From e3fbea0b5c83ef0eb03285e5521f7253d2e42991 Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Wed, 24 Oct 2018 17:15:24 +0200
Subject: [PATCH] Use different groups for inventory and network
JIRA INFRA-578
---
app/api/inventory.py | 14 +++++++-------
app/api/network.py | 6 +++---
app/decorators.py | 2 +-
app/inventory/views.py | 12 ++++++------
app/network/views.py | 10 +++++-----
app/settings.py | 3 ++-
tests/functional/conftest.py | 3 ++-
tests/functional/test_models.py | 10 +++++-----
8 files changed, 31 insertions(+), 29 deletions(-)
diff --git a/app/api/inventory.py b/app/api/inventory.py
index 1b89b50..ff573d9 100644
--- a/app/api/inventory.py
+++ b/app/api/inventory.py
@@ -56,7 +56,7 @@ def get_item(id_):
@bp.route("/items", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_item():
"""Register a new item
@@ -81,7 +81,7 @@ def create_item():
@bp.route("/items/<id_>", methods=["PATCH"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def patch_item(id_):
"""Patch an existing item
@@ -154,7 +154,7 @@ def get_item_comments(id_):
@bp.route("/items/<id_>/comments", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_item_comment(id_):
"""Create a comment on item
@@ -190,7 +190,7 @@ def get_manufacturers():
@bp.route("/manufacturers", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_manufacturer():
"""Create a new manufacturer
@@ -213,7 +213,7 @@ def get_models():
@bp.route("/models", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_model():
"""Create a new model
@@ -236,7 +236,7 @@ def get_locations():
@bp.route("/locations", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_locations():
"""Create a new location
@@ -259,7 +259,7 @@ def get_status():
@bp.route("/statuses", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_status():
"""Create a new status
diff --git a/app/api/network.py b/app/api/network.py
index 58fc19d..93b2dcb 100644
--- a/app/api/network.py
+++ b/app/api/network.py
@@ -120,7 +120,7 @@ def get_interfaces():
@bp.route("/interfaces", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def create_interface():
"""Create a new interface
@@ -189,7 +189,7 @@ def get_hosts():
@bp.route("/hosts", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def create_host():
"""Create a new host
@@ -230,7 +230,7 @@ def get_macs():
@bp.route("/macs", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def create_macs():
"""Create a new mac address
diff --git a/app/decorators.py b/app/decorators.py
index 2666960..6f0a716 100644
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -22,7 +22,7 @@ def login_groups_accepted(*groups):
Example::
@bp.route('/models', methods=['POST'])
- @login_groups_accepted('admin', 'create')
+ @login_groups_accepted('admin', 'inventory')
def create_model():
return create()
diff --git a/app/inventory/views.py b/app/inventory/views.py
index 93c0b4f..c5ff9b6 100644
--- a/app/inventory/views.py
+++ b/app/inventory/views.py
@@ -53,7 +53,7 @@ def _generate_excel_file():
@bp.route("/items/create", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def create_item():
# The following keys are stored in the session to easily create
# several identical items
@@ -102,7 +102,7 @@ def view_item(ics_id):
@bp.route("/items/comment/<ics_id>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def comment_item(ics_id):
item = models.Item.query.filter_by(ics_id=ics_id).first_or_404()
form = CommentForm()
@@ -116,7 +116,7 @@ def comment_item(ics_id):
@bp.route("/items/comment/edit/<comment_id>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def edit_comment(comment_id):
comment = models.ItemComment.query.get_or_404(comment_id)
form = EditCommentForm(request.form, obj=comment)
@@ -136,7 +136,7 @@ def edit_comment(comment_id):
@bp.route("/items/comment/delete", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def delete_comment():
comment = models.ItemComment.query.get_or_404(request.form["comment_id"])
ics_id = comment.item.ics_id
@@ -150,7 +150,7 @@ def delete_comment():
