diff options
author | Joshua Watt <JPEWhacker@gmail.com> | 2023-11-03 08:26:32 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-11-09 17:33:03 +0000 |
commit | 8cfb94c06cdfe3e6f0ec1ce0154951108bc3df94 (patch) | |
tree | 046a6d0d98b0b1bfb1467b2d3e4bbc29b181eb9b /bitbake/lib/hashserv/server.py | |
parent | 1af725b2eca63fa113cedb6d77eb5c5f1de6e2f0 (diff) | |
download | poky-8cfb94c06cdfe3e6f0ec1ce0154951108bc3df94.tar.gz |
bitbake: hashserv: Add become-user API
Adds API that allows a user admin to impersonate another user in the
system. This makes it easier to write external services that have
external authentication, since they can use a common user account to
access the server, then impersonate the logged in user.
(Bitbake rev: 71e2f5b52b686f34df364ae1f2fc058f45cd5e18)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'bitbake/lib/hashserv/server.py')
-rw-r--r-- | bitbake/lib/hashserv/server.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/bitbake/lib/hashserv/server.py b/bitbake/lib/hashserv/server.py index f5baa6be78..ca419a1abf 100644 --- a/bitbake/lib/hashserv/server.py +++ b/bitbake/lib/hashserv/server.py | |||
@@ -255,6 +255,7 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection): | |||
255 | "auth": self.handle_auth, | 255 | "auth": self.handle_auth, |
256 | "get-user": self.handle_get_user, | 256 | "get-user": self.handle_get_user, |
257 | "get-all-users": self.handle_get_all_users, | 257 | "get-all-users": self.handle_get_all_users, |
258 | "become-user": self.handle_become_user, | ||
258 | } | 259 | } |
259 | ) | 260 | ) |
260 | 261 | ||
@@ -707,6 +708,23 @@ class ServerClient(bb.asyncrpc.AsyncServerConnection): | |||
707 | 708 | ||
708 | return {"username": username} | 709 | return {"username": username} |
709 | 710 | ||
711 | @permissions(USER_ADMIN_PERM, allow_anon=False) | ||
712 | async def handle_become_user(self, request): | ||
713 | username = str(request["username"]) | ||
714 | |||
715 | user = await self.db.lookup_user(username) | ||
716 | if user is None: | ||
717 | raise bb.asyncrpc.InvokeError(f"User {username} doesn't exist") | ||
718 | |||
719 | self.user = user | ||
720 | |||
721 | self.logger.info("Became user %s", username) | ||
722 | |||
723 | return { | ||
724 | "username": self.user.username, | ||
725 | "permissions": self.return_perms(self.user.permissions), | ||
726 | } | ||
727 | |||
710 | 728 | ||
711 | class Server(bb.asyncrpc.AsyncServer): | 729 | class Server(bb.asyncrpc.AsyncServer): |
712 | def __init__( | 730 | def __init__( |