mirror of
https://github.com/GNS3/gns3-server.git
synced 2025-06-21 08:29:43 +00:00
Add required privileges to all endpoints
This commit is contained in:
grossmj
@ -19,7 +19,7 @@
|
||||
API routes for roles.
|
||||
"""
|
||||
|
||||
from fastapi import APIRouter, Depends, Response, status
|
||||
from fastapi import APIRouter, Depends, status
|
||||
from uuid import UUID
|
||||
from typing import List
|
||||
|
||||
@ -33,6 +33,7 @@ from gns3server.controller.controller_error import (
|
||||
|
||||
from gns3server.db.repositories.rbac import RbacRepository
|
||||
from .dependencies.database import get_repository
|
||||
from .dependencies.rbac import has_privilege
|
||||
|
||||
import logging
|
||||
|
||||
@ -41,24 +42,37 @@ log = logging.getLogger(__name__)
|
||||
router = APIRouter()
|
||||
|
||||
|
||||
@router.get("", response_model=List[schemas.Role])
|
||||
@router.get(
|
||||
"",
|
||||
response_model=List[schemas.Role],
|
||||
dependencies=[Depends(has_privilege("Role.Audit"))]
|
||||
)
|
||||
async def get_roles(
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
|
||||
) -> List[schemas.Role]:
|
||||
"""
|
||||
Get all roles.
|
||||
|
||||
Required privilege: Role.Audit
|
||||
"""
|
||||
|
||||
return await rbac_repo.get_roles()
|
||||
|
||||
|
||||
@router.post("", response_model=schemas.Role, status_code=status.HTTP_201_CREATED)
|
||||
@router.post(
|
||||
"",
|
||||
response_model=schemas.Role,
|
||||
status_code=status.HTTP_201_CREATED,
|
||||
dependencies=[Depends(has_privilege("Role.Allocate"))]
|
||||
)
|
||||
async def create_role(
|
||||
role_create: schemas.RoleCreate,
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
|
||||
) -> schemas.Role:
|
||||
"""
|
||||
Create a new role.
|
||||
|
||||
Required privilege: Role.Allocate
|
||||
"""
|
||||
|
||||
if await rbac_repo.get_role_by_name(role_create.name):
|
||||
@ -67,13 +81,19 @@ async def create_role(
|
||||
return await rbac_repo.create_role(role_create)
|
||||
|
||||
|
||||
@router.get("/{role_id}", response_model=schemas.Role)
|
||||
@router.get(
|
||||
"/{role_id}",
|
||||
response_model=schemas.Role,
|
||||
dependencies=[Depends(has_privilege("Role.Audit"))]
|
||||
)
|
||||
async def get_role(
|
||||
role_id: UUID,
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
|
||||
) -> schemas.Role:
|
||||
"""
|
||||
Get a role.
|
||||
|
||||
Required privilege: Role.Audit
|
||||
"""
|
||||
|
||||
role = await rbac_repo.get_role(role_id)
|
||||
@ -82,7 +102,11 @@ async def get_role(
|
||||
return role
|
||||
|
||||
|
||||
@router.put("/{role_id}", response_model=schemas.Role)
|
||||
@router.put(
|
||||
"/{role_id}",
|
||||
response_model=schemas.Role,
|
||||
dependencies=[Depends(has_privilege("Role.Modify"))]
|
||||
)
|
||||
async def update_role(
|
||||
role_id: UUID,
|
||||
role_update: schemas.RoleUpdate,
|
||||
@ -90,6 +114,8 @@ async def update_role(
|
||||
) -> schemas.Role:
|
||||
"""
|
||||
Update a role.
|
||||
|
||||
Required privilege: Role.Modify
|
||||
"""
|
||||
|
||||
role = await rbac_repo.get_role(role_id)
|
||||
@ -102,13 +128,19 @@ async def update_role(
|
||||
return await rbac_repo.update_role(role_id, role_update)
|
||||
|
||||
|
||||
@router.delete("/{role_id}", status_code=status.HTTP_204_NO_CONTENT)
|
||||
@router.delete(
|
||||
"/{role_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Role.Allocate"))]
|
||||
)
|
||||
async def delete_role(
|
||||
role_id: UUID,
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
|
||||
) -> None:
|
||||
"""
|
||||
Delete a role.
|
||||
|
||||
Required privilege: Role.Allocate
|
||||
"""
|
||||
|
||||
role = await rbac_repo.get_role(role_id)
|
||||
@ -121,15 +153,22 @@ async def delete_role(
|
||||
success = await rbac_repo.delete_role(role_id)
|
||||
if not success:
|
||||
raise ControllerError(f"Role '{role_id}' could not be deleted")
|
||||
await rbac_repo.delete_all_ace_starting_with_path(f"/roles/{role_id}")
|
||||
|
||||
|
||||
@router.get("/{role_id}/privileges", response_model=List[schemas.Privilege])
|
||||
@router.get(
|
||||
"/{role_id}/privileges",
|
||||
response_model=List[schemas.Privilege],
|
||||
dependencies=[Depends(has_privilege("Role.Audit"))]
|
||||
)
|
||||
async def get_role_privileges(
|
||||
role_id: UUID,
|
||||
rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
|
||||
) -> List[schemas.Privilege]:
|
||||
"""
|
||||
Get all role privileges.
|
||||
|
||||
Required privilege: Role.Audit
|
||||
"""
|
||||
|
||||
return await rbac_repo.get_role_privileges(role_id)
|
||||
@ -137,7 +176,8 @@ async def get_role_privileges(
|
||||
|
||||
@router.put(
|
||||
"/{role_id}/privileges/{privilege_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Role.Modify"))]
|
||||
)
|
||||
async def add_privilege_to_role(
|
||||
role_id: UUID,
|
||||
@ -146,6 +186,8 @@ async def add_privilege_to_role(
|
||||
) -> None:
|
||||
"""
|
||||
Add a privilege to a role.
|
||||
|
||||
Required privilege: Role.Modify
|
||||
"""
|
||||
|
||||
privilege = await rbac_repo.get_privilege(privilege_id)
|
||||
@ -159,7 +201,8 @@ async def add_privilege_to_role(
|
||||
|
||||
@router.delete(
|
||||
"/{role_id}/privileges/{privilege_id}",
|
||||
status_code=status.HTTP_204_NO_CONTENT
|
||||
status_code=status.HTTP_204_NO_CONTENT,
|
||||
dependencies=[Depends(has_privilege("Role.Modify"))]
|
||||
)
|
||||
async def remove_privilege_from_role(
|
||||
role_id: UUID,
|
||||
@ -168,6 +211,8 @@ async def remove_privilege_from_role(
|
||||
) -> None:
|
||||
"""
|
||||
Remove privilege from a role.
|
||||
|
||||
Required privilege: Role.Modify
|
||||
"""
|
||||
|
||||
privilege = await rbac_repo.get_privilege(privilege_id)
|
||||
|
||||
Reference in New Issue
Block a user