Add support for fetching Launchpad teams

setup.py

@@ -43,6 +43,7 @@ setuptools.setup(
 
     packages = [
         "uitwww",
+        "uitwww.third_party"
     ],
 
     entry_points = {

uitwww/auth.py

@@ -18,6 +18,10 @@ import uuid
 
 import flask
 import flask_openid
+import pkg_resources
+import yaml
+
+from uitwww.third_party import openid_teams
 
 
 class SessionError(BaseException):
@@ -63,12 +67,27 @@ class Sessions:
         self.db.update("DELETE FROM auth_sessions WHERE id = ?;", id)
 
 
+class Permissions:
+
+    def __init__(self):
+        raw = pkg_resources.resource_string("uitwww", "data/permissions.yml")
+        self.config = yaml.load(raw.decode("utf-8"))
+
+    def allowed_teams(self):
+        return list(self.config["teams"].keys())
+
+
 def prepare_blueprint(app):
     """Prepare the auth blueprint"""
     bp = flask.Blueprint("auth", __name__)
 
-    oid = flask_openid.OpenID(app, safe_roots=[])
+    oid = flask_openid.OpenID(
+        app,
+        safe_roots=[],
+        extension_responses=[openid_teams.TeamsResponse],
+    )
     sessions = Sessions(app.db)
+    permissions = Permissions()
 
     @app.before_request
     def check_auth():
@@ -85,7 +104,12 @@ def prepare_blueprint(app):
 
     @oid.after_login
     def receive_openid(resp):
-        flask.session["auth"] = sessions.create(resp.nickname, [])
+        teams = resp.extensions["lp"].is_member
+        if not teams or teams == [""]:
+            flask.flash("Non hai i permessi per accedere al sito.", "error")
+            return flask.redirect(flask.url_for("pages.index"))
+
+        flask.session["auth"] = sessions.create(resp.nickname, teams)
         flask.flash("Benvenuto %s!" % resp.nickname, "success")
         return flask.redirect(flask.url_for("pages.index"))
 
@@ -93,7 +117,13 @@ def prepare_blueprint(app):
     @oid.loginhandler
     def login():
         if "auth_name" not in flask.g:
-            return oid.try_login("https://login.ubuntu.com/+openid", ask_for=["nickname"])
+            return oid.try_login(
+                "https://login.ubuntu.com/+openid",
+                ask_for=["nickname"],
+                extensions=[
+                    openid_teams.TeamsRequest(permissions.allowed_teams())
+                ],
+            )
         else:
             flask.flash("Hai già effettuato l'accesso!", "info")
             return flask.redirect(flask.url_for("pages.index"))

uitwww/data/permissions.yml

+permissions: []
+
+teams:
+  ubuntu-it-www: "*"
+  ubuntu-it-council: "*"
+  ubuntu-it-members: []
+  ubuntu-it-newsletter: []