Ejemplos de UserAccessMeta en Python

Ejemplo n.º 1

    def process_resource(self, req: falcon.Request, _resp: falcon.Response, resource, params):
        if getattr(resource, "internal_group_validation", False):
            return

        access = getattr(req, "user_access", UserAccessMeta())
        store_id = params.get("store_id", None)
        project_id = params.get("project_id", None)

        method = req.method

        if store_id and project_id:
            if method in HTTP_IGNORE_METHODS:
                return

            if method in HTTP_READ_METHODS and not self._controller.has_access(store_id=store_id, project_id=project_id,
                                                                               groups=access.read_groups, is_admin=access.admin_access):
                raise falcon.HTTPUnauthorized(title='Access token required for READ operation',
                                              description='Please provide a valid access token as part of the request.')
            elif method in HTTP_WRITE_METHODS and not self._controller.has_access(store_id=store_id, project_id=project_id,
                                                                                  groups=access.write_groups, is_admin=access.admin_access):
                raise falcon.HTTPUnauthorized(title='Access token required for WRITE operation',
                                              description='Please provide a valid access token as part of the request.')
        else:
            logging.error("Something is wrong with this resource %s. It should either declare itself as 'internal_group_validation' "
                          "or have a valid store_id and project_id.", req.path)
            raise falcon.HTTPInternalServerError(title="Auth service configuration error", description="One of the resource is misconfigured")

Ejemplo n.º 2

    def on_post(self, req: falcon.Request, resp: falcon.Response,
                store_id: str):
        validate_not_null(req.media, 'id')
        validate_not_null(req.media, 'name')
        validate_not_null(req.media, 'groups')

        project_id = req.media.get('id')
        project_name = req.media.get('name')
        project_groups = req.media.get('groups')

        access = getattr(req, "user_access", UserAccessMeta())
        _has_create_access(is_admin=access.admin_access,
                           access_groups=access.write_groups,
                           project_groups=project_groups)

        self._controller.create_project(store_id=store_id,
                                        project_id=project_id)
        self._controller.edit_project_access_meta(
            store_id=store_id,
            project_id=project_id,
            meta=OveProjectAccessMeta(groups=project_groups))

        meta = self._controller.get_project_meta(store_id=store_id,
                                                 project_id=project_id)
        meta.name = project_name
        self._controller.edit_project_meta(store_id=store_id,
                                           project_id=project_id,
                                           meta=meta)

        resp.media = {'Project': project_id}
        resp.status = falcon.HTTP_200

Ejemplo n.º 3

    def on_patch(self, req: falcon.Request, resp: falcon.Response):
        validate_not_null(req.media, 'task_id')
        self._worker_manager.reset_task(task_id=req.media.get('task_id'),
                                        user=getattr(req, "user_access",
                                                     UserAccessMeta()))

        resp.media = {"status": "OK"}
        resp.status = falcon.HTTP_200

Ejemplo n.º 4

Archivo: user.py Proyecto: ove/ove-asset-manager

def add(auth: AuthManager, args: Namespace):
    password = get_password_input(args.username, args.ignore)

    if password:
        setattr(args, "password", password)
        _edit(user=UserAccessMeta(user=args.username),
              auth=auth,
              args=args,
              add_user=True)

Ejemplo n.º 5

Archivo: auth.py Proyecto: ove/ove-asset-manager

    def process_request(self, req: falcon.Request, _resp: falcon.Response):
        if is_public(req.path, self.public_paths):
            logging.debug("This is a public resource which does not need a valid token")
            return

        token = self.auth.decode_token(_get_token(req, field=FIELD_AUTH_TOKEN))
        _check_access(method=req.method, token=token)

        req.user_access = UserAccessMeta(user=token.user, read_groups=token.read_groups or [],
                                         write_groups=token.write_groups or [], admin_access=token.admin_access or False)

