def test_test(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
auth.registerPrincipal(User('user2'))
# setup some fake permissions to the test principals
prinperG.grantPermissionToPrincipal('read', 'user1')
prinperG.grantPermissionToPrincipal('zope.Nothing', 'user2')
# set up interactions
interaction_user1 = self._get_interaction('user1')
interaction_user2 = self._get_interaction('user2')
# get the object being secured
compute = self.make_compute()
eq_(compute.architecture, 'linux')
# get the proxies for the corresponding interactions
compute_proxy_user1 = proxy_factory(compute, interaction_user1)
compute_proxy_user2 = proxy_factory(compute, interaction_user2)
# check an authorized access
eq_(compute_proxy_user1.architecture, 'linux')
# check an unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user2.architecture, 'linux')
# check a default unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user1.state, 'active')
def test_test(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
auth.registerPrincipal(User('user2'))
# setup some fake permissions to the test principals
prinperG.grantPermissionToPrincipal('read', 'user1')
prinperG.grantPermissionToPrincipal('zope.Nothing', 'user2')
# set up interactions
interaction_user1 = self._get_interaction('user1')
interaction_user2 = self._get_interaction('user2')
# get the object being secured
compute = self.make_compute()
eq_(compute.architecture, 'linux')
# get the proxies for the corresponding interactions
compute_proxy_user1 = proxy_factory(compute, interaction_user1)
compute_proxy_user2 = proxy_factory(compute, interaction_user2)
# check an authorized access
eq_(compute_proxy_user1.architecture, 'linux')
# check an unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user2.architecture, 'linux')
# check a default unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user1.state, 'active')
def handle_request(self, request):
"""Takes a request, maps it to a domain object and a corresponding IHttpRestView
and returns the rendered output of that view.
"""
principal = self.check_auth(request)
oms_root = db.get_root()['oms_root']
objs, unresolved_path = traverse_path(oms_root, request.path[1:])
if not objs and unresolved_path:
objs = [oms_root]
obj = objs[-1]
interaction = self.get_interaction(request, principal)
request.interaction = interaction
if self.use_security_proxy:
obj = proxy_factory(obj, interaction)
view = self.find_view(obj, unresolved_path, request)
needs_rw_transaction = view.rw_transaction(request)
# create a security proxy if we have a secured interaction
if interaction:
try:
view = proxy_factory(view, interaction)
except:
# XXX: TODO: define a real exception for this proxy creation error
# right now we want to ignore security when there are no declared rules
# on how to secure a view
pass
def get_renderer(view, method):
try:
return getattr(view, method, None)
except zope.security.interfaces.Unauthorized:
raise Forbidden('User does not have permission to access this resource')
for method in ('render_' + request.method,
'render_' + request.method.lower(),
'render'):
renderer = get_renderer(view, method)
if renderer:
from opennode.oms.endpoint.httprest.auth import AuthView
if isinstance(view, AuthView) and renderer.__name__ == 'render':
res = renderer(request, self.use_keystone_tokens)
else:
res = renderer(request)
return res if needs_rw_transaction else db.RollbackValue(res)
raise NotImplementedError("Method %s is not implemented in %s\n" % (request.method, view))
def handle_request(self, request):
"""Takes a request, maps it to a domain object and a corresponding IHttpRestView
and returns the rendered output of that view.
