Ejemplo n.º 1
0
    def prepare(self):
        self.user = jwt.decode(self.get_cookie('cookie'), 'TestKey', option={'require_exp': True})['sub']
        self.namespace = yield from client.Namespace.get_by_name(self.path_kwargs['namespace'])
        self.collection = yield from self.namespace.get_collection(self.path_kwargs['collection'])
        self.permissions = Permissions.get_permissions(self.user, self.namespace, self.collection)

        method = self.request.method.lower()

        if method == 'get':
            if not self.permissions & Permissions.READ_WRITE:
                raise tornado.web.HTTPError(status_code=403)
        else:
            if not self.permissions & Permissions.from_method(method):
                raise tornado.web.HTTPError(status_code=403)
Ejemplo n.º 2
0
    def prepare(self):
        try:
            decoded = jwt.decode(self.get_cookie('cookie'), 'TestKey', option={'require_exp': True})
            self.user = decoded['sub']
        except jwt.ExpiredSignatureError:
            self.user = None
        self.namespace = yield from client.Namespace.get_by_name(self.path_kwargs['namespace'])
        self.collection = yield from self.namespace.get_collection(self.path_kwargs['collection'])
        self.document = yield from self.collection.read(self.path_kwargs['record_id'])

        self.permissions = Permissions.get_permissions(self.user, self.namespace, self.collection, self.document)

        if not self.permissions & Permissions.from_method(self.request.method):
            raise tornado.web.HTTPError(status_code=403)
Ejemplo n.º 3
0
    def prepare(self):
        try:
            decoded = jwt.decode(self.get_cookie('cookie'), 'TestKey', option={'require_exp': True})
            self.user = decoded['sub']
        except jwt.ExpiredSignatureError:
            self.user = None
        self.namespace = yield from client.Namespace.get_by_name(self.path_kwargs['namespace'])
        self.collection = yield from self.namespace.get_collection(self.path_kwargs['collection'])

        if not Permissions.get_permissions(self.user, self.namespace, self.collection) & Permissions.ADMIN:
            raise tornado.web.HTTPError(status_code=403)