Ejemplo n.º 6

Archivo: auth.py Proyecto: ove/ove-asset-manager

    def edit_user(self, access: UserAccessMeta, password: str = None, hashed: bool = False, add: bool = False) -> bool:
        db = access.to_db()
        if password:
            db["password"] = password if hashed else argon2.hash(password)

        if add:
            self._auth_collection.insert_one(db)
            return True
        else:
            result = self._auth_collection.update_one({"user": access.user}, {"$set": db})
            return result.modified_count > 0

Ejemplo n.º 7

    def on_get(self, req: falcon.Request, resp: falcon.Response,
               store_id: str):
        results_filter = build_meta_filter(req.params, default_filter=None)
        metadata = True if results_filter else to_bool(
            req.params.get("metadata", False))

        resp.media = self._controller.list_projects(
            store_id=store_id,
            metadata=metadata,
            result_filter=results_filter,
            access=getattr(req, "user_access", UserAccessMeta()))
        resp.status = falcon.HTTP_200

Ejemplo n.º 8

    def on_post(self, req: falcon.Request, resp: falcon.Response):
        _validate_is_admin(req)

        validate_not_null(req.media, 'user')
        validate_not_null(req.media, 'password')

        data = UserAccessMeta(**req.media)

        self._auth.edit_user(access=data,
                             password=req.media.get("password"),
                             add=True)
        resp.media = {"result": "OK"}
        resp.status = falcon.HTTP_200

Ejemplo n.º 9

    def on_post(self, req: falcon.Request, resp: falcon.Response):
        validate_not_null(req.media, 'store_id')
        validate_not_null(req.media, 'project_id')
        validate_not_null(req.media, 'asset_id')
        validate_not_null(req.media, 'worker_type')

        user = getattr(req, "user_access", UserAccessMeta())
        store_id = req.media.get("store_id")
        project_id = req.media.get("project_id")
        asset_id = req.media.get("asset_id")
        worker_type = req.media.get("worker_type")

        if not self._controller.has_access(store_id=store_id,
                                           project_id=project_id,
                                           groups=user.write_groups,
                                           is_admin=user.admin_access):
            raise falcon.HTTPUnauthorized(
                title="Unable to process asset",
                description="Insufficient write access to process asset")

        store_config = self._controller.get_store_config(store_id=store_id)
        task_options = req.media.get("parameters", dict())
        priority = req.media.get("priority", 1)

        meta = self._controller.get_asset_meta(store_id=store_id,
                                               project_id=project_id,
                                               asset_id=asset_id)
        user = getattr(req, "user_access", UserAccessMeta())
        self._worker_manager.schedule_task(store_id=store_id,
                                           project_id=project_id,
                                           meta=meta,
                                           worker_type=worker_type,
                                           username=user.user,
                                           store_config=store_config,
                                           task_options=task_options,
                                           priority=priority)

        resp.media = {'Status': 'OK'}
        resp.status = falcon.HTTP_200

Ejemplo n.º 10

def _validate_is_admin(req: falcon.Request):
    if not getattr(req, "user_access", UserAccessMeta()).admin_access:
        raise falcon.HTTPUnauthorized(
            title='Access token required for ADMIN operation',
            description=
            'Please provide a valid access token as part of the request.')

Ejemplo n.º 11

 def on_get(self, req: falcon.Request, resp: falcon.Response):
     resp.media = self._worker_manager.worker_queue(
         user=getattr(req, "user_access", UserAccessMeta()))
     resp.status = falcon.HTTP_200

Ejemplo n.º 12

Archivo: auth.py Proyecto: ove/ove-asset-manager

 def _from_public(doc: Dict) -> UserAccessMeta:
     return UserAccessMeta(user=doc.get("user", None), admin_access=to_bool(doc.get("admin_access", False)),
                           read_groups=doc.get("read_groups", []) or [], write_groups=doc.get("write_groups", []) or [])

Ejemplo n.º 13

Archivo: auth.py Proyecto: ove/ove-asset-manager

 def _from_db(doc: Dict) -> UserAccessMeta:
     am = doc.get("am", {}) or {}
     return UserAccessMeta(user=doc.get("user", None), admin_access=to_bool(am.get("admin_access", False)),
                           read_groups=am.get("read_groups", []) or [], write_groups=am.get("write_groups", []) or [])