canaille-globuzma/canaille/flaskutils.py

import ldap
from functools import wraps
from flask import session, abort
from canaille.models import User


def current_user():
    if not session.get("user_dn"):
        return None

    if not isinstance(session.get("user_dn"), list):
        del session["user_dn"]
        return None

    dn = session["user_dn"][-1]
    try:
        user = User.get(dn=dn)
    except ldap.LDAPError:
        return None

    if not user:
        try:
            session["user_dn"] = session["user_dn"][:-1]
        except IndexError:
            del session["user_dn"]

    return user


def user_needed():
    def wrapper(view_function):
        @wraps(view_function)
        def decorator(*args, **kwargs):
            user = current_user()
            if not user:
                abort(403)
            return view_function(*args, user=user, **kwargs)

        return decorator

    return wrapper


def permissions_needed(*args):
    permissions = set(args)

    def wrapper(view_function):
        @wraps(view_function)
        def decorator(*args, **kwargs):
            user = current_user()
            if not user or not permissions.issubset(user.permissions):
                abort(403)
            return view_function(*args, user=user, **kwargs)

        return decorator

    return wrapper
Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 20:49:38 +00:00			`import ldap`
Admin login 2020-08-19 14:20:57 +00:00			`from functools import wraps`
			`from flask import session, abort`
Renamed the project 'canaille' 2020-10-21 12:04:40 +00:00			`from canaille.models import User`
Admin login 2020-08-19 14:20:57 +00:00

			`def current_user():`
Admins can impersonate users. Fixes #39 2020-12-11 10:52:37 +00:00			`if not session.get("user_dn"):`
Can logout even if the session user does not exist 2020-09-15 07:43:36 +00:00			`return None`

Admins can impersonate users. Fixes #39 2020-12-11 10:52:37 +00:00			`if not isinstance(session.get("user_dn"), list):`
			`del session["user_dn"]`
			`return None`

			`dn = session["user_dn"][-1]`
Better error messages when LDAP server is unreachable, or authentication has failed 2021-12-06 20:49:38 +00:00			`try:`
			`user = User.get(dn=dn)`
			`except ldap.LDAPError:`
			`return None`
Fixed a bug happening when a user is deleted during his session 2020-11-25 16:41:03 +00:00
			`if not user:`
Admins can impersonate users. Fixes #39 2020-12-11 10:52:37 +00:00			`try:`
			`session["user_dn"] = session["user_dn"][:-1]`
			`except IndexError:`
			`del session["user_dn"]`
Fixed a bug happening when a user is deleted during his session 2020-11-25 16:41:03 +00:00
			`return user`
Admin login 2020-08-19 14:20:57 +00:00

			`def user_needed():`
			`def wrapper(view_function):`
			`@wraps(view_function)`
			`def decorator(args, *kwargs):`
User token list view 2020-08-27 08:50:50 +00:00			`user = current_user()`
			`if not user:`
Admin login 2020-08-19 14:20:57 +00:00			`abort(403)`
User token list view 2020-08-27 08:50:50 +00:00			`return view_function(args, user=user, *kwargs)`
Admin login 2020-08-19 14:20:57 +00:00
			`return decorator`

			`return wrapper`


Permissions overhaul 2021-12-02 17:23:14 +00:00			`def permissions_needed(*args):`
			`permissions = set(args)`
Moderators group. #12 2020-11-02 11:13:03 +00:00
Admin login 2020-08-19 14:20:57 +00:00			`def wrapper(view_function):`
			`@wraps(view_function)`
			`def decorator(args, *kwargs):`
			`user = current_user()`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`if not user or not permissions.issubset(user.permissions):`
Admin login 2020-08-19 14:20:57 +00:00			`abort(403)`
admin_needed passes the user 2020-10-29 10:09:31 +00:00			`return view_function(args, user=user, *kwargs)`
Admin login 2020-08-19 14:20:57 +00:00
			`return decorator`

			`return wrapper`