本文整理匯總了Python中aleph.model.Role類的典型用法代碼示例。如果您正苦於以下問題:Python Role類的具體用法?Python Role怎麽用?Python Role使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
在下文中一共展示了Role類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: handle_keycloak_oauth
def handle_keycloak_oauth(sender, provider=None, oauth=None):
from aleph.model import Role
superuser_role = 'superuser'
if 'secure.occrp.org' not in provider.base_url:
return
access_token = oauth.get('access_token')
token_data = jwt.decode(access_token, verify=False)
clients = token_data.get('resource_access', {})
client = clients.get(provider.consumer_key, {})
roles = set(client.get('roles', []))
is_admin = superuser_role in roles
user_id = 'kc:%s' % token_data.get('email')
if token_data.get('idashboard'):
user_id = 'idashboard:user:%s' % token_data.get('idashboard')
role = Role.load_or_create(user_id, Role.USER,
token_data.get('name'),
email=token_data.get('email'),
is_admin=is_admin)
role.clear_roles()
for role_name in roles:
group_role = Role.load_or_create('kc:%s' % role_name,
Role.GROUP,
role_name)
role.add_role(group_role)
log.debug("User %r is member of %r", role, group_role)
return role
示例2: create
def create():
require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN)
data = parse_request(RoleCreateSchema)
try:
email = Role.SIGNATURE.loads(data.get('code'),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
'status': 'error',
'message': gettext('Invalid code')
}, status=400)
role = Role.by_email(email)
if role is not None:
return jsonify({
'status': 'error',
'message': gettext('Email is already registered')
}, status=409)
role = Role.load_or_create(
foreign_id='password:{}'.format(email),
type=Role.USER,
name=data.get('name') or email,
email=email
)
role.set_password(data.get('password'))
db.session.add(role)
db.session.commit()
update_role(role)
# Let the serializer return more info about this user
request.authz.id = role.id
tag_request(role_id=role.id)
return RoleSerializer.jsonify(role, status=201)
示例3: callback
def callback():
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
# FIXME: notify the user, somehow.
return redirect(url_for('base_api.ui'))
session['oauth'] = resp
session['roles'] = [Role.system(Role.SYSTEM_USER)]
if 'googleapis.com' in oauth_provider.base_url:
me = oauth_provider.get('userinfo')
user_id = 'google:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER, me.data.get('name'),
email=me.data.get('email'))
elif 'occrp.org' in oauth_provider.base_url or \
'investigativedashboard.org' in oauth_provider.base_url:
me = oauth_provider.get('api/2/accounts/profile/')
user_id = 'idashboard:user:%s' % me.data.get('id')
role = Role.load_or_create(user_id, Role.USER,
me.data.get('display_name'),
email=me.data.get('email'),
is_admin=me.data.get('is_admin'))
for group in me.data.get('groups', []):
group_id = 'idashboard:%s' % group.get('id')
group_role = Role.load_or_create(group_id, Role.GROUP,
group.get('name'))
session['roles'].append(group_role.id)
else:
raise RuntimeError("Unknown OAuth URL: %r" % oauth_provider.base_url)
session['roles'].append(role.id)
session['user'] = role.id
db.session.commit()
log.info("Logged in: %r", role)
return redirect(url_for('base_api.ui'))
示例4: from_role
def from_role(cls, role):
roles = set([Role.load_id(Role.SYSTEM_GUEST)])
if role is None:
return cls(None, roles)
roles.add(role.id)
roles.add(Role.load_id(Role.SYSTEM_USER))
roles.update([g.id for g in role.roles])
return cls(role.id, roles, is_admin=role.is_admin)
示例5: get_public_roles
def get_public_roles():
app = current_app._get_current_object()
if not hasattr(app, '_public_roles') or not len(app._public_roles):
roles = [
Role.by_foreign_id(Role.SYSTEM_GUEST),
Role.by_foreign_id(Role.SYSTEM_USER)
]
app._public_roles = [r.id for r in roles if r is not None]
