hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-19 16:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: implementing expanding groups

Browse Source
This commit is contained in:
0mar
2020-11-17 09:56:48 +01:00
parent 9f6d37cf48
commit 2e9ecfff02
1 changed files with 29 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
jupyterhub/utils.py
View File

@@ -19,6 +19,7 @@ import warnings
from binascii import b2a_hex from binascii import b2a_hex
from datetime import datetime from datetime import datetime
from datetime import timezone from datetime import timezone
from enum import Enum
from hmac import compare_digest from hmac import compare_digest
from operator import itemgetter from operator import itemgetter
@@ -34,6 +35,8 @@ from tornado.httpclient import HTTPError
from tornado.log import app_log from tornado.log import app_log
from tornado.platform.asyncio import to_asyncio_future from tornado.platform.asyncio import to_asyncio_future
from .. import orm
def random_port(): def random_port():
"""Get a single random port.""" """Get a single random port."""
@@ -299,6 +302,18 @@ def metrics_authentication(self):
raise web.HTTPError(403) raise web.HTTPError(403)
class Scope(Enum):
ALL = True
def expand_groups_to_users(db, filter_scope):
"""Update the group filters to account for the individual users"""
if 'group' in filter_scope:
groups = db.query(orm.Group)
user_set = orm.User.query.filter(orm.User.group.in_(groups))
return user_set.get_names()
def check_scope(req_scope, scopes, **kwargs): def check_scope(req_scope, scopes, **kwargs):
# Parse user name and server name together # Parse user name and server name together
if 'user' in kwargs and 'server' in kwargs: if 'user' in kwargs and 'server' in kwargs:
@@ -306,18 +321,17 @@ def check_scope(req_scope, scopes, **kwargs):
kwargs['server'] = "{}/{}".format(user_name, kwargs['server']) kwargs['server'] = "{}/{}".format(user_name, kwargs['server'])
if len(kwargs) > 1: if len(kwargs) > 1:
raise AttributeError("Please specify exactly one filter") raise AttributeError("Please specify exactly one filter")
base_scope = req_scope.split('!')[0] if req_scope not in scopes:
if base_scope not in scopes:
return False return False
if scopes[base_scope] == True: # is this pretty? if scopes[req_scope] == Scope.ALL:
return True return True
# Apply filters # Apply filters
if not kwargs: if not kwargs:
return False return False
filter_ = list(kwargs)[0] filter_, filter_value = list(kwargs.items())[0]
if filter_ not in scopes[base_scope]: if filter_ not in scopes[req_scope]:
return False return False
return kwargs[filter_] in scopes[req_scope][filter_] return filter_value in scopes[req_scope][filter_]
def parse_scopes(scope_list): def parse_scopes(scope_list):
@@ -343,19 +357,16 @@ def parse_scopes(scope_list):
""" """
parsed_scopes = {} parsed_scopes = {}
for scope in scope_list: for scope in scope_list:
scope_ = scope.split('!') base_scope, _, filter_ = scope.partition('!')
base_scope = scope_[0] if base_scope not in parsed_scopes:
if len(scope_) > 1: parsed_scopes[base_scope] = {}
filter_ = scope_[1] if parsed_scopes[base_scope] != Scope.ALL:
if base_scope not in parsed_scopes: key, _, val = filter_.partition('=')
parsed_scopes[base_scope] = {} if key not in parsed_scopes[base_scope]:
if parsed_scopes[base_scope] != True: parsed_scopes[base_scope][key] = []
key, val = filter_.split('=') parsed_scopes[base_scope][key].append(val)
if key not in parsed_scopes[base_scope]:
parsed_scopes[base_scope][key] = []
parsed_scopes[base_scope][key].append(val)
else: else:
parsed_scopes[base_scope] = True parsed_scopes[base_scope] = Scope.ALL
return parsed_scopes return parsed_scopes