def _authorize(self, user_name, resource_type, resource_owner,
action_name):
qualified_action = '%s:%s' % (resource_type, action_name)
identity = {'user': user_name, 'groups': self._get_groups(user_name)}
resource = {'type': resource_type, 'owner': resource_owner}
action = {'name': qualified_action}
if not self._authorizer.authorize(identity, resource, action):
raise Forbidden('User "%s" does not have authorization for "%s"' %
(user_name, qualified_action))
def _get_groups(self, user):
groups = []
if user:
try:
groups = [
g.gr_name for g in grp.getgrall() if user in g.gr_mem
]
gid = pwd.getpwnam(user).pw_gid
groups.append(grp.getgrgid(gid).gr_name)
except:
raise Forbidden('Failed to find details for user "%s"' % user)
return groups