fix perms checking

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>
2024-12-17 16:27:49 +00:00 · 2024-12-17 16:27:49 +00:00 · 75ac6cd045
parent fab60873c8
commit 75ac6cd045
17 changed files with 31 additions and 19 deletions
--- a/delivery2/client/bin/rep_acl_doc
+++ b/delivery2/client/bin/rep_acl_doc
--- a/delivery2/client/bin/rep_add_permission
+++ b/delivery2/client/bin/rep_add_permission
--- a/delivery2/client/bin/rep_add_role
+++ b/delivery2/client/bin/rep_add_role
--- a/delivery2/client/bin/rep_assume_role
+++ b/delivery2/client/bin/rep_assume_role
@ -43,19 +43,19 @@ def assumeRole(args):
    with open(BASE_DIR + args.session, 'r') as f:
        args.session = json.load(f)
-    # Get roles in session
+    # # Get roles in session
-    try:
+    # try:
-        req = requests.get(f'http://{state['REP_ADDRESS']}/role/session/list', headers={'Authorization': args.session['token']})
+    #     req = requests.get(f'http://{state['REP_ADDRESS']}/role/session/list', headers={'Authorization': args.session['token']})
-        req.raise_for_status()
+    #     req.raise_for_status()
-    except requests.exceptions.RequestException as errex:
+    # except requests.exceptions.RequestException as errex:
-        logger.error("Failed to obtain response from server.")
+    #     logger.error("Failed to obtain response from server.")
-        sys.exit(-1)
+    #     sys.exit(-1)
-
+    #
-    # Validate role name
+    # # Validate role name
-    roles = req.json()
+    # roles = req.json()
-    if args.role not in roles.items():
+    # if args.role not in roles.items():
-        logger.error("Role does not exist.")
+    #     logger.error("Role does not exist.")
-        sys.exit(1)
+    #     sys.exit(1)
    # TODO:
--- a/delivery2/client/bin/rep_drop_role
+++ b/delivery2/client/bin/rep_drop_role
--- a/delivery2/client/bin/rep_list_permission_roles
+++ b/delivery2/client/bin/rep_list_permission_roles
--- a/delivery2/client/bin/rep_list_role_permissions
+++ b/delivery2/client/bin/rep_list_role_permissions
--- a/delivery2/client/bin/rep_list_role_subjects
+++ b/delivery2/client/bin/rep_list_role_subjects
--- a/delivery2/client/bin/rep_list_roles
+++ b/delivery2/client/bin/rep_list_roles
--- a/delivery2/client/bin/rep_list_subject_roles
+++ b/delivery2/client/bin/rep_list_subject_roles
--- a/delivery2/client/bin/rep_reactivate_role
+++ b/delivery2/client/bin/rep_reactivate_role
--- a/delivery2/client/bin/rep_remove_permission
+++ b/delivery2/client/bin/rep_remove_permission
--- a/delivery2/client/bin/rep_suspend_role
+++ b/delivery2/client/bin/rep_suspend_role
--- a/delivery2/client/tests/test_client.py
+++ b/delivery2/client/tests/test_client.py
@ -45,6 +45,13 @@ def test_rep_create_session():
 	assert process.returncode == 0
 def test_rep_assume_role():
 	# Test the rep_assume_role command
 	process = subprocess.Popen(f"{DELIVERY_PATH}/client/bin/rep_assume_role session.json manager", shell=True)
 	process.wait()
 	assert process.returncode == 0
 def test_rep_list_subjects():
 	#Test the rep_list_subjects command
 	process = subprocess.Popen(f"{DELIVERY_PATH}/client/bin/rep_list_subjects session.json", shell=True)
--- a/delivery2/server/routes/role.py
+++ b/delivery2/server/routes/role.py
@ -261,7 +261,9 @@ def role_session_assume(role):
    if not session:
        return jsonify({"error": "Not authenticated"}), 401
-    if not RoleService.get_role(session.org_id, role):
+    org = OrganizationService.get_organization(session.org_id)
    if not RoleService.get_role(org, role):
        return jsonify({"error": "Role not found"}), 404
    session = SessionService.change_role(session, role, "add")
@ -281,7 +283,9 @@ def role_session_drop(role):
    if not session:
        return jsonify({"error": "Not authenticated"}), 401
-    if not RoleService.get_role(session.org_id, role):
+    org = OrganizationService.get_organization(session.org_id)
    if not RoleService.get_role(org, role):
        return jsonify({"error": "Role not found"}), 404
    session = SessionService.change_role(session, role, "drop")
--- a/delivery2/server/services/sessions.py
+++ b/delivery2/server/services/sessions.py
@ -47,6 +47,7 @@ class SessionService:
        session.verified = True
        db.commit()
        db.refresh(session)
        return session
    @staticmethod
    def get_session(token: str) -> Session | None:
@ -102,7 +103,7 @@ class SessionService:
            return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 404
        if operation == "add":
-            if role not in user.roles[org.id]:
+            if role not in user.roles[str(org.id)]:
                return jsonify({"error": f"User {user.username} does not have role {role}"}), 400
            if role in session.roles:
@ -110,7 +111,7 @@ class SessionService:
            session.roles.append(role)
        elif operation == "drop":
-            if role not in user.roles[org.id]:
+            if role not in user.roles[str(org.id)]:
                return jsonify({"error": f"User {user.username} does not have role {role}"}), 400
            if role not in session.roles:
--- a/delivery2/server/utils/perms.py
+++ b/delivery2/server/utils/perms.py
@ -44,8 +44,8 @@ class Perm(Enum):
        return perms.value if isinstance(perms, Perm) else 0
    @staticmethod
-    def check_perm(perm, bit_array: int):
+    def check_perm(perms_array: int, perm_to_check: int):
-        return perm.value & bit_array == perm.value
+        return perms_array & perm_to_check == perm_to_check
 class PermOperation(Enum):
    ADD = 0