Add user permissions + RBAC tests.

2025-06-14 21:38:19 +00:00 · 2021-06-03 15:40:12 +09:30
parent 36a27c0c19
commit d65b49acaa
12 changed files with 554 additions and 99 deletions
--- a/gns3server/api/routes/controller/projects.py
+++ b/gns3server/api/routes/controller/projects.py
@ -70,13 +70,25 @@ CHUNK_SIZE = 1024 * 8  # 8KB


@router.get("", response_model=List[schemas.Project], response_model_exclude_unset=True)
-def get_projects() -> List[schemas.Project]:
+async def get_projects(
+        current_user: schemas.User = Depends(get_current_active_user),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> List[schemas.Project]:
    """
    Return all projects.
    """

    controller = Controller.instance()
-    return [p.asdict() for p in controller.projects.values()]
+    if current_user.is_superadmin:
+        return [p.asdict() for p in controller.projects.values()]
+    else:
+        user_projects = []
+        for project in controller.projects.values():
+            authorized = await rbac_repo.check_user_is_authorized(
+                current_user.user_id, "GET", f"/projects/{project.id}")
+            if authorized:
+                user_projects.append(project.asdict())
+    return user_projects


@router.post(
@ -97,7 +109,7 @@ async def create_project(

    controller = Controller.instance()
    project = await controller.add_project(**jsonable_encoder(project_data, exclude_unset=True))
-    await rbac_repo.add_permission_to_user(current_user.user_id, f"/projects/{project.id}/*")
+    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/projects/{project.id}/*")
    return project.asdict()


@ -135,7 +147,7 @@ async def delete_project(
    controller = Controller.instance()
    await project.delete()
    controller.remove_project(project)
-    await rbac_repo.delete_all_permissions_matching_path(f"/projects/{project.id}")
+    await rbac_repo.delete_all_permissions_with_path(f"/projects/{project.id}")


@router.get("/{project_id}/stats")
@ -357,7 +369,9 @@ async def import_project(
 )
 async def duplicate_project(
        project_data: schemas.ProjectDuplicate,
-        project: Project = Depends(dep_project)
+        project: Project = Depends(dep_project),
+        current_user: schemas.User = Depends(get_current_active_user),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> schemas.Project:
    """
    Duplicate a project.
@ -374,6 +388,7 @@ async def duplicate_project(
    new_project = await project.duplicate(
        name=project_data.name, location=location, reset_mac_addresses=reset_mac_addresses
    )
+    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/projects/{new_project.id}/*")
    return new_project.asdict()