Beispiel #1
0
	def transform(self, context, handler, result):
		try:
			acl = result.__acl__
		except AttributeError:
			return result
		
		acl = ACL(*acl, context=context)
		valid = acl.is_authorized
		
		if valid.result is False:
			log.error("Response rejected due to return value authorization failure.", extra=dict(
					grant = False,
					predicate = repr(valid.predicate) if valid.predicate else None,
					path = str(valid.path) if valid.path else None,
					result = safe_name(type(result))
				))
			return HTTPForbidden()
		
		elif __debug__:
			log.debug("Successful response authorization.", extra=dict(
					grant = valid.result,
					predicate = repr(valid.predicate) if valid.predicate else None,
					path = str(valid.path) if valid.path else None,
					result = safe_name(type(result))
				))
		
		return result
Beispiel #2
0
	def mutate(self, context, handler, args, kw):
		if not context.acl:
			if __debug__:
				log.debug("Skipping validation of empty ACL.", extra=dict(request=id(context)))
			
			return
		
		grant = context.acl.is_authorized
		
		if grant.result is False:
			log.error("Endpoint authorization failed: " + repr(grant), extra=dict(
					grant = False,
					predicate = repr(grant.predicate) if grant.predicate else None,
					path = str(grant.path) if grant.path else None,
					source = safe_name(grant.source) if grant.source else None
				))
			raise HTTPForbidden()
		
		elif __debug__:
			log.debug("Successful endpoint authorization: " + repr(grant), extra=dict(
					grant = False,
					predicate = repr(grant.predicate) if grant.predicate else None,
					path = str(grant.path) if grant.path else None,
					source = safe_name(grant.source) if grant.source else None
				))
Beispiel #3
0
	def dispatch(self, context, consumed, handler, is_endpoint):
		"""Called as dispatch descends into a tier.
		
		The ACL extension uses this to build up the current request's ACL.
		"""
		
		acl = getattr(handler, '__acl__', ())
		inherit = getattr(handler, '__acl_inherit__', True)
		
		if __debug__:
			log.debug("Handling dispatch event: " + repr(handler) + " " + repr(acl), extra=dict(
					request = id(context),
					consumed = consumed,
					handler = safe_name(handler),
					endpoint = is_endpoint,
					acl = [repr(i) for i in acl],
					inherit = inherit,
				))
		
		if not inherit:
			if __debug__:
				log.debug("Clearing collected access control list.")
			
			del context.acl[:]
		
		context.acl.extend((Path(context.request.path), i, handler) for i in acl)
Beispiel #4
0
	def _mutate(self, context, endpoint, args, kw):
		try:
			if callable(endpoint) and not isroutine(endpoint):
				endpoint = endpoint.__call__  # Handle instances that are callable.
			
			getcallargs(endpoint, *args, **kw)
		
		except TypeError as e:
			# If the argument specification doesn't match, the handler can't process this request.
			# This is one policy. Another possibility is more computationally expensive and would pass only
			# valid arguments, silently dropping invalid ones. This can be implemented as a mutate handler.
			log.error(str(e).replace(endpoint.__name__, safe_name(endpoint)), extra=dict(
					request = id(context),
					endpoint = safe_name(endpoint),
					endpoint_args = args,
					endpoint_kw = kw,
				))
			
			raise HTTPNotFound("Incorrect endpoint arguments: " + str(e))
Beispiel #5
0
	def dispatch(self, context, consumed, handler, is_endpoint):
		"""Called as dispatch descends into a tier.
		
		The base extension uses this to maintain the "current url".
		"""
		
		request = context.request
		
		if __debug__:
			log.debug("Handling dispatch event.", extra=dict(
					request = id(context),
					consumed = consumed,
					handler = safe_name(handler),
					endpoint = is_endpoint
				))
		
		# The leading path element (leading slash) requires special treatment.
		if not consumed and context.request.path_info_peek() == '':
			consumed = ['']
		
		nConsumed = 0
		if consumed:
			# Migrate path elements consumed from the `PATH_INFO` to `SCRIPT_NAME` WSGI environment variables.
			if not isinstance(consumed, (list, tuple)):
				consumed = consumed.split('/')
			
			for element in consumed:
				if element == context.request.path_info_peek():
					context.request.path_info_pop()
					nConsumed += 1
				else:
					break
		
		# Update the breadcrumb list.
		context.path.append(Crumb(handler, Path(request.script_name)))
		
		if consumed:  # Lastly, update the remaining path element list.
			request.remainder = request.remainder[nConsumed:]
Beispiel #6
0
    def dispatch(self, context, consumed, handler, is_endpoint):
        """Called as dispatch descends into a tier.
		
		The base extension uses this to maintain the "current url".
		"""

        request = context.request

        if __debug__:
            log.debug("Handling dispatch event.",
                      extra=dict(request=id(context),
                                 consumed=consumed,
                                 handler=safe_name(handler),
                                 endpoint=is_endpoint))

        # The leading path element (leading slash) requires special treatment.
        if not consumed and context.request.path_info_peek() == '':
            consumed = ['']

        nConsumed = 0
        if consumed:
            # Migrate path elements consumed from the `PATH_INFO` to `SCRIPT_NAME` WSGI environment variables.
            if not isinstance(consumed, (list, tuple)):
                consumed = consumed.split('/')

            for element in consumed:
                if element == context.request.path_info_peek():
                    context.request.path_info_pop()
                    nConsumed += 1
                else:
                    break

        # Update the breadcrumb list.
        context.path.append(Crumb(handler, Path(request.script_name)))

        if consumed:  # Lastly, update the remaining path element list.
            request.remainder = request.remainder[nConsumed:]
Beispiel #7
0
	def handlers(self):
		return ', '.join(safe_name(i.handler) for i in self._ctx.path)