def get_current_user(headers): # FIXME(jd) Should be a single header user_id = headers.get("X-User-Id") project_id = headers.get("X-Project-Id") if user_id: if project_id: return user_id + ":" + project_id return user_id if project_id: return project_id rest.abort(401, "Unable to determine current user")
def get_resource_policy_filter(headers, rule, resource_type): try: # Check if the policy allows the user to list any resource rest.enforce(rule, { "resource_type": resource_type, }) except webob.exc.HTTPForbidden: policy_filter = [] project_id = headers.get("X-Project-Id") try: # Check if the policy allows the user to list resources linked # to their project rest.enforce(rule, { "resource_type": resource_type, "project_id": project_id, }) except webob.exc.HTTPForbidden: pass else: policy_filter.append({"=": {"project_id": project_id}}) try: # Check if the policy allows the user to list resources linked # to their created_by_project rest.enforce( rule, { "resource_type": resource_type, "created_by_project_id": project_id, }) except webob.exc.HTTPForbidden: pass else: if project_id: policy_filter.append( {"like": { "creator": "%:" + project_id }}) else: policy_filter.append({"=": {"creator": None}}) if not policy_filter: # We need to have at least one policy filter in place rest.abort(403, "Insufficient privileges") return {"or": policy_filter}
def get_current_user(headers): auth = werkzeug.http.parse_authorization_header( headers.get("Authorization")) if auth is None: rest.abort(401) return auth.username
def get_current_user(request): user = request.remote_user if user is None: rest.abort(401) return user.decode('iso-8859-1')