fix perms checking

Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt>
2024-12-17 16:27:49 +00:00 · 2024-12-17 16:27:49 +00:00 · 75ac6cd045
parent fab60873c8
commit 75ac6cd045
17 changed files with 31 additions and 19 deletions
--- a/delivery2/client/bin/rep_acl_doc
+++ b/delivery2/client/bin/rep_acl_doc
--- a/delivery2/client/bin/rep_add_permission
+++ b/delivery2/client/bin/rep_add_permission
--- a/delivery2/client/bin/rep_add_role
+++ b/delivery2/client/bin/rep_add_role
--- a/delivery2/client/bin/rep_assume_role
+++ b/delivery2/client/bin/rep_assume_role
@ -43,19 +43,19 @@ def assumeRole(args):
    with open(BASE_DIR + args.session, 'r') as f:
        args.session = json.load(f)

-    # Get roles in session
-    try:
-        req = requests.get(f'http://{state['REP_ADDRESS']}/role/session/list', headers={'Authorization': args.session['token']})
-        req.raise_for_status()
-    except requests.exceptions.RequestException as errex:
-        logger.error("Failed to obtain response from server.")
-        sys.exit(-1)
-
-    # Validate role name
-    roles = req.json()
-    if args.role not in roles.items():
-        logger.error("Role does not exist.")
-        sys.exit(1)
+    # # Get roles in session
+    # try:
+    #     req = requests.get(f'http://{state['REP_ADDRESS']}/role/session/list', headers={'Authorization': args.session['token']})
+    #     req.raise_for_status()
+    # except requests.exceptions.RequestException as errex:
+    #     logger.error("Failed to obtain response from server.")
+    #     sys.exit(-1)
+    #
+    # # Validate role name
+    # roles = req.json()
+    # if args.role not in roles.items():
+    #     logger.error("Role does not exist.")
+    #     sys.exit(1)


    # TODO:
--- a/delivery2/client/bin/rep_drop_role
+++ b/delivery2/client/bin/rep_drop_role
--- a/delivery2/client/bin/rep_list_permission_roles
+++ b/delivery2/client/bin/rep_list_permission_roles
--- a/delivery2/client/bin/rep_list_role_permissions
+++ b/delivery2/client/bin/rep_list_role_permissions
--- a/delivery2/client/bin/rep_list_role_subjects
+++ b/delivery2/client/bin/rep_list_role_subjects
--- a/delivery2/client/bin/rep_list_roles
+++ b/delivery2/client/bin/rep_list_roles
--- a/delivery2/client/bin/rep_list_subject_roles
+++ b/delivery2/client/bin/rep_list_subject_roles
--- a/delivery2/client/bin/rep_reactivate_role
+++ b/delivery2/client/bin/rep_reactivate_role
--- a/delivery2/client/bin/rep_remove_permission
+++ b/delivery2/client/bin/rep_remove_permission
--- a/delivery2/client/bin/rep_suspend_role
+++ b/delivery2/client/bin/rep_suspend_role
--- a/delivery2/client/tests/test_client.py
+++ b/delivery2/client/tests/test_client.py
@ -45,6 +45,13 @@ def test_rep_create_session():
 	assert process.returncode == 0


+def test_rep_assume_role():
+	# Test the rep_assume_role command
+	process = subprocess.Popen(f"{DELIVERY_PATH}/client/bin/rep_assume_role session.json manager", shell=True)
+	process.wait()
+	assert process.returncode == 0
+
+
 def test_rep_list_subjects():
 	#Test the rep_list_subjects command
 	process = subprocess.Popen(f"{DELIVERY_PATH}/client/bin/rep_list_subjects session.json", shell=True)
--- a/delivery2/server/routes/role.py
+++ b/delivery2/server/routes/role.py
@ -261,7 +261,9 @@ def role_session_assume(role):
    if not session:
        return jsonify({"error": "Not authenticated"}), 401

-    if not RoleService.get_role(session.org_id, role):
+    org = OrganizationService.get_organization(session.org_id)
+
+    if not RoleService.get_role(org, role):
        return jsonify({"error": "Role not found"}), 404

    session = SessionService.change_role(session, role, "add")
@ -281,7 +283,9 @@ def role_session_drop(role):
    if not session:
        return jsonify({"error": "Not authenticated"}), 401

-    if not RoleService.get_role(session.org_id, role):
+    org = OrganizationService.get_organization(session.org_id)
+
+    if not RoleService.get_role(org, role):
        return jsonify({"error": "Role not found"}), 404

    session = SessionService.change_role(session, role, "drop")
--- a/delivery2/server/services/sessions.py
+++ b/delivery2/server/services/sessions.py
@ -47,6 +47,7 @@ class SessionService:
        session.verified = True
        db.commit()
        db.refresh(session)
+        return session

    @staticmethod
    def get_session(token: str) -> Session | None:
@ -102,7 +103,7 @@ class SessionService:
            return jsonify({"error": f"Role {role} does not exist in organization {org.name}"}), 404

        if operation == "add":
-            if role not in user.roles[org.id]:
+            if role not in user.roles[str(org.id)]:
                return jsonify({"error": f"User {user.username} does not have role {role}"}), 400

            if role in session.roles:
@ -110,7 +111,7 @@ class SessionService:

            session.roles.append(role)
        elif operation == "drop":
-            if role not in user.roles[org.id]:
+            if role not in user.roles[str(org.id)]:
                return jsonify({"error": f"User {user.username} does not have role {role}"}), 400

            if role not in session.roles:
--- a/delivery2/server/utils/perms.py
+++ b/delivery2/server/utils/perms.py
@ -44,8 +44,8 @@ class Perm(Enum):
        return perms.value if isinstance(perms, Perm) else 0

    @staticmethod
-    def check_perm(perm, bit_array: int):
-        return perm.value & bit_array == perm.value
+    def check_perm(perms_array: int, perm_to_check: int):
+        return perms_array & perm_to_check == perm_to_check

 class PermOperation(Enum):
    ADD = 0