def check_permission(self, action, username, resource, perm):
if ConfigObj is None:
self.log.error('configobj package not found')
return None
if self.authz_file and not self.authz_mtime or \
os.path.getmtime(self.get_authz_file()) > self.authz_mtime:
self.parse_authz()
resource_key = self.normalise_resource(resource)
self.log.debug('Checking %s on %s', action, resource_key)
permissions = self.authz_permissions(resource_key, username)
if permissions is None:
return None # no match, can't decide
elif permissions == ['']:
return False # all actions are denied
# FIXME: expand all permissions once for all
ps = PermissionSystem(self.env)
for deny, perms in groupby(permissions,
key=lambda p: p.startswith('!')):
if deny and action in ps.expand_actions([p[1:] for p in perms]):
return False # action is explicitly denied
elif action in ps.expand_actions(perms):
return True # action is explicitly granted
return None # no match for action, can't decide
def check_permission(self, action, username, resource, perm):
if ConfigObj is None:
self.log.error('configobj package not found')
return None
if self.authz_file and not self.authz_mtime or \
os.path.getmtime(self.get_authz_file()) > self.authz_mtime:
self.parse_authz()
resource_key = self.normalise_resource(resource)
self.log.debug('Checking %s on %s', action, resource_key)
permissions = self.authz_permissions(resource_key, username)
if permissions is None:
return None # no match, can't decide
elif permissions == ['']:
return False # all actions are denied
# FIXME: expand all permissions once for all
ps = PermissionSystem(self.env)
for deny, perms in groupby(permissions,
key=lambda p: p.startswith('!')):
if deny and action in ps.expand_actions([p[1:] for p in perms]):
return False # action is explicitly denied
elif action in ps.expand_actions(perms):
return True # action is explicitly granted
return None # no match for action, can't decide
def _expand_perms(self, env):
permsys = PermissionSystem(env)
grant = frozenset(permsys.expand_actions(self.grant))
revoke = frozenset(permsys.expand_actions(self.revoke))
# Double check ambiguous action lists
if grant & revoke:
raise ValueError('Impossible to grant and revoke (%s)' %
', '.join(sorted(grant & revoke)))
self.grant = grant
self.revoke = revoke
self._expanded = True
def _expand_perms(self, env):
permsys = PermissionSystem(env)
grant = frozenset(permsys.expand_actions(self.grant))
revoke = frozenset(permsys.expand_actions(self.revoke))
# Double check ambiguous action lists
if grant & revoke:
raise ValueError('Impossible to grant and revoke (%s)' %
', '.join(sorted(grant & revoke)))
self.grant = grant
self.revoke = revoke
self._expanded = True
def get_relevant_permissions(self, policy, username):
ps = PermissionSystem(self.env)
relevant_permissions = set(self._required_permissions.itervalues())
user_permissions = self.get_all_user_permissions(policy, username)
for doc_type, doc_id, permissions in user_permissions:
for deny, perms in groupby(permissions,
key=lambda p: p.startswith('!')):
if deny:
for p in ps.expand_actions([p[1:] for p in perms]):
if p in relevant_permissions:
yield doc_type, doc_id, p, True
else:
for p in ps.expand_actions(perms):
if p in relevant_permissions:
yield doc_type, doc_id, p, False
def get_relevant_permissions(self, policy, username):
ps = PermissionSystem(self.env)
relevant_permissions = set(self._required_permissions.itervalues())
user_permissions = self.get_all_user_permissions(policy, username)
for doc_type, doc_id, permissions in user_permissions:
for deny, perms in groupby(permissions,
key=lambda p: p.startswith('!')):
if deny:
for p in ps.expand_actions([p[1:] for p in perms]):
if p in relevant_permissions:
yield doc_type, doc_id, p, True
else:
for p in ps.expand_actions(perms):
if p in relevant_permissions:
yield doc_type, doc_id, p, False
def check_permission(self, action, username, resource, perm):
if not self.authz_mtime or os.path.getmtime(self.authz_file) != self.authz_mtime:
self.parse_authz()
resource_key = self.normalise_resource(resource)
self.log.debug("Checking %s on %s", action, resource_key)
permissions = self.authz_permissions(resource_key, username)
if permissions is None:
return None # no match, can't decide
elif permissions == []:
return False # all actions are denied
# FIXME: expand all permissions once for all
ps = PermissionSystem(self.env)
for deny, perms in groupby(permissions, key=lambda p: p.startswith("!")):
if deny and action in ps.expand_actions(p[1:] for p in perms):
return False # action is explicitly denied
elif action in ps.expand_actions(perms):
return True # action is explicitly granted
return None # no match for action, can't decide
