fixes 169: ability to grant super cow powers to users

This commit is contained in:
Davide Alberani 2017-04-03 21:39:26 +02:00
parent fd3c3111a2
commit 0c231432a2
4 changed files with 26 additions and 8 deletions

11
angular_app/js/app.js vendored
View file

@ -75,16 +75,19 @@ eventManApp.run(['$rootScope', '$state', '$stateParams', '$log', 'Info',
}
};
/* Check GUI privileges. */
$rootScope.hasPermission = function(permission) {
if (!($rootScope.info && $rootScope.info.user && $rootScope.info.user.permissions)) {
/* Check privileges of the currently logged in user or of the one specified with the second parameter. */
$rootScope.hasPermission = function(permission, user) {
if (!(user || ($rootScope.info && $rootScope.info.user && $rootScope.info.user.permissions))) {
return false;
}
if (!user) {
user = $rootScope.info.user;
}
var granted = false;
var splitted_permission = permission.split('|');
var global_permission = splitted_permission[0] + '|all';
angular.forEach($rootScope.info.user.permissions || [],
angular.forEach(user.permissions || [],
function(value, idx) {
if (value === 'admin|all' || value === global_permission || value === permission) {
granted = true;

View file

@ -687,6 +687,7 @@ eventManControllers.controller('UsersCtrl', ['$scope', '$rootScope', '$state', '
if ($state.is('user.edit') && $state.params.id) {
$scope.user = User.get({id: $state.params.id}, function() {
$scope.updateUserInfo = $scope.user;
$scope.updateUserInfo.isAdmin = $rootScope.hasPermission('admin|all', $scope.updateUserInfo);
});
}

View file

@ -20,6 +20,11 @@
<span class="input-group-addon min150">{{'New password' | translate}}</span>
<input type="password" id="new-password" name="new-password" ng-model="updateUserInfo.new_password" class="form-control">
</div>
<div class="checkbox">
<label>
<input type="checkbox" ng-model="updateUserInfo.isAdmin"> Check me out
</label>
</div>
<button type="submit" ng-click="updateUser()" class="btn btn-success top10">{{'update' | translate}}</button>
</form>
</div>

View file

@ -909,9 +909,18 @@ class UsersHandler(CollectionHandler):
del data['_id']
if 'username' in data:
del data['username']
# for the moment, prevent the ability to update permissions via web
if not self.has_permission('admin|all'):
if 'permissions' in data:
del data['permissions']
else:
if 'isAdmin' in data:
if not 'permissions' in data:
data['permissions'] = []
if 'admin|all' in data['permissions'] and not data['isAdmin']:
data['permissions'].remove('admin|all')
elif 'admin|all' not in data['permissions'] and data['isAdmin']:
data['permissions'].append('admin|all')
del data['isAdmin']
return data
@gen.coroutine
@ -1197,7 +1206,7 @@ def run():
ws_application = tornado.web.Application([_ws_handler], debug=options.debug)
ws_http_server = tornado.httpserver.HTTPServer(ws_application)
ws_http_server.listen(options.port+1, address='127.0.0.1')
logger.debug('Starting WebSocket on %s://127.0.0.1:%d', 'wss' if ssl_options else 'ws', options.port+1)
logger.debug('Starting WebSocket on ws://127.0.0.1:%d', options.port+1)
tornado.ioloop.IOLoop.instance().start()