From cf402a2a6888ade5c57165dc978a59d2330307a7 Mon Sep 17 00:00:00 2001 From: grakiss Date: Fri, 7 Jul 2017 15:06:29 +0800 Subject: role based access control and result upload 1. add role for user 2. user can upload test results Change-Id: I1c5370be7818edb0394f05e8b81f975deb98b286 Signed-off-by: grakiss --- testapi/opnfv_testapi/ui/auth/constants.py | 2 ++ testapi/opnfv_testapi/ui/auth/sign.py | 29 +++++++++++++++++++++-------- testapi/opnfv_testapi/ui/auth/user.py | 2 +- 3 files changed, 24 insertions(+), 9 deletions(-) (limited to 'testapi/opnfv_testapi/ui') diff --git a/testapi/opnfv_testapi/ui/auth/constants.py b/testapi/opnfv_testapi/ui/auth/constants.py index 43f69d7..44ccb46 100644 --- a/testapi/opnfv_testapi/ui/auth/constants.py +++ b/testapi/opnfv_testapi/ui/auth/constants.py @@ -1,4 +1,6 @@ OPENID = 'openid' +ROLE = 'role' +DEFAULT_ROLE = 'user' # OpenID parameters OPENID_MODE = 'openid.mode' diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py index 6a9d94e..5b36225 100644 --- a/testapi/opnfv_testapi/ui/auth/sign.py +++ b/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,4 +1,7 @@ from six.moves.urllib import parse +from tornado import gen +from tornado import web +import logging from opnfv_testapi.common import config from opnfv_testapi.ui.auth import base @@ -31,20 +34,31 @@ class SigninHandler(base.BaseHandler): class SigninReturnHandler(base.BaseHandler): + @web.asynchronous + @gen.coroutine def get(self): if self.get_query_argument(const.OPENID_MODE) == 'cancel': self._auth_failure('Authentication canceled.') openid = self.get_query_argument(const.OPENID_CLAIMED_ID) - user_info = { + role = const.DEFAULT_ROLE + new_user_info = { 'openid': openid, 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), - 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME) + 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME), + const.ROLE: role } + user = yield self.db_find_one({'openid': openid}) + if not user: + self.db_save(self.table, new_user_info) + logging.info('save to db:%s', new_user_info) + else: + role = user.get(const.ROLE) - self.db_save(self.table, user_info) - if not self.get_secure_cookie('openid'): - self.set_secure_cookie('openid', openid) + self.clear_cookie(const.OPENID) + self.clear_cookie(const.ROLE) + self.set_secure_cookie(const.OPENID, openid) + self.set_secure_cookie(const.ROLE, role) self.redirect(url=CONF.ui_url) def _auth_failure(self, message): @@ -57,9 +71,8 @@ class SigninReturnHandler(base.BaseHandler): class SignoutHandler(base.BaseHandler): def get(self): """Handle signout request.""" - openid = self.get_secure_cookie(const.OPENID) - if openid: - self.clear_cookie(const.OPENID) + self.clear_cookie(const.OPENID) + self.clear_cookie(const.ROLE) params = {'openid_logout': CONF.osid_openid_logout_endpoint} url = parse.urljoin(CONF.ui_url, '/#/logout?' + parse.urlencode(params)) diff --git a/testapi/opnfv_testapi/ui/auth/user.py b/testapi/opnfv_testapi/ui/auth/user.py index 140bca5..2fca2a8 100644 --- a/testapi/opnfv_testapi/ui/auth/user.py +++ b/testapi/opnfv_testapi/ui/auth/user.py @@ -17,7 +17,7 @@ class ProfileHandler(base.BaseHandler): "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), - "is_admin": False + "role": user.get('role', 'user') }) except Exception: pass -- cgit 1.2.3-korg