From 770e46f5f841e465195a615398a5e48f6e8d008a Mon Sep 17 00:00:00 2001
From: Christian Boettcher <c.boettcher@fz-juelich.de>
Date: Fri, 5 Nov 2021 12:40:19 +0100
Subject: [PATCH] other secrets stuff

---
 apiserver/security/user.py                  | 6 +++++-
 apiserver/storage/JsonFileStorageAdapter.py | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/apiserver/security/user.py b/apiserver/security/user.py
index 2225d20..5df8957 100644
--- a/apiserver/security/user.py
+++ b/apiserver/security/user.py
@@ -34,12 +34,16 @@ class Token(BaseModel):
 class User(BaseModel):
     username: str
     email: str = None
-    has_secrets_access: Optional[bool] = False
+    has_secrets_access: bool = False
 
 
 class UserInDB(User):
     hashed_password: str = None
 
+class Secret(BaseModel):
+    key: str = None
+    secret: str = None
+
 
 class AbstractDBInterface(metaclass=abc.ABCMeta):
     @abc.abstractclassmethod
diff --git a/apiserver/storage/JsonFileStorageAdapter.py b/apiserver/storage/JsonFileStorageAdapter.py
index 94e1ccd..5ce07a3 100644
--- a/apiserver/storage/JsonFileStorageAdapter.py
+++ b/apiserver/storage/JsonFileStorageAdapter.py
@@ -66,7 +66,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
 
     def __get_object_path(self, value: str, oid: str) -> str:
         localpath = os.path.join(self.data_dir, value)
-        full_path = os.path.join(localpath, oid)
+        full_path = os.path.join(localpath, str(oid))
         common = os.path.commonprefix((os.path.realpath(full_path),os.path.realpath(self.data_dir)))
         if common != os.path.realpath(self.data_dir):
             log.error(f"Escaping the data dir! {common} {full_path}")
@@ -85,7 +85,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
         if not os.path.isfile(path):
             return {}
         with open(path, "r") as file:
-            dict = eval(file.read())
+            dict = json.load(file)
         return dict
 
     def __store_secrets(self, path: str, secrets: Dict[str, str]):
@@ -139,7 +139,7 @@ class JsonFileStorageAdapter(AbstractLocationDataStorageAdapter):
         """ list all available secrets for this object"""
         secrets_path = self.__get_secrets_path(value=n_type.value, oid=oid)
         secrets = self.__load_secrets(secrets_path)
-        return secrets.keys()
+        return list(secrets.keys())
 
     def add_update_secret(self, n_type: LocationDataType, oid:str, key: str, value: str, usr: str):
         """ add new secrets to an existing object"""
-- 
GitLab