Beispiel #1
0
    def _allowed(self, request, datum):
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        if policy_check and self.policy_rules:
            target = self.get_policy_target(request, datum)
            return (policy_check(self.policy_rules, request, target) and
                    self.allowed(request, datum))
        return self.allowed(request, datum)
Beispiel #2
0
    def _allowed(self, request, datum):
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        if policy_check and self.policy_rules:
            target = self.get_policy_target(request, datum)
            return (policy_check(self.policy_rules, request, target)
                    and self.allowed(request, datum))
        return self.allowed(request, datum)
Beispiel #3
0
def check(actions, request, target=None):
    """Wrapper of the configurable policy method."""

    policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

    if policy_check:
        return policy_check(actions, request, target)

    return True
Beispiel #4
0
    def _has_permission(self, policy):
        has_permission = True
        # policy_check = getattr(settings, "POLICY_CHECK_FUNCTION", None)
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        if policy_check:
            has_permission = policy_check(policy, self.request)

        return has_permission
Beispiel #5
0
def policy_check(policy_rules, request):
    _policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")
    if _policy_check and policy_rules:
        for rule in policy_rules:
            rule_param = rule
            if not any(isinstance(r, (list, tuple)) for r in rule):
                rule_param = (rule, )
            if _policy_check(rule_param, request):
                return True
        return False
    return True
Beispiel #6
0
    def allowed(self, request):
        """Determines whether or not the tab is displayed.

        Tab instances can override this method to specify conditions under
        which this tab should not be shown at all by returning ``False``.
        """
        if not self.policy_rules:
            return True

        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        if policy_check:
            return policy_check(self.policy_rules, request)
        return True
Beispiel #7
0
class Admin(horizon.Dashboard):
    name = _("Admin")
    slug = "admin"

    if utils_settings.import_setting("POLICY_CHECK_FUNCTION"):
        policy_rules = (
            ('identity', 'admin_required'),
            ('image', 'context_is_admin'),
            ('volume', 'context_is_admin'),
            ('compute', 'context_is_admin'),
            ('network', 'context_is_admin'),
        )
    else:
        permissions = (tuple(utils.get_admin_permissions()), )
Beispiel #8
0
    def _can_access(self, request):
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")#导入权限检查函数
        # this check is an OR check rather than an AND check that is the
        # default in the policy engine, so calling each rule individually在策略引擎中默认,所以单独调用每个规则
        if policy_check and self.policy_rules:
            for rule in self.policy_rules:
                rule_param = rule
                if not any(isinstance(r, (list, tuple)) for r in rule):#从rule取出所有的元素r,然后判断是不是一个列表或者元组,any为真的情况为非空
                    rule_param = (rule,)
                if policy_check(rule_param, request):
                    return True#若存在权限,则返回true
            return False

        # default to allowed
        return True#默认返回true
Beispiel #9
0
    def _can_access(self, request):
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        # this check is an OR check rather than an AND check that is the
        # default in the policy engine, so calling each rule individually
        if policy_check and self.policy_rules:
            for rule in self.policy_rules:
                rule_param = rule
                if not any(isinstance(r, (list, tuple)) for r in rule):
                    rule_param = (rule, )
                if policy_check(rule_param, request):
                    return True
            return False

        # default to allowed
        return True
Beispiel #10
0
    def _can_access(self, request):
        policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")

        # this check is an OR check rather than an AND check that is the
        # default in the policy engine, so calling each rule individually
        if policy_check and self.policy_rules:
            for rule in self.policy_rules:
                rule_param = rule
                if not any(isinstance(r, (list, tuple)) for r in rule):
                    rule_param = (rule,)
                if policy_check(rule_param, request):
                    return True
            return False

        # default to allowed
        return True