Ejemplos de info en Python

Ejemplo n.º 1

Archivo: organization.py Proyecto: isabella232/sentry-2

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            return request.auth.organization_id == organization.id

        else:
            request.access = access.from_request(request, organization)
            # session auth needs to confirm various permissions
            if request.user.is_authenticated() and self.needs_sso(
                    request, organization):
                logger.info('access.must-sso',
                            extra={
                                'organization_id': organization.id,
                                'user_id': request.user.id,
                            })
                raise NotAuthenticated(detail='Must login via SSO')

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 2

Archivo: organization.py Proyecto: donaminos/sentry

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            return request.auth.organization_id == organization.id

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info('access.signed-sso-passthrough',
                            extra={
                                'organization_id': organization.id,
                                'user_id': request.user.id,
                            })
            elif request.user.is_authenticated() and self.needs_sso(
                    request, organization):
                # session auth needs to confirm various permissions
                logger.info('access.must-sso',
                            extra={
                                'organization_id': organization.id,
                                'user_id': request.user.id,
                            })
                raise NotAuthenticated(detail='Must login via SSO')

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 3

Archivo: permissions.py Proyecto: wangjianweiwei/sentry

    def determine_access(self, request: Request, organization):
        from sentry.api.base import logger

        if request.user and request.user.is_authenticated and request.auth:
            request.access = access.from_request(
                request, organization, scopes=request.auth.get_scopes())

        elif request.auth:
            request.access = access.from_auth(request.auth, organization)

        else:
            request.access = access.from_request(request, organization)

            extra = {
                "organization_id": organization.id,
                "user_id": request.user.id
            }

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info(
                    "access.signed-sso-passthrough",
                    extra=extra,
                )
            elif request.user.is_authenticated:
                # session auth needs to confirm various permissions
                if self.needs_sso(request, organization):

                    logger.info(
                        "access.must-sso",
                        extra=extra,
                    )

                    raise SsoRequired(organization)

                if self.is_not_2fa_compliant(request, organization):
                    logger.info(
                        "access.not-2fa-compliant",
                        extra=extra,
                    )
                    if request.user.is_superuser and organization.id != Superuser.org_id:
                        raise SuperuserRequired()

                    raise TwoFactorRequired()

                if self.is_member_disabled_from_limit(request, organization):
                    logger.info(
                        "access.member-disabled-from-limit",
                        extra=extra,
                    )
                    raise MemberDisabledOverLimit(organization)

Ejemplo n.º 4

Archivo: organization.py Proyecto: faulkner/sentry

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request, organization, scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            if request.auth is ROOT_KEY:
                return True
            return request.auth.organization_id == organization.id

        else:
            request.access = access.from_request(request, organization)
            # session auth needs to confirm various permissions
            if request.user.is_authenticated() and self.needs_sso(request, organization):
                logger.info('access.must-sso', extra={
                    'organization_id': organization.id,
                    'user_id': request.user.id,
                })
                raise NotAuthenticated(detail='Must login via SSO')

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 5

Archivo: organization.py Proyecto: NuttasitBoonwat/sentry

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            return request.auth.organization_id == organization.id

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info(
                    'access.signed-sso-passthrough',
                    extra={
                        'organization_id': organization.id,
                        'user_id': request.user.id,
                    }
                )
            elif request.user.is_authenticated() and self.needs_sso(request, organization):
                # session auth needs to confirm various permissions
                logger.info(
                    'access.must-sso',
                    extra={
                        'organization_id': organization.id,
                        'user_id': request.user.id,
                    }
                )
                raise NotAuthenticated(detail='Must login via SSO')

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 6

Archivo: organization.py Proyecto: binlee1990/sentry

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            if request.auth.organization_id == organization.id:
                request.access = access.from_auth(request.auth)
            else:
                request.access = access.DEFAULT

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info(
                    'access.signed-sso-passthrough',
                    extra={
                        'organization_id': organization.id,
                        'user_id': request.user.id,
                    }
                )
            elif request.user.is_authenticated():
                # session auth needs to confirm various permissions
                if self.needs_sso(request, organization):

                    logger.info(
                        'access.must-sso',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )

                    raise SsoRequired(organization)

                if self.is_not_2fa_compliant(
                        request.user, organization):
                    logger.info(
                        'access.not-2fa-compliant',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )
                    raise TwoFactorRequired()

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 7

    def has_object_permission(self, request, view, organization):
        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            if request.auth.organization_id == organization.id:
                request.access = access.from_auth(request.auth)
            else:
                request.access = access.DEFAULT

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info(
                    'access.signed-sso-passthrough',
                    extra={
                        'organization_id': organization.id,
                        'user_id': request.user.id,
                    }
                )
            elif request.user.is_authenticated():
                # session auth needs to confirm various permissions
                if self.needs_sso(request, organization):

                    logger.info(
                        'access.must-sso',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )

                    raise SsoRequired(organization)

                if self.is_not_2fa_compliant(
                        request.user, organization):
                    logger.info(
                        'access.not-2fa-compliant',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )
                    raise TwoFactorRequired()

        allowed_scopes = set(self.scope_map.get(request.method, []))
        return any(request.access.has_scope(s) for s in allowed_scopes)

Ejemplo n.º 8

Archivo: permissions.py Proyecto: getsentry/sentry

    def determine_access(self, request, organization):
        from sentry.api.base import logger

        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            request.access = access.from_auth(request.auth, organization)

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info(
                    'access.signed-sso-passthrough',
                    extra={
                        'organization_id': organization.id,
                        'user_id': request.user.id,
                    }
                )
            elif request.user.is_authenticated():
                # session auth needs to confirm various permissions
                if self.needs_sso(request, organization):

                    logger.info(
                        'access.must-sso',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )

                    raise SsoRequired(organization)

                if self.is_not_2fa_compliant(
                        request, organization):
                    logger.info(
                        'access.not-2fa-compliant',
                        extra={
                            'organization_id': organization.id,
                            'user_id': request.user.id,
                        }
                    )
                    raise TwoFactorRequired()

Ejemplo n.º 9

    def determine_access(self, request, organization):
        from sentry.api.base import logger
        from sentry.auth import access  # Django 1.9 setup issue
        from sentry.utils import auth

        if request.user and request.user.is_authenticated() and request.auth:
            request.access = access.from_request(
                request,
                organization,
                scopes=request.auth.get_scopes(),
            )

        elif request.auth:
            if request.auth.organization_id == organization.id:
                request.access = access.from_auth(request.auth)
            else:
                request.access = access.DEFAULT

        else:
            request.access = access.from_request(request, organization)

            if auth.is_user_signed_request(request):
                # if the user comes from a signed request
                # we let them pass if sso is enabled
                logger.info('access.signed-sso-passthrough',
                            extra={
                                'organization_id': organization.id,
                                'user_id': request.user.id,
                            })
            elif request.user.is_authenticated():
                # session auth needs to confirm various permissions
                if self.needs_sso(request, organization):

                    logger.info('access.must-sso',
                                extra={
                                    'organization_id': organization.id,
                                    'user_id': request.user.id,
                                })

                    raise SsoRequired(organization)

                if self.is_not_2fa_compliant(request.user, organization):
                    logger.info('access.not-2fa-compliant',
                                extra={
                                    'organization_id': organization.id,
                                    'user_id': request.user.id,
                                })
                    raise TwoFactorRequired()