=course).require.client(['view_course_full']) permissions.PermissionsService(course=course).require.permissions(['view_course_full']) group_ids = request.args.getlist('group') role_ids = request.args.getlist('role') users = CourseService(course=course).get_users_filtered(group_ids, role_ids) Loading
portal/rest/groups.py +1 −3 Original line number Diff line number Diff line Loading @@ -33,9 +33,7 @@ class GroupsList(Resource): # authorization permissions.PermissionsService(course=course).require.update_course() data = rest_helpers.parse_request_data( group_schema, action='create', resource='group' ) data = rest_helpers.parse_request_data(group_schema, action='create', resource='group') new_group = GroupService().create_group(course, **data) return group_schema.dump(new_group)[0], 201 Loading
portal/rest/login.py +6 −6 Original line number Diff line number Diff line Loading @@ -5,7 +5,7 @@ from flask_restplus import Namespace, Resource, fields from portal import logger from portal.database.models import Client from portal.service.auth import login_gitlab, login_username_password, login_secret from portal.service.auth import login_gitlab, login_secret, login_username_password from portal.service.errors import PortalAPIError, UnauthorizedError log = logger.get_logger(__name__) Loading Loading @@ -50,8 +50,8 @@ class Refresh(Resource): @auth_namespace.marshal_with(refresh_schema) @auth_namespace.response(401, 'Client is not authorized') def post(self): client = authorized_client() return dict(access_token=create_access_token(identity=client)) client_id = authorized_client() return dict(access_token=create_access_token(identity=client_id)) @auth_namespace.route('/logout') Loading @@ -60,11 +60,11 @@ class Logout(Resource): @auth_namespace.marshal_with(logout_schema) @auth_namespace.response(401, 'Client is not authorized') def post(self): authorized_client() return dict(access_token=None, refresh_token=None) client_id = authorized_client() return dict(id=client_id, access_token=None, refresh_token=None) def authorized_client(): def authorized_client() -> str: client = get_jwt_identity() if not client: raise UnauthorizedError() Loading
