Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

canSponsorGroup and canAdminGroup now work properly

Browse source
This commit is contained in:
Michael McGrath 2008-02-21 17:04:37 -06:00
parent b8e21fff32
commit e7aa994b88
1 changed files with 39 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

55
fas/fas/auth.py
View file

@ -6,46 +6,69 @@ from fas.fasLDAP import Person
from fas.fasLDAP import UserGroup from fas.fasLDAP import UserGroup
from fas.model import Groups from fas.model import Groups
from fas.model import PersonRoles
from fas.model import People
from sqlalchemy.exceptions import *
import re import re
def isAdmin(userName, g=None): def isAdmin(userName, g=None):
p = People.by_username(userName)
admingroup = config.get('admingroup') admingroup = config.get('admingroup')
if not g: if not g:
g = Groups.by_name(admingroup) try:
try: g = Groups.by_name(admingroup)
g.people[0].by_username(userName) except InvalidRequestError:
print '%s - Your admin group, could not be found!' % admingroup
return False
if g in p.memberships:
return True return True
except KeyError: else:
return False return False
def canAdminGroup(userName, groupName, g=None): def canAdminGroup(userName, groupName, g=None):
p = People.by_username(userName)
if not g: if not g:
g = Groups.by_username(userName) g = Groups.by_name(groupName)
group = Groups.groups(groupName)[groupName] # group = Groups.groups(groupName)[groupName]
try: try:
if isAdmin(userName, g) or \ if isAdmin(userName, g) or \
(group.fedoraGroupOwner == userName) or \ (g.owner_id == p.id):
(g[groupName].fedoraRoleType.lower() == 'administrator'): return True
return True
else: else:
return False try:
r = PersonRoles.query.filter_by(group_id=g.id, person_id=p.id)[0]
except IndexError:
''' Not in the group '''
return False
if r.role_status == 'approved' and r.role_type == 'administrator':
return True
return False
except: except:
return False return False
def canSponsorGroup(userName, groupName, g=None): def canSponsorGroup(userName, groupName, g=None):
p = People.by_username(userName)
print "GROUPNAME %s " % groupName
if not g: if not g:
g = Groups.by_username(userName) g = Groups.by_name(groupName)
# group = Groups.groups(groupName)[groupName]
try: try:
if isAdmin(userName, g) or \ if isAdmin(userName, g) or \
canAdminGroup(userName, groupName, g) or \ (g.owner_id == p.id):
(g[groupName].fedoraRoleType.lower() == 'sponsor'): return True
return True
else: else:
return False try:
r = PersonRoles.query.filter_by(group_id=g.id, person_id=p.id)[0]
except IndexError:
''' Not in the group '''
return False
if r.role_status == 'approved' and r.role_type == 'sponsor':
return True
return False
except: except:
return False return False
def isApproved(userName, groupName, g=None): def isApproved(userName, groupName, g=None):
if not g: if not g:
g = Groups.by_username(userName) g = Groups.by_username(userName)