Commit 13aa574a authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

Merge branch '243-authorized-members-to-create-an-app' into 'django'

Resolve "Authorized members to create an app"

Closes #243

See merge request !115
parents d9392f3f 01d6cb8c
Pipeline #40743 failed with stage
in 1 minute and 41 seconds
from django.conf import settings
from django.core.exceptions import PermissionDenied
class GroupRequiredMixin(object):
class IsProviderMixin(object):
"""Authorize a user to access specific views
"""
group_required - list of strings, required param
"""
group_required = None
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated():
raise PermissionDenied
local_part, domain = request.user.email.split("@")
if domain in settings.ALLOWED_DEVELOPER_DOMAINS:
return super().dispatch(request, *args, **kwargs)
else:
user_groups = []
for group in request.user.groups.values_list('name', flat=True):
user_groups.append(group)
if len(set(user_groups).intersection(self.group_required)) <= 0:
raise PermissionDenied
return super(GroupRequiredMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied
......@@ -2,6 +2,7 @@ from __future__ import unicode_literals
import os
from django.conf import settings
from django.contrib import auth
from django.contrib.auth.models import User, AnonymousUser
from django.core.validators import MinLengthValidator, MinValueValidator, \
RegexValidator
......@@ -17,6 +18,7 @@ from .validators import job_param_validator, docker_container_id_validator, \
sshkey_validator, token_validator
def generate_token(length=32):
""" Generate a random string according to its length.
......@@ -610,8 +612,18 @@ def save_user_profile(sender, instance, **kwargs):
instance.allgouser.save()
def is_provider(user):
"""Return true if the user belongs to the allowed developer domains
"""
local_part, domain = user.email.split("@")
if domain in settings.ALLOWED_DEVELOPER_DOMAINS:
return True
else:
return False
# Add the `is_provider` function as a `User` model method
auth.models.User.add_to_class('is_provider', is_provider)
# NOTE: because there is a circular dependency between models.py and
# helpers.py, we have to do this import after 'Job' and 'Webapp' are defined
from .helpers import is_allowed_ip_admin
from django import template
from django.contrib.auth.models import Group
register = template.Library()
@register.filter(name='has_group')
def has_group(user, group_name):
group = Group.objects.get(name=group_name)
return group in user.groups.all()
......@@ -62,7 +62,7 @@ from .forms import (
# Local imports
import config
from .helpers import get_base_url, get_ssh_data, upload_data, notify_controller, lookup_job_file
from .mixins import GroupRequiredMixin
from .mixins import IsProviderMixin
from .models import (
AllgoUser,
DockerOs,
......@@ -228,7 +228,7 @@ class WebappUpdate(SuccessMessageMixin, LoginRequiredMixin, UpdateView):
return super(WebappUpdate, self).form_invalid(form)
class WebappCreate(SuccessMessageMixin, LoginRequiredMixin, GroupRequiredMixin, CreateView):
class WebappCreate(SuccessMessageMixin, LoginRequiredMixin, IsProviderMixin, CreateView):
"""Create a new webapp
Attributes:
......@@ -243,7 +243,7 @@ class WebappCreate(SuccessMessageMixin, LoginRequiredMixin, GroupRequiredMixin,
form_class = WebappForm
success_message = 'Webapp created successfully.'
template_name = 'webapp_add.html'
group_required = ['inria', ]
# group_required = ['inria', ]
def get_success_url(self):
"""If successful redirect to the webapp list page"""
......@@ -1008,7 +1008,7 @@ class RunnerList(LoginRequiredMixin, ListView):
return super().get_context_data(**kwargs)
class RunnerCreate(SuccessMessageMixin, LoginRequiredMixin, GroupRequiredMixin, CreateView):
class RunnerCreate(SuccessMessageMixin, LoginRequiredMixin, IsProviderMixin, CreateView):
"""Create a runner and save it into the database
Attributes:
......@@ -1024,7 +1024,6 @@ class RunnerCreate(SuccessMessageMixin, LoginRequiredMixin, GroupRequiredMixin,
error_message = 'You don\'t have sufficient privileges to create an open bar runner.'
success_url = reverse_lazy('main:runner_list')
template_name = 'runner_add_update.html'
group_required = ['inria', ]
def form_valid(self, form):
""" Validate some fields before saving them."""
......
{% extends "base.html" %}
{% load static groups converters humanize %}
{% load static converters humanize %}
{% block title %}Available apps for tag {{ tag | title }}{% endblock %}
......
{% extends "base.html" %}
{% load static groups converters humanize %}
{% load static converters humanize %}
{% block title %}Available apps{% endblock %}
......@@ -21,7 +21,7 @@
</div>
<div class="col text-right">
{% if request.user|has_group:'inria' %}
{% if request.user.is_provider %}
<a
href="{% url 'main:webapp_creation' %}"
data-toggle="tooltip"
......
......@@ -180,6 +180,9 @@ with env_loader.EnvironmentVarLoader(__name__, "ALLGO_",
env_var("ALLGO_SSH_PORT", default="2222",
help="tcp port where allgo is reachable by ssh")
env_var("ALLGO_ALLOWED_DEVELOPER_DOMAINS",
default="localhost",
help="allowed domains to create applications")
env_var("ALLGO_WEBAPP_DEFAULT_MEMORY_LIMIT_MB", default=str(4*1024),
help="default memory limit (in megabytes) for newly created webapps")
......
......@@ -262,6 +262,7 @@ SOCIALACCOUNT_PROVIDERS = {
},
}
ALLOWED_DEVELOPER_DOMAINS = env.ALLGO_ALLOWED_DEVELOPER_DOMAINS.split(",")
# Logging
# ------------------------------------------------------------------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment