pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push authz into the workspace domain for revoking tokens

Browse Source
This commit is contained in:
dandds 2018-11-07 12:56:22 -05:00
parent 4849a89125
commit 50888f9e9f
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
atst/domain/workspaces/workspaces.py
View File

@ -50,6 +50,18 @@ class Workspaces(object):
return workspace return workspace
@classmethod
def get_for_update_member(cls, user, workspace_id):
workspace = WorkspacesQuery.get(workspace_id)
Authorization.check_workspace_permission(
user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"update a workspace member",
)
return workspace
@classmethod @classmethod
def get_by_request(cls, request): def get_by_request(cls, request):
return WorkspacesQuery.get_by_request(request) return WorkspacesQuery.get_by_request(request)

8
atst/routes/workspaces.py
View File

@ -368,13 +368,7 @@ def accept_invitation(token):
@bp.route("/workspaces/<workspace_id>/invitations/<token>/revoke", methods=["POST"]) @bp.route("/workspaces/<workspace_id>/invitations/<token>/revoke", methods=["POST"])
def revoke_invitation(workspace_id, token): def revoke_invitation(workspace_id, token):
workspace = Workspaces.get(g.current_user, workspace_id) workspace = Workspaces.get_for_update_member(g.current_user, workspace_id)
Authorization.check_workspace_permission(
g.current_user,
workspace,
Permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE,
"revoke member invitation",
)
Invitations.revoke(token) Invitations.revoke(token)
return redirect(url_for("workspaces.workspace_members", workspace_id=workspace.id)) return redirect(url_for("workspaces.workspace_members", workspace_id=workspace.id))