check canManageUsers capability to provide access to manage users api, fixes #1564
This commit is contained in:
j
parent
4d426ba508
commit
5afb84bc0a
2 changed files with 22 additions and 5 deletions
17
pandora/user/decorators.py
Normal file
17
pandora/user/decorators.py
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# vi:si:et:sw=4:sts=4:ts=4
|
||||||
|
try:
|
||||||
|
from django.contrib.auth.decorators import wraps
|
||||||
|
except:
|
||||||
|
from django.utils.functional import wraps
|
||||||
|
from ox.django.shortcuts import render_to_json_response, json_response
|
||||||
|
|
||||||
|
def capability_required_json(capability):
|
||||||
|
def capability_required(function=None):
|
||||||
|
def _wrapped_view(request, *args, **kwargs):
|
||||||
|
if request.user.is_authenticated() and \
|
||||||
|
request.user.get_profile().capability(capability):
|
||||||
|
return function(request, *args, **kwargs)
|
||||||
|
return render_to_json_response(json_response(status=403, text='permissino denied'))
|
||||||
|
return wraps(function)(_wrapped_view)
|
||||||
|
return capability_required
|
||||||
|
|
@ -13,7 +13,7 @@ from django.db.models import Max
|
||||||
from django.contrib.auth.models import User, Group
|
from django.contrib.auth.models import User, Group
|
||||||
|
|
||||||
from ox.django.shortcuts import render_to_json_response, json_response, get_object_or_404_json
|
from ox.django.shortcuts import render_to_json_response, json_response, get_object_or_404_json
|
||||||
from ox.django.decorators import admin_required_json, login_required_json
|
from ox.django.decorators import login_required_json
|
||||||
import ox
|
import ox
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -22,7 +22,7 @@ from item.models import Access, Item
|
||||||
from item import utils
|
from item import utils
|
||||||
|
|
||||||
import models
|
import models
|
||||||
|
from decorators import capability_required_json
|
||||||
|
|
||||||
def signin(request):
|
def signin(request):
|
||||||
'''
|
'''
|
||||||
|
|
@ -303,7 +303,7 @@ def requestToken(request):
|
||||||
actions.register(requestToken, cache=False)
|
actions.register(requestToken, cache=False)
|
||||||
|
|
||||||
|
|
||||||
@admin_required_json
|
@capability_required_json('canManageUsers')
|
||||||
def editUser(request):
|
def editUser(request):
|
||||||
'''
|
'''
|
||||||
takes {
|
takes {
|
||||||
|
|
@ -356,7 +356,7 @@ def editUser(request):
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(editUser, cache=False)
|
actions.register(editUser, cache=False)
|
||||||
|
|
||||||
@admin_required_json
|
@capability_required_json('canManageUsers')
|
||||||
def removeUser(request):
|
def removeUser(request):
|
||||||
'''
|
'''
|
||||||
takes {
|
takes {
|
||||||
|
|
@ -440,7 +440,7 @@ def order_query(qs, sort):
|
||||||
qs = qs.order_by(*order_by, nulls_last=True)
|
qs = qs.order_by(*order_by, nulls_last=True)
|
||||||
return qs
|
return qs
|
||||||
|
|
||||||
@admin_required_json
|
@capability_required_json('canManageUsers')
|
||||||
def findUsers(request):
|
def findUsers(request):
|
||||||
'''
|
'''
|
||||||
takes {
|
takes {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue