hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-12 20:43:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

addressed review comments from Omar

Browse Source
This commit is contained in:
IvanaH8
2020-12-08 08:28:23 +01:00
parent ab297a7747
commit c514259f1a
1 changed files with 11 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
jupyterhub/roles.py
View File

@@ -28,6 +28,7 @@ def get_default_roles():
'groups', 'groups',
'admin:groups', 'admin:groups',
'read:services', 'read:services',
'read:hub',
'proxy', 'proxy',
'shutdown', 'shutdown',
], ],
@@ -64,6 +65,7 @@ def get_scopes():
'groups': ['read:groups'], 'groups': ['read:groups'],
'admin:groups': None, 'admin:groups': None,
'read:services': None, 'read:services': None,
'read:hub': None,
'proxy': None, 'proxy': None,
'shutdown': None, 'shutdown': None,
} }
@@ -100,22 +102,18 @@ def expand_scope(scopename):
return expanded_scope return expanded_scope
def get_subscopes(role=None, roles=None): def get_subscopes(*args):
"""Returns a set of all available subscopes for a specified role or list of roles""" """Returns a set of all available subscopes for a specified role or list of roles"""
scope_list = [] scope_list = []
if role:
scope_list = role.scopes for role in args:
elif roles:
for role in roles:
scope_list.extend(role.scopes) scope_list.extend(role.scopes)
else:
raise ValueError('Function get_subscopes is missing an argument')
scopes = list(chain.from_iterable(list(map(expand_scope, scope_list)))) scopes = set(chain.from_iterable(list(map(expand_scope, scope_list))))
return set(scopes) return scopes
def add_role(db, role_dict): def add_role(db, role_dict):
@@ -132,7 +130,7 @@ def add_role(db, role_dict):
scopes = role_dict.get('scopes') scopes = role_dict.get('scopes')
if role is None: if role is None:
role = orm.Role(name=name, description=description, scopes=scopes,) role = orm.Role(name=name, description=description, scopes=scopes)
db.add(role) db.add(role)
else: else:
if description: if description:
@@ -231,7 +229,7 @@ def update_roles(db, obj, kind, roles=None):
role = orm.Role.find(db, rolename) role = orm.Role.find(db, rolename)
if role: if role:
# compare the requested role permissions with the owner's permissions (scopes) # compare the requested role permissions with the owner's permissions (scopes)
token_scopes = get_subscopes(role=role) token_scopes = get_subscopes(role)
# find the owner and their roles # find the owner and their roles
owner = None owner = None
if obj.user_id: if obj.user_id:
@@ -239,7 +237,7 @@ def update_roles(db, obj, kind, roles=None):
elif obj.service_id: elif obj.service_id:
owner = db.query(orm.Service).get(obj.service_id) owner = db.query(orm.Service).get(obj.service_id)
if owner: if owner:
owner_scopes = get_subscopes(roles=owner.roles) owner_scopes = get_subscopes(*owner.roles)
if token_scopes.issubset(owner_scopes): if token_scopes.issubset(owner_scopes):
role.tokens.append(obj) role.tokens.append(obj)
else: else: