[elbe-devel] [PATCH 7/8] elbepack: soap: make list_projects usable for everybody

Tue Aug 13 13:31:55 CEST 2024

The usermanagement and admin role is being removed.
Allow everybody to use list_projects() and drop the admin checks that
are now unused.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
---
 elbepack/daemons/soap/authentication.py | 76 +--------------------------------
 elbepack/daemons/soap/esoap.py          |  6 +--
 elbepack/db.py                          |  9 ----
 3 files changed, 4 insertions(+), 87 deletions(-)

diff --git a/elbepack/daemons/soap/authentication.py b/elbepack/daemons/soap/authentication.py
index 6895da8f9a79..73b671e7cc23 100644
--- a/elbepack/daemons/soap/authentication.py
+++ b/elbepack/daemons/soap/authentication.py
@@ -4,7 +4,7 @@
 
 from functools import wraps
 
-from .faults import SoapElbeNotAuthorized, SoapElbeNotLoggedIn
+from .faults import SoapElbeNotLoggedIn
 
 
 def authenticated_uid(func):
@@ -93,77 +93,3 @@ def authenticated_uid(func):
         return wrapped
 
     raise Exception(f'arg count {func.__code__.co_argcount} not implemented')
-
-
-def authenticated_admin(func):
-    """ decorator, which Checks, that the current session is logged in as an admin
-
-        Allows for being wrapped in a soapmethod...
-
-        Example:
-            @soapmethod (String, _returns=Array(SoapFile))
-            @authenticated_uid
-            def get_files (self, uid, builddir):
-    """
-
-    # Do not edit this code.  Although using *args is tempting here,
-    # it will not work because Spyne is doing introspection on the
-    # function's signature.  I think it would be possible to do
-    # something with func.__code__.replace, but this requires deep
-    # Python's internal knowledges.
-
-    if func.__code__.co_argcount == 1:
-        @wraps(func)
-        def wrapped(self):
-            s = self.transport.req_env['beaker.session']
-            try:
-                uid = s['userid']
-            except KeyError:
-                raise SoapElbeNotLoggedIn()
-
-            if not self.app.pm.db.is_admin(uid):
-                raise SoapElbeNotAuthorized()
-            return func(self)
-        return wrapped
-    if func.__code__.co_argcount == 2:
-        @wraps(func)
-        def wrapped(self, arg1):
-            s = self.transport.req_env['beaker.session']
-            try:
-                uid = s['userid']
-            except KeyError:
-                raise SoapElbeNotLoggedIn()
-
-            if not self.app.pm.db.is_admin(uid):
-                raise SoapElbeNotAuthorized()
-
-            return func(self, arg1)
-        return wrapped
-    if func.__code__.co_argcount == 3:
-        @wraps(func)
-        def wrapped(self, arg1, arg2):
-            s = self.transport.req_env['beaker.session']
-            try:
-                uid = s['userid']
-            except KeyError:
-                raise SoapElbeNotLoggedIn()
-
-            if not self.app.pm.db.is_admin(uid):
-                raise SoapElbeNotAuthorized()
-            return func(self, arg1, arg2)
-        return wrapped
-    if func.__code__.co_argcount == 6:
-        @wraps(func)
-        def wrapped(self, arg1, arg2, arg3, arg4, arg5):
-            s = self.transport.req_env['beaker.session']
-            try:
-                uid = s['userid']
-            except KeyError:
-                raise SoapElbeNotLoggedIn()
-
-            if not self.app.pm.db.is_admin(uid):
-                raise SoapElbeNotAuthorized()
-            return func(self, arg1, arg2, arg3, arg4, arg5)
-        return wrapped
-
-    raise Exception(f'arg count {func.__code__.co_argcount} not implemented')
diff --git a/elbepack/daemons/soap/esoap.py b/elbepack/daemons/soap/esoap.py
index d71bd4171f76..8fe06d9e2a6f 100644
--- a/elbepack/daemons/soap/esoap.py
+++ b/elbepack/daemons/soap/esoap.py
@@ -17,7 +17,7 @@ from spyne.service import ServiceBase
 from elbepack.elbexml import ValidationMode
 from elbepack.version import elbe_version
 
-from .authentication import authenticated_admin, authenticated_uid
+from .authentication import authenticated_uid
 from .datatypes import SoapFile, SoapProject
 from .faults import soap_faults
 
@@ -45,8 +45,8 @@ class ESoap (ServiceBase):
 
     @rpc(_returns=Array(SoapProject))
     @soap_faults
-    @authenticated_admin
-    def list_projects(self):
+    @authenticated_uid
+    def list_projects(self, uid):
         return self.app.pm.db.list_projects()
 
     @rpc(String, _returns=SoapProject)
diff --git a/elbepack/db.py b/elbepack/db.py
index 2b7bee798d64..a15507c93873 100644
--- a/elbepack/db.py
+++ b/elbepack/db.py
@@ -752,15 +752,6 @@ class ElbeDB:
             # Everything good, now return the user id to the caller
             return int(u.id)
 
-    def is_admin(self, userid):
-        with session_scope(self.session) as s:
-            try:
-                u = s.query(User).filter(User.id == userid).one()
-            except NoResultFound:
-                raise ElbeDBError(f'no user with id {userid}')
-
-            return bool(u.admin)
-
     def get_username(self, userid):
         with session_scope(self.session) as s:
             try:

-- 
2.46.0

