Commit 59018bb6 authored by Daniele Venzano's avatar Daniele Venzano

Add a new capability "can_access_full_zapp_shop" and implement user update via command-line

parent aee1cce1
......@@ -69,6 +69,14 @@ class ZApp:
self.logo = zapp['logo']
else:
self.logo = 'logo.png'
if 'enabled_for' in zapp:
self.enabled_for = zapp['enabled_for']
else:
self.enabled_for = ["all"]
if 'disabled_for' in zapp:
self.disabled_for = zapp['disabled_for']
else:
self.disabled_for = []
def parse_parameters(self, zapp_manifest):
"""Translates the parameters from the manifest into objects."""
......@@ -95,8 +103,11 @@ def zshop_list_apps(role):
zapp_cat = {}
for zapp in zapps:
if role == 'guest' and not zapp.guest_access:
continue
if not role.can_access_full_zapp_shop:
if role.name in zapp.disabled_for:
continue
if role.name not in zapp.enabled_for and "all" not in zapp.enabled_for:
continue
if zapp.category in zapp_cat:
zapp_cat[zapp.category].append(zapp)
else:
......
......@@ -226,7 +226,6 @@ def role_get_cmd(api: ZoeAPI, args):
def role_create_cmd(api: ZoeAPI, args):
"""Create a new role."""
print(args)
role = {
'name': args.name,
'can_see_status': True if args.can_see_status else False,
......@@ -234,7 +233,8 @@ def role_create_cmd(api: ZoeAPI, args):
'can_operate_others': True if args.can_operate_others else False,
'can_delete_executions': True if args.can_delete_executions else False,
'can_access_api': True if args.can_access_api else False,
'can_customize_resources': True if args.can_customize_resources else False
'can_customize_resources': True if args.can_customize_resources else False,
'can_access_full_zapp_shop': True if args.can_access_full_zapp_shop else False
}
new_id = api.role.create(role)
print('New role created with ID: {}'.format(new_id))
......@@ -262,6 +262,8 @@ def role_update_cmd(api: ZoeAPI, args):
role_update['can_access_api'] = True if args.can_access_api else False
if args.can_customize_resources is not None:
role_update['can_customize_resources'] = True if args.can_customize_resources else False
if args.can_access_full_zapp_shop is not None:
role_update['can_access_full_zapp_shop'] = True if args.can_access_full_zapp_shop else False
api.role.update(args.id, role_update)
......@@ -348,7 +350,25 @@ def user_delete_cmd(api: ZoeAPI, args):
def user_update_cmd(api: ZoeAPI, args):
"""Updates a user."""
api.user.update(args.id, {}) # FIXME
user_update = {}
if args.email is not None:
user_update['email'] = args.email
if args.fs_uid is not None:
user_update['fs_uid'] = args.fs_uid
if args.password is not None:
user_update['password'] = args.password
if args.enabled is not None:
user_update['enabled'] = args.enabled
if args.auth_source is not None:
user_update['auth_source'] = args.auth_source
if args.priority is not None:
user_update['priority'] = args.priority
if args.role_id is not None:
user_update['role_id'] = args.role_id
if args.quota_id is not None:
user_update['quota_id'] = args.quota_id
api.user.update(args.id, user_update)
ENV_HELP_TEXT = '''To authenticate with Zoe you need to define three environment variables:
......@@ -449,6 +469,7 @@ def process_arguments() -> Tuple[ArgumentParser, Namespace]:
sub_parser.add_argument('can_delete_executions', choices=[0, 1], type=int, help="Can delete executions permanently")
sub_parser.add_argument('can_access_api', choices=[0, 1], type=int, help="Can access the REST API")
sub_parser.add_argument('can_customize_resources', choices=[0, 1], type=int, help="Can customize resource reservations before starting executions")
sub_parser.add_argument('can_access_full_zapp_shop', choices=[0, 1], type=int, help="Can access all ZApps in the ZApp shop")
sub_parser.set_defaults(func=role_create_cmd)
sub_parser = subparser.add_parser('role-delete', help="Delete a role")
......@@ -464,6 +485,7 @@ def process_arguments() -> Tuple[ArgumentParser, Namespace]:
sub_parser.add_argument('--can_delete_executions', choices=[0, 1], type=int, help="Can delete executions permanently")
sub_parser.add_argument('--can_access_api', choices=[0, 1], type=int, help="Can access the REST API")
sub_parser.add_argument('--can_customize_resources', choices=[0, 1], type=int, help="Can customize resource reservations before starting executions")
sub_parser.add_argument('--can_access_full_zapp_shop', choices=[0, 1], type=int, help="Can access all ZApps in the ZApp shop")
sub_parser.set_defaults(func=role_update_cmd)
# Users
......
......@@ -35,6 +35,7 @@ class Role(BaseRecord):
self.can_delete_executions = d['can_delete_executions']
self.can_access_api = d['can_access_api']
self.can_customize_resources = d['can_customize_resources']
self.can_access_full_zapp_shop = d['can_access_full_zapp_shop']
def serialize(self):
"""Generates a dictionary that can be serialized in JSON."""
......@@ -46,7 +47,8 @@ class Role(BaseRecord):
'can_operate_others': self.can_operate_others,
'can_delete_executions': self.can_delete_executions,
'can_access_api': self.can_access_api,
'can_customize_resources': self.can_customize_resources
'can_customize_resources': self.can_customize_resources,
'can_access_full_zapp_shop': self.can_access_full_zapp_shop
}
......@@ -65,10 +67,11 @@ class RoleTable(BaseTable):
can_operate_others BOOLEAN NOT NULL DEFAULT FALSE,
can_delete_executions BOOLEAN NOT NULL DEFAULT FALSE,
can_access_api BOOLEAN NOT NULL DEFAULT FALSE,
can_customize_resources BOOLEAN NOT NULL DEFAULT FALSE
can_customize_resources BOOLEAN NOT NULL DEFAULT FALSE,
can_access_full_zapp_shop BOOLEAN NOT NULL DEFAULT FALSE
)''')
self.cursor.execute('''INSERT INTO role (id, name, can_see_status, can_change_config, can_operate_others, can_delete_executions, can_access_api, can_customize_resources) VALUES (DEFAULT, 'admin', TRUE, TRUE, TRUE, TRUE, TRUE, TRUE)''')
self.cursor.execute('''INSERT INTO role (id, name, can_see_status, can_access_api, can_customize_resources) VALUES (DEFAULT, 'superuser', TRUE, TRUE, TRUE)''')
self.cursor.execute('''INSERT INTO role (id, name, can_see_status, can_change_config, can_operate_others, can_delete_executions, can_access_api, can_customize_resources, can_access_full_zapp_shop) VALUES (DEFAULT, 'admin', TRUE, TRUE, TRUE, TRUE, TRUE, TRUE, TRUE)''')
self.cursor.execute('''INSERT INTO role (id, name, can_see_status, can_access_api, can_customize_resources, can_access_full_zapp_shop) VALUES (DEFAULT, 'superuser', TRUE, TRUE, TRUE, TRUE)''')
self.cursor.execute('''INSERT INTO role (id, name) VALUES (DEFAULT, 'user')''')
def select(self, only_one=False, **kwargs):
......
......@@ -176,3 +176,9 @@ class UserTable(BaseTable):
query = 'DELETE FROM "user" WHERE id = %s'
self.cursor.execute(query, (user_id,))
self.sql_manager.commit()
def update(self, user_id, **fields):
"""Update a user record."""
if 'password' in fields:
fields['password'] = hash_algo.hash(fields['password'])
super().update(user_id, **fields)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment