diff --git a/angular_app/index.html b/angular_app/index.html
index 62c6840..67e399b 100644
--- a/angular_app/index.html
+++ b/angular_app/index.html
@@ -52,7 +52,7 @@
diff --git a/angular_app/js/app.js b/angular_app/js/app.js
index a0f4f2d..1142f02 100644
--- a/angular_app/js/app.js
+++ b/angular_app/js/app.js
@@ -58,21 +58,25 @@ eventManApp.run(['$rootScope', '$state', '$stateParams', '$log', 'Info',
};
/* Check GUI privileges. */
- $rootScope.requires = function(permission) {
+ $rootScope.hasPermission = function(permission) {
if (!($rootScope.info && $rootScope.info.user &&
- $rootScope.info.user.username && $rootScope.info.user.privileges)) {
+ $rootScope.info.user.username && $rootScope.info.user.permissions)) {
return false;
}
- var accepted = false;
- angular.forEach($rootScope.info.user.privileges || [],
+ var granted = false;
+ var splitted_permission = permission.split(':');
+ var main_permission = splitted_permission + ':all';
+
+ angular.forEach($rootScope.info.user.permissions || [],
function(value, idx) {
- if (value === permission) {
- accepted = true;
+ if (value === 'admin:all' || value === main_permission || value === permission) {
+ granted = true;
return;
}
+
}
);
- return accepted;
+ return granted;
};
}]
);
diff --git a/eventman_server.py b/eventman_server.py
index b133a35..e7cb24c 100755
--- a/eventman_server.py
+++ b/eventman_server.py
@@ -78,7 +78,6 @@ def requires(permissions):
return requires_wrapper()
-
class BaseHandler(tornado.web.RequestHandler):
"""Base class for request handlers."""
# A property to access the first value of each argument.
@@ -135,6 +134,34 @@ class BaseHandler(tornado.web.RequestHandler):
"""Retrieve current user from the secure cookie."""
return self.get_secure_cookie("user")
+ def get_user_info(self):
+ current_user = self.get_current_user()
+ if current_user:
+ user_info = {}
+ user_info['username'] = current_user
+ res = self.db.query('users', {'username': current_user})
+ if res:
+ user = res[0]
+ user_info['permissions'] = user.get('permissions') or []
+ return user_info
+ return {}
+
+ def has_permission(self, permission):
+ """Check permissions of the current user.
+
+ :param permission: the permission to check
+ :type permission: str
+
+ :returns: True if the user is allowed to perform the action or False
+ :rtype: bool
+ """
+ user_info = self.get_user_info()
+ user_permissions = user_info.get('permissions') or []
+ if not user_info:
+ return False
+ main_permission = '%s:all' % permission.split(':')[0]
+ return 'admin:all' in user_permissions or main_permission in user_permissions or permission in user_permissions
+
def logout(self):
"""Remove the secure cookie used fro authentication."""
self.clear_cookie("user")
@@ -605,14 +632,8 @@ class InfoHandler(BaseHandler):
@authenticated
def get(self, **kwds):
info = {}
- current_user = self.get_current_user()
- if current_user:
- user_info = {}
- user_info['username'] = current_user
- res = self.db.query('users', {'username': current_user})
- if res:
- user = res[0]
- user_info['privileges'] = user.get('privileges') or []
+ user_info = self.get_user_info()
+ if user_info:
info['user'] = user_info
self.write({'info': info})
@@ -749,7 +770,7 @@ def run():
if not db_connector.query('users', {'username': 'admin'}):
db_connector.add('users',
{'username': 'admin', 'password': utils.hash_password('eventman'),
- 'privileges': ['admin']})
+ 'permissions': ['admin:all']})
# If present, use the cookie_secret stored into the database.
cookie_secret = db_connector.query('settings', {'setting': 'server_cookie_secret'})