"""
token = self.get_token(request)
oms_root = db.get_root()['oms_root']
objs, unresolved_path = traverse_path(oms_root, request.path[1:])
if not objs and unresolved_path:
objs = [oms_root]
obj = objs[-1]
interaction = self.get_interaction(request, token)
request.interaction = interaction
if self.use_security_proxy:
obj = proxy_factory(obj, interaction)
view = self.find_view(obj, unresolved_path, request)
needs_rw_transaction = view.rw_transaction(request)
# create a security proxy if we have a secured interaction
if interaction:
try:
view = proxy_factory(view, interaction)
except:
# XXX: TODO: define a real exception for this proxy creation error
# right now we want to ignore security when there are no declared rules
# on how to secure a view
pass
def get_renderer(view, method):
try:
return getattr(view, method, None)
except zope.security.interfaces.Unauthorized, e:
from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility
auth_util = getUtility(IHttpRestAuthenticationUtility)
if token or not auth_util.get_basic_auth_credentials(request) or \
(self.use_keystone_tokens and
not auth_util.get_keystone_auth_credentials(request)):
raise Forbidden(
'User does not have permission to access this resource'
)
raise Unauthorized()
def traverse(self, path):
objs, unresolved_path = self.traverse_full(path)
if not objs or unresolved_path:
return
elif self.protocol.use_security_proxy:
return proxy_factory(objs[-1], self.protocol.interaction)
else:
return objs[-1]
def traverse(self, path):
objs, unresolved_path = self.traverse_full(path)
if not objs or unresolved_path:
return
elif self.protocol.use_security_proxy:
return proxy_factory(objs[-1], self.protocol.interaction)
else:
return objs[-1]
def handle_request(self, request):
"""Takes a request, maps it to a domain object and a corresponding IHttpRestView
and returns the rendered output of that view.
"""
token = self.get_token(request)
oms_root = db.get_root()['oms_root']
objs, unresolved_path = traverse_path(oms_root, request.path[1:])
if not objs and unresolved_path:
objs = [oms_root]
obj = objs[-1]
interaction = self.get_interaction(request, token)
request.interaction = interaction
if self.use_security_proxy:
obj = proxy_factory(obj, interaction)
view = self.find_view(obj, unresolved_path, request)
needs_rw_transaction = view.rw_transaction(request)
# create a security proxy if we have a secured interaction
if interaction:
try:
view = proxy_factory(view, interaction)
except:
# XXX: TODO: define a real exception for this proxy creation error
# right now we want to ignore security when there are no declared rules
# on how to secure a view
pass
def get_renderer(view, method):
try:
return getattr(view, method, None)
except zope.security.interfaces.Unauthorized, e:
from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility
auth_util = getUtility(IHttpRestAuthenticationUtility)
if token or not auth_util.get_basic_auth_credentials(request) or \
(self.use_keystone_tokens and
not auth_util.get_keystone_auth_credentials(request)):
raise Forbidden('User does not have permission to access this resource')
raise Unauthorized()
def test_adapt(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
interaction = self._get_interaction('user1')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(IContainer(compute), IContainer(compute_proxy))
def test_adapt(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
interaction = self._get_interaction('user1')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(IContainer(compute), IContainer(compute_proxy))
def test_schema(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('userSchema'))
prinperG.grantPermissionToPrincipal('read', 'userSchema')
prinperG.grantPermissionToPrincipal('modify', 'userSchema')
interaction = self._get_interaction('userSchema')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(model_to_dict(compute), model_to_dict(compute_proxy))
def test_schema(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('userSchema'))
prinperG.grantPermissionToPrincipal('read', 'userSchema')
prinperG.grantPermissionToPrincipal('modify', 'userSchema')
interaction = self._get_interaction('userSchema')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(model_to_dict(compute), model_to_dict(compute_proxy))
def check_rights(self, obj, args):
interaction = self.protocol.interaction
obj = proxy_factory(obj, interaction)
allowed = []
denied = []
for r in args.r:
for i in r.split(','):
i = i.strip()
if i.startswith('@'):
i = i[1:]
(allowed if interaction.checkPermission(i, obj) else denied).append(i)
self.write("+%s:-%s\n" % (','.join('@' + i for i in allowed), ','.join('@' + i for i in denied)))
def check_rights(self, obj, args):
interaction = self.protocol.interaction
obj = proxy_factory(obj, interaction)
allowed = []
denied = []
for r in args.r:
for i in r.split(','):
i = i.strip()
if i.startswith('@'):
i = i[1:]
(allowed
if interaction.checkPermission(i, obj) else denied).append(i)
self.write("+%s:-%s\n" %
(','.join('@' + i
for i in allowed), ','.join('@' + i
for i in denied)))
def sudo(obj):
""" System utility to elevate privileges to certain object accesses """
obj = getObject(obj) if type(obj) is Proxy else obj
return checker.proxy_factory(obj, new_interaction('root'))
def sudo(obj):
""" System utility to elevate privileges to certain object accesses """
obj = getObject(obj) if type(obj) is Proxy else obj
return checker.proxy_factory(obj, new_interaction('root'))