rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add API views for admin user to become / stop being "root"

Browse source
This commit is contained in:
Lance Edgar 2019-11-26 16:42:27 -06:00
parent 31ae68f96e
commit 6c029382d9
1 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
tailbone/api/auth.py
View file

@ -56,6 +56,7 @@ class AuthenticationView(APIView):
data = {'ok': True} data = {'ok': True}
if self.request.user: if self.request.user:
data = self.user_info(self.request.user) data = self.user_info(self.request.user)
data['user']['is_admin'] = self.request.is_admin
data['user']['is_root'] = self.request.is_root data['user']['is_root'] = self.request.is_root
data['permissions'] = list(self.request.tailbone_cached_permissions) data['permissions'] = list(self.request.tailbone_cached_permissions)
@ -103,6 +104,28 @@ class AuthenticationView(APIView):
logout_user(self.request) logout_user(self.request)
return {'ok': True} return {'ok': True}
@api
def become_root(self):
"""
Elevate the current request to 'root' for full system access.
"""
if not self.request.is_admin:
raise self.forbidden()
self.request.user.record_event(self.enum.USER_EVENT_BECOME_ROOT)
self.request.session['is_root'] = True
return self.user_info(self.request.user)
@api
def stop_root(self):
"""
Lower the current request from 'root' back to normal access.
"""
if not self.request.is_admin:
raise self.forbidden()
self.request.user.record_event(self.enum.USER_EVENT_STOP_ROOT)
self.request.session['is_root'] = False
return self.user_info(self.request.user)
@classmethod @classmethod
def defaults(cls, config): def defaults(cls, config):
@ -118,6 +141,14 @@ class AuthenticationView(APIView):
config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST')) config.add_route('api.logout', '/logout', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='logout', route_name='api.logout', renderer='json') config.add_view(cls, attr='logout', route_name='api.logout', renderer='json')
# become root
config.add_route('api.become_root', '/become-root', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='become_root', route_name='api.become_root', renderer='json')
# stop root
config.add_route('api.stop_root', '/stop-root', request_method=('OPTIONS', 'POST'))
config.add_view(cls, attr='stop_root', route_name='api.stop_root', renderer='json')
def includeme(config): def includeme(config):
AuthenticationView.defaults(config) AuthenticationView.defaults(config)