powerdns-admin/app/decorators.py

from functools import wraps
from flask import g, redirect, url_for

from app.models import Setting


def admin_role_required(f):
    """
    Grant access if user is in Administrator role
    """
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if g.user.role.name != 'Administrator':
            return redirect(url_for('error', code=401))
        return f(*args, **kwargs)
    return decorated_function


def operator_role_required(f):
    """
    Grant access if user is in Operator role or higher
    """
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if g.user.role.name not in ['Administrator', 'Operator']:
            return redirect(url_for('error', code=401))
        return f(*args, **kwargs)
    return decorated_function


def can_access_domain(f):
    """
    Grant access if:
        - user is in Operator role or higher, or
        - user is in granted Account, or
        - user is in granted Domain
    """
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if g.user.role.name not in ['Administrator', 'Operator']:
            domain_name = kwargs.get('domain_name')
            user_domain = [d.name for d in g.user.get_domain()]

            if domain_name not in user_domain:
                return redirect(url_for('error', code=401))

        return f(*args, **kwargs)
    return decorated_function


def can_configure_dnssec(f):
    """
    Grant access if:
        - user is in Operator role or higher, or
        - dnssec_admins_only is off
    """
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if g.user.role.name not in ['Administrator', 'Operator'] and Setting().get('dnssec_admins_only'):
            return redirect(url_for('error', code=401))

        return f(*args, **kwargs)
    return decorated_function
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00			`from functools import wraps`
Fix python code as suggestion from LGTM 2018-08-31 11:00:41 +00:00			`from flask import g, redirect, url_for`
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00
Fix python code as suggestion from LGTM 2018-08-31 11:00:41 +00:00			`from app.models import Setting`
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00

			`def admin_role_required(f):`
Adding Operator role 2018-08-31 04:57:06 +00:00			`"""`
			`Grant access if user is in Administrator role`
			`"""`
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
			`if g.user.role.name != 'Administrator':`
			`return redirect(url_for('error', code=401))`
			`return f(args, *kwargs)`
			`return decorated_function`


Adding Operator role 2018-08-31 04:57:06 +00:00			`def operator_role_required(f):`
			`"""`
			`Grant access if user is in Operator role or higher`
			`"""`
			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
			`if g.user.role.name not in ['Administrator', 'Operator']:`
			`return redirect(url_for('error', code=401))`
			`return f(args, *kwargs)`
			`return decorated_function`


Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00			`def can_access_domain(f):`
Adding Operator role 2018-08-31 04:57:06 +00:00			`"""`
			`Grant access if:`
			`- user is in Operator role or higher, or`
			`- user is in granted Account, or`
			`- user is in granted Domain`
			`"""`
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
Adding Operator role 2018-08-31 04:57:06 +00:00			`if g.user.role.name not in ['Administrator', 'Operator']:`
Adjustment to give user access to granted domain only 2018-03-31 00:32:46 +00:00			`domain_name = kwargs.get('domain_name')`
			`user_domain = [d.name for d in g.user.get_domain()]`

			`if domain_name not in user_domain:`
			`return redirect(url_for('error', code=401))`

			`return f(args, *kwargs)`
			`return decorated_function`
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 02:28:14 +00:00

			`def can_configure_dnssec(f):`
Adding Operator role 2018-08-31 04:57:06 +00:00			`"""`
			`Grant access if:`
			`- user is in Operator role or higher, or`
			`- dnssec_admins_only is off`
			`"""`
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 02:28:14 +00:00			`@wraps(f)`
			`def decorated_function(args, *kwargs):`
Adding Operator role 2018-08-31 04:57:06 +00:00			`if g.user.role.name not in ['Administrator', 'Operator'] and Setting().get('dnssec_admins_only'):`
			`return redirect(url_for('error', code=401))`
Validate user role and DNSSEC_ADMINS_ONLY config on DNSSEC related routes 2018-06-07 02:28:14 +00:00
			`return f(args, *kwargs)`
			`return decorated_function`