return app._public_roles
示例6: login
def login(self, foreign_id='tester', name=None, email=None,
is_admin=False):
role = self.create_user(foreign_id=foreign_id, name=name, email=email,
is_admin=is_admin)
with self.client.session_transaction() as sess:
sess['roles'] = [Role.system(Role.SYSTEM_GUEST),
Role.system(Role.SYSTEM_USER), role.id]
sess['user'] = role.id
return role
示例7: cleanup_deleted
def cleanup_deleted():
from aleph.model import Alert, Entity, Collection
from aleph.model import Permission, Role
Alert.cleanup_deleted()
Permission.cleanup_deleted()
Entity.cleanup_deleted()
Collection.cleanup_deleted()
Role.cleanup_deleted()
db.session.commit()
示例8: system_role
def system_role(role_name):
from aleph.model import Role
if not hasattr(app, '_authz_roles'):
app._authz_roles = {}
role = Role.load_or_create(Role.SYSTEM_GUEST, Role.SYSTEM,
'All visitors')
app._authz_roles[Role.SYSTEM_GUEST] = role.id
role = Role.load_or_create(Role.SYSTEM_USER, Role.SYSTEM,
'Logged-in users')
app._authz_roles[Role.SYSTEM_USER] = role.id
db.session.commit()
return app._authz_roles.get(role_name)
示例9: check_alerts
def check_alerts():
for role_id, in Role.notifiable():
with current_app.test_request_context('/'):
role = Role.by_id(role_id)
request.auth_role = role
request.logged_in = True
# FIXME: can't re-gain access to implicit oauth rules.
# -> https://github.com/pudo/aleph/issues/14
request.auth_roles = [Role.system(Role.SYSTEM_USER),
Role.system(Role.SYSTEM_GUEST),
role.id]
check_role_alerts(role)
示例10: create
def create():
require(request.authz.logged_in)
data = parse_request(CollectionCreateSchema)
role = Role.by_id(request.authz.id)
sync = get_flag('sync')
collection = create_collection(data, role=role, sync=sync)
return CollectionSerializer.jsonify(collection)
示例11: index
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
record_audit(Audit.ACT_COLLECTION, id=id)
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({
'total': len(permissions),
'results': permissions
})
示例12: view
def view(id):
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data["email"]
return jsonify(data)
示例13: handle_azure_oauth
def handle_azure_oauth(sender, provider=None, oauth=None):
from aleph.model import Role
if 'login.microsoftonline.com' not in provider.base_url:
return
# Get incoming token, extract header for use with certificate verification
id_token = oauth.get('id_token')
headerbit = id_token.split('.')[0]
headerbit = base64.b64decode(headerbit).decode('utf8')
headerbit = json.loads(headerbit)
# Load cert from MS - can be cached for upwards of 24hrs, not done now
cert_loc = 'https://login.microsoftonline.com/common/discovery/keys'
cert_data = json.loads(urlopen(cert_loc).read())
pemstart = "-----BEGIN CERTIFICATE-----\n"
pemend = "\n-----END CERTIFICATE-----\n"
# Find correct cert based on header
for key in cert_data['keys']:
if headerbit['kid'] == key['kid'] and headerbit['x5t'] == key['x5t']:
mspubkey = key['x5c'][0]
break
cert_str = pemstart + mspubkey + pemend
cert_obj = load_pem_x509_certificate(cert_str.encode('ascii'),
default_backend())
public_key = cert_obj.public_key()
# Decode incoming token and verify against the MS cert
token_data = jwt.decode(id_token, public_key, verify=True,
audience=settings.OAUTH_KEY)
# All Ok, move on
user_id = 'azure:%s' % token_data['upn']
return Role.load_or_create(user_id, Role.USER, token_data['name'],
email=token_data['upn'])
示例14: index
def index():
require(request.authz.logged_in)
role = Role.by_id(request.authz.id)
query = Notification.by_channels(get_role_channels(role),
since=role.notified_at,
exclude_actor_id=role.id)
result = DatabaseQueryResult(request, query)
return NotificationSerializer.jsonify_result(result)
示例15: update
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)