def roles_for(role_manager, obj):
allowed = []
for g in effective_principals(interaction):
for role, setting in role_manager.getRolesForPrincipal(g.id):
if setting.getName() == 'Allow':
allowed.append(role)
return allowed
def _print_user(self, user):
groups = user.groups
self.write('user: %s\n'
'groups: %s\n'
'effective_principals: %s\n' %
(user.id, ' '.join(map(str, groups)), ' '.join(
map(lambda p: p.id, effective_principals(user)))))
def roles_for(role_manager, obj):
allowed = []
for g in effective_principals(interaction):
for role, setting in role_manager.getRolesForPrincipal(g.id):
if setting.getName() == 'Allow':
allowed.append(role)
return allowed
def _print_user(self, user):
groups = user.groups
self.write('user: %s\n'
'groups: %s\n'
'effective_principals: %s\n' %
(user.id,
' '.join(map(str, groups)),
' '.join(map(lambda p: p.id, effective_principals(user)))))
def arguments(self):
p = VirtualConsoleArgumentParser()
principals = map(lambda p: p.id, effective_principals(self.user))
if 'admins' in principals:
p.add_argument('-u',
'--user',
help='Check user by name (admins only)')
return p
def _require_admins_only_action(self, cmd, args):
principals = map(lambda p: p.id, effective_principals(cmd.user))
if 'admins' not in principals:
cmd.write('Permission denied: admins not in effective permissions: %s\n'
% ', '.join(principals))
return
return f(self, cmd, args)
def _require_admins_or_same_user(self, args):
principals = map(lambda p: p.id, effective_principals(self.user))
if args.u not in (None, self.user.id) and 'admins' not in principals:
self.write('Permission denied: admins not in effective permissions: %s\n'
% ', '.join(principals))
return
return f(self, args)
def _require_admins_only_action(self, cmd, args):
principals = map(lambda p: p.id, effective_principals(cmd.user))
if 'admins' not in principals:
cmd.write(
'Permission denied: admins not in effective permissions: %s\n'
% ', '.join(principals))
return
return f(self, cmd, args)
def _require_admins_or_same_user(self, args):
principals = map(lambda p: p.id, effective_principals(self.user))
if args.u not in (None, self.user.id) and 'admins' not in principals:
self.write(
'Permission denied: admins not in effective permissions: %s\n'
% ', '.join(principals))
return
return f(self, args)
def get(self, key, default=None):
val = super(AuditingPermissionDictionary, self).get(key, self.marker)
if val is self.marker:
if key not in _available_by_default:
checker_locals = inspect.getouterframes(inspect.currentframe())[1][0].f_locals
checker = checker_locals['self']
principals = effective_principals(checker.interaction)
seen_key = (key, ','.join(i.id for i in principals), type(checker_locals['obj']).__name__)
if seen_key not in self.seen:
log.warning("Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s" %
seen_key)
self.seen[seen_key] = True
return CheckerPublic
return val
def get(self, key, default=None):
val = super(AuditingPermissionDictionary, self).get(key, self.marker)
if val is self.marker:
if key not in _available_by_default:
checker_locals = inspect.getouterframes(
inspect.currentframe())[1][0].f_locals
checker = checker_locals['self']
principals = effective_principals(checker.interaction)
seen_key = (key, ','.join(i.id for i in principals),
type(checker_locals['obj']).__name__)
if seen_key not in self.seen:
log.warning(
"Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s"
% seen_key)
self.seen[seen_key] = True
return CheckerPublic
return val
def execute(self, args):
principals = map(lambda p: p.id, effective_principals(self.user))
if 'admins' in principals and getattr(args, 'user', None):
auth = getUtility(IAuthentication, context=None)
user = auth.getPrincipal(args.user)
if not user:
self.write('User not found: %s\n' % args.user)
else:
self._print_user(user)
return
interaction = self.protocol.interaction
if not interaction:
return self.write('user: oms.anonymous\n')
for participation in interaction.participations:
user = participation.principal
self._print_user(user)
def execute(self, args):
principals = map(lambda p: p.id, effective_principals(self.user))
if 'admins' in principals and getattr(args, 'user', None):
auth = getUtility(IAuthentication, context=None)
user = auth.getPrincipal(args.user)
if not user:
self.write('User not found: %s\n' % args.user)
else:
self._print_user(user)
return
interaction = self.protocol.interaction
if not interaction:
return self.write('user: oms.anonymous\n')
for participation in interaction.participations:
user = participation.principal
self._print_user(user)
def arguments(self):
p = VirtualConsoleArgumentParser()
principals = map(lambda p: p.id, effective_principals(self.user))
if 'admins' in principals:
p.add_argument('-u', '--user', help='Check user by name (admins only)')
return p