@bp.route("/items/edit/<ics_id>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def edit_item(ics_id):
item = models.Item.query.filter_by(ics_id=ics_id).first_or_404()
mac_addresses = " ".join([str(mac) for mac in item.macs])
@@ -227,7 +227,7 @@ def retrieve_attributes_favorites():
@bp.route("/attributes/<kind>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "inventory")
def attributes(kind):
form = AttributeForm()
if form.validate_on_submit():
diff --git a/app/network/views.py b/app/network/views.py
index 5d61312..0b57c1e 100644
--- a/app/network/views.py
+++ b/app/network/views.py
@@ -55,7 +55,7 @@ def list_hosts():
@bp.route("/hosts/create", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def create_host():
kwargs = {"random_mac": True}
# Try to get the network_id from the session
@@ -191,7 +191,7 @@ def view_host(name):
@bp.route("/hosts/edit/<name>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def edit_host(name):
host = models.Host.query.filter_by(name=name).first_or_404()
form = HostForm(request.form, obj=host)
@@ -232,7 +232,7 @@ def edit_host(name):
@bp.route("/interfaces/create/<hostname>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def create_interface(hostname):
host = models.Host.query.filter_by(name=hostname).first_or_404()
random_mac = host.device_type.name.startswith("Virtual")
@@ -281,7 +281,7 @@ def create_interface(hostname):
@bp.route("/interfaces/edit/<name>", methods=("GET", "POST"))
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def edit_interface(name):
interface = models.Interface.query.filter_by(name=name).first_or_404()
cnames_string = " ".join([str(cname) for cname in interface.cnames])
@@ -354,7 +354,7 @@ def edit_interface(name):
@bp.route("/interfaces/delete", methods=["POST"])
-@login_groups_accepted("admin", "create")
+@login_groups_accepted("admin", "network")
def delete_interface():
interface = models.Interface.query.get_or_404(request.form["interface_id"])
hostname = interface.host.name
diff --git a/app/settings.py b/app/settings.py
index 733273e..640fd8f 100644
--- a/app/settings.py
+++ b/app/settings.py
@@ -62,7 +62,8 @@ LDAP_GET_GROUP_ATTRIBUTES = ["cn"]
CSENTRY_LDAP_GROUPS = {
"admin": ["ICS Control System Infrastructure group"],
- "create": ["ICS Employees", "ICS Consultants"],
+ "inventory": ["ICS Employees", "ICS Consultants"],
+ "network": ["ICS Employees", "ICS Consultants"],
}
NETWORK_DEFAULT_PREFIX = 24
diff --git a/tests/functional/conftest.py b/tests/functional/conftest.py
index 65f5cdf..35c5313 100644
--- a/tests/functional/conftest.py
+++ b/tests/functional/conftest.py
@@ -50,7 +50,8 @@ def app(request):
"ELASTICSEARCH_REFRESH": "true",
"CSENTRY_LDAP_GROUPS": {
"admin": ["CSEntry Admin"],
- "create": ["CSEntry User", "CSEntry Consultant"],
+ "inventory": ["CSEntry User"],
+ "network": ["CSEntry User", "CSEntry Consultant"],
},
}
app = create_app(config=config)
diff --git a/tests/functional/test_models.py b/tests/functional/test_models.py
index 9600bda..02e69e7 100644
--- a/tests/functional/test_models.py
+++ b/tests/functional/test_models.py
@@ -33,14 +33,14 @@ def test_user_is_admin(user_factory):
def test_user_is_member_of_one_group(user_factory):
user = user_factory(groups=["one", "two"])
- assert not user.is_member_of_one_group(["create", "admin"])
+ assert not user.is_member_of_one_group(["network", "admin"])
user = user_factory(groups=["one", "CSEntry Consultant"])
- assert user.is_member_of_one_group(["create"])
- assert user.is_member_of_one_group(["create", "admin"])
+ assert user.is_member_of_one_group(["network"])
+ assert user.is_member_of_one_group(["network", "admin"])
assert not user.is_member_of_one_group(["admin"])
user = user_factory(groups=["one", "CSEntry Admin"])
- assert not user.is_member_of_one_group(["create"])
- assert user.is_member_of_one_group(["create", "admin"])
+ assert not user.is_member_of_one_group(["network"])
+ assert user.is_member_of_one_group(["network", "admin"])
assert user.is_member_of_one_group(["admin"])
--
GitLab