Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@oukone
oukone committed Sep 17, 2020
1 parent b1e815b commit 44156b4
Show file tree
Hide file tree
Showing 47 changed files with 832 additions and 149 deletions.
11 changes: 0 additions & 11 deletions cookiecutter/app/auth/{{cookiecutter.app}}/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,6 @@
}
]
},
"auth": {
"admin": {
"username": "admin",
"email": "[email protected]"
},
"security": {
"algorithm": "HS256",
"access_token_expire_minutes": 30,
"auth_path": "/token"
}
},
"asgi": {
"host": "0.0.0.0",
"port": 8000,
Expand Down
3 changes: 0 additions & 3 deletions cookiecutter/app/auth/{{cookiecutter.app}}/{{cookiecutter.app}}/services/auth/__init__.py
View file

This file was deleted.

39 changes: 0 additions & 39 deletions ...ecutter/app/auth/{{cookiecutter.app}}/{{cookiecutter.app}}/services/auth/security/acls.py
View file

This file was deleted.

11 changes: 0 additions & 11 deletions cookiecutter/app/default/{{cookiecutter.app}}/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,6 @@
}
]
},
"auth": {
"admin": {
"username": "admin",
"email": "[email protected]"
},
"security": {
"algorithm": "HS256",
"access_token_expire_minutes": 30,
"auth_path": "/token"
}
},
"asgi": {
"host": "0.0.0.0",
"port": 8000,
Expand Down
6 changes: 6 additions & 0 deletions cookiecutter/auth/cookiecutter.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"auth": "{{cookiecutter.auth}}",
"storage": "{{cookiecutter.storage}}",
"algorithm": "{{cookiecutter.algorithm}}",
"access_token_expire_minutes": "{{cookiecutter.access_token_expire_minutes}}"
}
0 ....app}}/services/auth/security/__init__.py → ...er/auth/{{cookiecutter.auth}}/__init__.py
View file
File renamed without changes.
17 changes: 17 additions & 0 deletions cookiecutter/auth/{{cookiecutter.auth}}/acls.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
from sowba.security.acl import Acl


class CreateItemAcl:
__acl__ = [
Acl(Allow, "role:user", "create"),
Acl(Allow, "role:admin", "create"),
]


@dcls.dataclass
class AclPolicy:
get: Callable = None
create: CreateItemAcl = None


default_acl_policy = AclPolicy(create=CreateItemAcl)
0 ...iecutter.app}}/services/auth/endpoints.py → ...r/auth/{{cookiecutter.auth}}/endpoints.py
View file
File renamed without changes.
8 changes: 4 additions & 4 deletions ...cookiecutter.app}}/services/auth/model.py → ...utter/auth/{{cookiecutter.auth}}/model.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
from typing import List
from datetime import datetime
from contextvars import ContextVar
from sowba.storage.utils import init_db, get_db
from pydantic import BaseModel, Field, SecretStr, EmailStr
from fastapi_permissions import Allow
from sowba.security import roles


class UserPrincipals(BaseModel):
principals: List[str] = ["role:user"]
principals: List[str] = [roles.user]


class Updateprincipals(BaseModel):
Expand Down Expand Up @@ -56,9 +56,9 @@ class TokenData(BaseModel):


class UserListAcl:
__acl__ = [(Allow, "role:admin", "view")]
__acl__ = [(Allow, roles.admin, "view")]


class UserprincipalsAcl:
__acl__ = [(Allow, "role:admin", "update")]
__acl__ = [(Allow, roles.admin, "update")]

0 ...ter.app}}/services/auth/security/roles.py → ...utter/auth/{{cookiecutter.auth}}/roles.py
View file
File renamed without changes.
0 ...mpass/compass/services/member/__init__.py → ...utter/auth/{{cookiecutter.auth}}/utils.py
View file
File renamed without changes.
21 changes: 20 additions & 1 deletion poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ python-rocksdb = "^0.7.0"
devtools = {extras = ["pygments"], version = "^0.6"}
pyjwt = "^1.7.1"
passlib = {extras = ["bcrypt"], version = "^1.7.2"}
fastapi_permissions = "^0.2.6"

[tool.poetry.dev-dependencies]
pytest = "^5.2"
Expand Down
3 changes: 0 additions & 3 deletions snippets/compass/compass/services/auth/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +0,0 @@
from sowba.core.utils import get_service_router

router = get_service_router("users")
24 changes: 1 addition & 23 deletions snippets/compass/compass/services/auth/acls.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,4 @@
from typing import List, Callable
import dataclasses as dcls
from collections import namedtuple
from fastapi_permissions import Allow, Authenticated
from pydantic import BaseModel


class Acl(namedtuple("Acl", ("access", "principal", "permission"))):
__slots__ = ()
from sowba.security.acl import Acl


class CreateItemAcl:
Expand All @@ -22,18 +14,4 @@ class AclPolicy:
create: CreateItemAcl = None


class BaseResourceAcl(BaseModel):
def __acl__(self):
assert self.owner is not None, "Owner must be define."
return [
Acl(Allow, "role:user", "create"),
Acl(Allow, "role:admin", "create"),
Acl(Allow, Authenticated, "view"),
Acl(Allow, "role:admin", "update"),
Acl(Allow, f"user:{self.owner}", "update"),
Acl(Allow, "role:admin", "delete"),
Acl(Allow, f"user:{self.owner}", "delete"),
]


default_acl_policy = AclPolicy(create=CreateItemAcl)
8 changes: 4 additions & 4 deletions snippets/compass/compass/services/auth/model.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
from typing import List
from datetime import datetime
from contextvars import ContextVar
from sowba.storage.utils import init_db, get_db
from pydantic import BaseModel, Field, SecretStr, EmailStr
from fastapi_permissions import Allow
from sowba.security import roles


class UserPrincipals(BaseModel):
principals: List[str] = ["role:user"]
principals: List[str] = [roles.user]


class Updateprincipals(BaseModel):
Expand Down Expand Up @@ -56,9 +56,9 @@ class TokenData(BaseModel):


class UserListAcl:
__acl__ = [(Allow, "role:admin", "view")]
__acl__ = [(Allow, roles.admin, "view")]


class UserprincipalsAcl:
__acl__ = [(Allow, "role:admin", "update")]
__acl__ = [(Allow, roles.admin, "update")]

0 ...s/compass/compass/services/member/acls.py → ...ts/compass/compass/services/auth/utils.py
View file
File renamed without changes.
27 changes: 8 additions & 19 deletions snippets/compass/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,6 @@
"model": "compass.services.items.model.Items",
"connector": "rocksdb"
}
},
{
"name": "member",
"status": "enable",
"storage": {
"model": "compass.services.member.model.Member",
"connector": "rocksdb"
}
}
],
"storages": {
Expand All @@ -41,17 +33,6 @@
}
]
},
"auth": {
"admin": {
"username": "admin",
"email": "[email protected]"
},
"security": {
"algorithm": "HS256",
"access_token_expire_minutes": 30,
"auth_path": "/token"
}
},
"asgi": {
"host": "0.0.0.0",
"port": 8000,
Expand All @@ -71,5 +52,13 @@
"allow_methods": [
"*"
]
},
"auth": {
"storage": {
"model": "compass.services.auth.model.User",
"connector": "rocksdb"
},
"algorithm": "HS256",
"access_token_expire_minutes": 30
}
}
Loading

0 comments on commit 44156b4

Please sign in to comment.