ogcp: fix restricted user mode

Match user enabled scopes as numerical id instead of the scope name. Rename get_available_scopes to get_center_choices and add only center data. This function returns the list of values used to validate the data returned by the form (form.scopes.choices). Fix scope filtering to only allow the scopes stored in the user configuration. The filtering removes the scopes of type 'center' from the scopes dictionary when the center id is not present in the list of available scopes for the logged user.
2024-06-14 12:16:29 +02:00 · 2024-06-14 12:16:29 +02:00 · c26b96e0b0
parent 3fa3888b84
commit c26b96e0b0
1 changed files with 13 additions and 18 deletions
--- a/ogcp/views.py
+++ b/ogcp/views.py
@ -219,12 +219,15 @@ def add_state_and_ips(scope, clients, ips):
                                 set(scope['ip']).issubset(ips))
    return scope['ip']

-def get_allowed_scopes(scopes, allowed_scopes):
+def remove_disabled_scopes(scopes):
    for scope in scopes.get('scope'):
-        if scope.get('name') in current_user.scopes or scope.get('type') == 'server':
-            allowed_scopes.append(scope)
+        if scope.get('type') == 'center':
+            if str(scope.get('id')) in current_user.scopes:
+                continue
+
+            scopes.get('scope').remove(scope)
        else:
-            get_allowed_scopes(scope, allowed_scopes)
+            remove_disabled_scopes(scope)

 def multi_request(method, uri, payload=None):
    responses = []
@ -305,9 +308,7 @@ def get_scopes(ips=set()):
    all_scopes = {'scope': list_scopes}
    all_scopes = sort_scopes(all_scopes)
    if current_user.scopes:
-        allowed_scopes = []
-        get_allowed_scopes(all_scopes, allowed_scopes)
-        all_scopes = {'scope': allowed_scopes}
+        remove_disabled_scopes(all_scopes)
    clients = get_clients()
    add_state_and_ips(all_scopes, clients['clients'], ips)

@ -2640,23 +2641,17 @@ def get_available_centers():
    available_centers = list()
    for resp in responses:
        centers = parse_scopes_from_tree(resp['json'], 'center')
-        centers = [(center['name'], center['name']) for center in centers]
+        centers = [(center['id'], center['name']) for center in centers]
        available_centers.extend(centers)
    return available_centers

-def get_available_scopes():
+def get_center_choices():
    responses = multi_request('get', '/scopes')
    available_scopes = list()
    for resp in responses:
-        servers = parse_scopes_from_tree(resp['json'], 'server')
-        servers = [(server['name'], server['name']) for server in servers]
-        available_scopes.extend(servers)
        centers = parse_scopes_from_tree(resp['json'], 'center')
-        centers = [(center['name'], center['name']) for center in centers]
+        centers = [(str(center['id']), center['name']) for center in centers]
        available_scopes.extend(centers)
-        rooms = parse_scopes_from_tree(resp['json'], 'room')
-        rooms = [(room['name'], room['name']) for room in rooms]
-        available_scopes.extend(rooms)
    return available_scopes


@ -2783,7 +2778,7 @@ def user_add_get():
@login_required
 def user_add_post():
    form = UserForm(request.form)
-    form.scopes.choices = get_available_scopes()
+    form.scopes.choices = get_center_choices()
    if not form.validate():
        flash(form.errors, category='error')
        return redirect(url_for('users'))
@ -2822,7 +2817,7 @@ def user_edit_get():
@login_required
 def user_edit_post():
    form = UserForm(request.form)
-    form.scopes.choices = get_available_scopes()
+    form.scopes.choices = get_center_choices()
    if not form.validate():
        flash(form.errors, category='error')
        return redirect(url_for('users'))