diff options
| author |   grakiss <grakiss.wanglei@huawei.com> | 2017-07-07 15:06:29 +0800 |
|---|---|---|
| committer | grakiss <grakiss.wanglei@huawei.com> | 2017-07-20 09:51:50 +0800 |
| commit | cf402a2a6888ade5c57165dc978a59d2330307a7 (patch) | |
| tree | 64031db8f9b231867ab2466679b23eb6ade79b37 /testapi/opnfv_testapi/ui | |
| parent | 0c684cf169699a48570cb96c565d40007d4f006f (diff) | |
role based access control and result upload
1. add role for user
2. user can upload test results
Change-Id: I1c5370be7818edb0394f05e8b81f975deb98b286
Signed-off-by: grakiss <grakiss.wanglei@huawei.com>
Diffstat (limited to 'testapi/opnfv_testapi/ui')
| -rw-r--r-- | testapi/opnfv_testapi/ui/auth/constants.py | 2 | ||||
| -rw-r--r-- | testapi/opnfv_testapi/ui/auth/sign.py | 29 | ||||
| -rw-r--r-- | testapi/opnfv_testapi/ui/auth/user.py | 2 |
3 files changed, 24 insertions, 9 deletions
diff --git a/testapi/opnfv_testapi/ui/auth/constants.py b/testapi/opnfv_testapi/ui/auth/constants.py index 43f69d7..44ccb46 100644 --- a/testapi/opnfv_testapi/ui/auth/constants.py +++ b/testapi/opnfv_testapi/ui/auth/constants.py @@ -1,4 +1,6 @@ OPENID = 'openid' +ROLE = 'role' +DEFAULT_ROLE = 'user' # OpenID parameters OPENID_MODE = 'openid.mode' diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py index 6a9d94e..5b36225 100644 --- a/testapi/opnfv_testapi/ui/auth/sign.py +++ b/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,4 +1,7 @@ from six.moves.urllib import parse +from tornado import gen +from tornado import web +import logging from opnfv_testapi.common import config from opnfv_testapi.ui.auth import base @@ -31,20 +34,31 @@ class SigninHandler(base.BaseHandler): class SigninReturnHandler(base.BaseHandler): + @web.asynchronous + @gen.coroutine def get(self): if self.get_query_argument(const.OPENID_MODE) == 'cancel': self._auth_failure('Authentication canceled.') openid = self.get_query_argument(const.OPENID_CLAIMED_ID) - user_info = { + role = const.DEFAULT_ROLE + new_user_info = { 'openid': openid, 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), - 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME) + 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME), + const.ROLE: role } + user = yield self.db_find_one({'openid': openid}) + if not user: + self.db_save(self.table, new_user_info) + logging.info('save to db:%s', new_user_info) + else: + role = user.get(const.ROLE) - self.db_save(self.table, user_info) - if not self.get_secure_cookie('openid'): - self.set_secure_cookie('openid', openid) + self.clear_cookie(const.OPENID) + self.clear_cookie(const.ROLE) + self.set_secure_cookie(const.OPENID, openid) + self.set_secure_cookie(const.ROLE, role) self.redirect(url=CONF.ui_url) def _auth_failure(self, message): @@ -57,9 +71,8 @@ class SigninReturnHandler(base.BaseHandler): class SignoutHandler(base.BaseHandler): def get(self): """Handle signout request.""" - openid = self.get_secure_cookie(const.OPENID) - if openid: - self.clear_cookie(const.OPENID) + self.clear_cookie(const.OPENID) + self.clear_cookie(const.ROLE) params = {'openid_logout': CONF.osid_openid_logout_endpoint} url = parse.urljoin(CONF.ui_url, '/#/logout?' + parse.urlencode(params)) diff --git a/testapi/opnfv_testapi/ui/auth/user.py b/testapi/opnfv_testapi/ui/auth/user.py index 140bca5..2fca2a8 100644 --- a/testapi/opnfv_testapi/ui/auth/user.py +++ b/testapi/opnfv_testapi/ui/auth/user.py @@ -17,7 +17,7 @@ class ProfileHandler(base.BaseHandler): "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), - "is_admin": False + "role": user.get('role', 'user') }) except Exception: pass |