2018-03-31 00:32:46 +00:00
|
|
|
from functools import wraps
|
2018-08-31 11:00:41 +00:00
|
|
|
from flask import g, redirect, url_for
|
2018-03-31 00:32:46 +00:00
|
|
|
|
2018-08-31 11:00:41 +00:00
|
|
|
from app.models import Setting
|
2018-03-31 00:32:46 +00:00
|
|
|
|
|
|
|
|
|
|
|
def admin_role_required(f):
|
2018-08-31 04:57:06 +00:00
|
|
|
"""
|
|
|
|
Grant access if user is in Administrator role
|
|
|
|
"""
|
2018-03-31 00:32:46 +00:00
|
|
|
@wraps(f)
|
|
|
|
def decorated_function(*args, **kwargs):
|
|
|
|
if g.user.role.name != 'Administrator':
|
|
|
|
return redirect(url_for('error', code=401))
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_function
|
|
|
|
|
|
|
|
|
2018-08-31 04:57:06 +00:00
|
|
|
def operator_role_required(f):
|
|
|
|
"""
|
|
|
|
Grant access if user is in Operator role or higher
|
|
|
|
"""
|
|
|
|
@wraps(f)
|
|
|
|
def decorated_function(*args, **kwargs):
|
|
|
|
if g.user.role.name not in ['Administrator', 'Operator']:
|
|
|
|
return redirect(url_for('error', code=401))
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_function
|
|
|
|
|
|
|
|
|
2018-03-31 00:32:46 +00:00
|
|
|
def can_access_domain(f):
|
2018-08-31 04:57:06 +00:00
|
|
|
"""
|
|
|
|
Grant access if:
|
|
|
|
- user is in Operator role or higher, or
|
|
|
|
- user is in granted Account, or
|
|
|
|
- user is in granted Domain
|
|
|
|
"""
|
2018-03-31 00:32:46 +00:00
|
|
|
@wraps(f)
|
|
|
|
def decorated_function(*args, **kwargs):
|
2018-08-31 04:57:06 +00:00
|
|
|
if g.user.role.name not in ['Administrator', 'Operator']:
|
2018-03-31 00:32:46 +00:00
|
|
|
domain_name = kwargs.get('domain_name')
|
|
|
|
user_domain = [d.name for d in g.user.get_domain()]
|
|
|
|
|
|
|
|
if domain_name not in user_domain:
|
|
|
|
return redirect(url_for('error', code=401))
|
|
|
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_function
|
2018-06-07 02:28:14 +00:00
|
|
|
|
|
|
|
|
|
|
|
def can_configure_dnssec(f):
|
2018-08-31 04:57:06 +00:00
|
|
|
"""
|
|
|
|
Grant access if:
|
|
|
|
- user is in Operator role or higher, or
|
|
|
|
- dnssec_admins_only is off
|
|
|
|
"""
|
2018-06-07 02:28:14 +00:00
|
|
|
@wraps(f)
|
|
|
|
def decorated_function(*args, **kwargs):
|
2018-08-31 04:57:06 +00:00
|
|
|
if g.user.role.name not in ['Administrator', 'Operator'] and Setting().get('dnssec_admins_only'):
|
|
|
|
return redirect(url_for('error', code=401))
|
2018-06-07 02:28:14 +00:00
|
|
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_function
|
2018-09-01 10:53:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
def can_create_domain(f):
|
|
|
|
"""
|
|
|
|
Grant access if:
|
|
|
|
- user is in Operator role or higher, or
|
|
|
|
- allow_user_create_domain is on
|
|
|
|
"""
|
|
|
|
@wraps(f)
|
|
|
|
def decorated_function(*args, **kwargs):
|
|
|
|
if g.user.role.name not in ['Administrator', 'Operator'] and not Setting().get('allow_user_create_domain'):
|
|
|
|
return redirect(url_for('error', code=401))
|
|
|
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_function
|