Ejemplo n.º 1
0
 def get_interaction(self, request, principal='oms.anonymous'):
     # TODO: we can quickly disable rest auth
     # if get_config().getboolean('auth', 'enable_anonymous'):
     #     return None
     if request.method == 'OPTIONS':
         principal = 'oms.rest_options'
     return new_interaction(principal)
Ejemplo n.º 2
0
    def get_interaction(self, request, token):
        # TODO: we can quickly disable rest auth
        # if get_config().getboolean('auth', 'enable_anonymous'):
        #     return None

        from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility

        authenticator = getUtility(IHttpRestAuthenticationUtility)
        # XXX: Maybe inject the anonymous detection logic into authenticator?
        try:
            principal = authenticator.get_principal(token)
        except:
            # Avoid that changes in format of security token will require every user
            # to flush the cookies
            principal = 'oms.anonymous'

        # XXX: Should the token get renewed here?
        if principal != 'oms.anonymous':
            authenticator.renew_token(request, token)

        # XXX: What's the purpose of a special principle for OPTIONS method?
        if request.method == 'OPTIONS':
            principal = 'oms.rest_options'

        return new_interaction(principal)
Ejemplo n.º 3
0
    def get_interaction(self, request, token):
        # TODO: we can quickly disable rest auth
        # if get_config().getboolean('auth', 'enable_anonymous'):
        #     return None

        from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility

        authenticator = getUtility(IHttpRestAuthenticationUtility)
        # XXX: Maybe inject the anonymous detection logic into authenticator?
        try:
            principal = authenticator.get_principal(token)
        except:
            # Avoid that changes in format of security token will require every user
            # to flush the cookies
            principal = 'oms.anonymous'

        # XXX: Should the token get renewed here?
        if principal != 'oms.anonymous':
            authenticator.renew_token(request, token)

        # XXX: What's the purpose of a special principle for OPTIONS method?
        if request.method == 'OPTIONS':
            principal = 'oms.rest_options'

        return new_interaction(principal)
Ejemplo n.º 4
0
 def __init__(self, interaction=None):
     self.terminal = self
     self.protocol = self
     self.path = ['']
     self.use_security_proxy = False
     if interaction is None:
         auth = getUtility(IAuthentication)
         self.interaction = new_interaction(auth.getPrincipal('root'))
     else:
         self.interaction = interaction
Ejemplo n.º 5
0
def preload_acl_line(path, permspec, filename='-', lineno='-'):
    obj = traverse1(path[1:])

    if obj is None:
        log.warning('No such object: \'%s\'; file: \'%s\' line: %s', path,
                    filename, lineno)
        return

    if obj.__transient__:
        log.warning(
            "Transient object %s always inherits permissions from its parent",
            path)
        return

    if permspec in ('inherit', 'noinherit'):
        obj.inherit_permissions = (permspec == 'inherit')
        return

    auth = getUtility(IAuthentication, context=None)
    interaction = new_interaction(auth.getPrincipal('root'))
    with interaction:
        prinrole = IPrincipalRoleManager(obj)
        action_map = {
            'allow': prinrole.assignRoleToPrincipal,
            'deny': prinrole.removeRoleFromPrincipal,
            'unset': prinrole.unsetRoleForPrincipal
        }

        parsedspec = permspec.strip().split(':', 3)
        if len(parsedspec) < 4:
            log.error(
                'Format error: not all fields are specified: \'%s\' on line %s',
                filename, lineno)
            return

        permtype, kind, principal, perms = parsedspec

        if not perms:
            log.warning(
                'No permissions specified for object: \'%s\'; file: \'%s\' line: %s',
                path, filename, lineno)
            return

        for perm in perms.strip().split(','):
            if perm not in Role.nick_to_role:
                raise NoSuchPermission(perm)
            role = Role.nick_to_role[perm].id
            log.info('%s \'%s\' on %s (%s) to \'%s\'', permtype, perm, path,
                     obj, principal)
            action_map[permtype](role, principal)
Ejemplo n.º 6
0
def preload_acl_line(path, permspec, filename='-', lineno='-'):
    obj = traverse1(path[1:])

    if obj is None:
        log.warning('No such object: \'%s\'; file: \'%s\' line: %s', path, filename, lineno)
        return

    if obj.__transient__:
        log.warning("Transient object %s always inherits permissions from its parent", path)
        return

    if permspec in ('inherit', 'noinherit'):
        obj.inherit_permissions = (permspec == 'inherit')
        return

    auth = getUtility(IAuthentication, context=None)
    interaction = new_interaction(auth.getPrincipal('root'))
    with interaction:
        prinrole = IPrincipalRoleManager(obj)
        action_map = {'allow': prinrole.assignRoleToPrincipal,
                      'deny': prinrole.removeRoleFromPrincipal,
                      'unset': prinrole.unsetRoleForPrincipal}

        parsedspec = permspec.strip().split(':', 3)
        if len(parsedspec) < 4:
            log.error('Format error: not all fields are specified: \'%s\' on line %s', filename, lineno)
            return

        permtype, kind, principal, perms = parsedspec

        if not perms:
            log.warning('No permissions specified for object: \'%s\'; file: \'%s\' line: %s',
                        path, filename, lineno)
            return

        for perm in perms.strip().split(','):
            if perm not in Role.nick_to_role:
                raise NoSuchPermission(perm)
            role = Role.nick_to_role[perm].id
            log.info('%s \'%s\' on %s (%s) to \'%s\'', permtype, perm, path, obj, principal)
            action_map[permtype](role, principal)
def sudo(obj):
    """ System utility to elevate privileges to certain object accesses """
    obj = getObject(obj) if type(obj) is Proxy else obj
    return checker.proxy_factory(obj, new_interaction('root'))
 def __enter__(self):
     _checker = getChecker(self._obj)
     self.previous_interaction = _checker.interaction
     _checker.interaction = new_interaction('root')
     return self._obj
Ejemplo n.º 9
0
def sudo(obj):
    """ System utility to elevate privileges to certain object accesses """
    obj = getObject(obj) if type(obj) is Proxy else obj
    return checker.proxy_factory(obj, new_interaction('root'))
Ejemplo n.º 10
0
 def __enter__(self):
     _checker = getChecker(self._obj)
     self.previous_interaction = _checker.interaction
     _checker.interaction = new_interaction('root')
     return self._obj