Example #1
0
class BasePolicyPermissionTest(TestCase):
    def setUp(self):
        self.policy = DaybedAuthorizationPolicy()
        self.context = mock.MagicMock()
        self.context.db.get_model_permissions.return_value = {}

    def permits(self, *args):
        return self.policy.permits(self.context, *args)
Example #2
0
class BasePolicyPermissionTest(TestCase):

    def setUp(self):
        self.policy = DaybedAuthorizationPolicy()
        self.context = mock.MagicMock()
        self.context.db.get_model_permissions.return_value = {}

    def permits(self, *args):
        return self.policy.permits(self.context, *args)
Example #3
0
 def test_pyramid_constants_are_resolved(self):
     policy = DaybedAuthorizationPolicy(model_creators=['Authenticated'])
     self.assertEqual(policy.model_creators, set([Authenticated]))
Example #4
0
 def setUp(self):
     self.policy = DaybedAuthorizationPolicy()
     self.context = mock.MagicMock()
     self.context.db.get_model_permissions.return_value = {}
Example #5
0
def main(global_config, **settings):
    Service.cors_origins = ('*', )

    settings = settings_expandvars(settings)
    config = Configurator(settings=settings, root_factory=RootFactory)
    config.include("cornice")

    # Redirect to the current version of the API if the prefix isn't used.
    config.add_route(name='redirect_to_version',
                     pattern='/{path:(?!%s).*}' % API_VERSION)
    config.add_view(view=redirect_to_version, route_name='redirect_to_version')

    config.route_prefix = '/%s' % API_VERSION

    # Permission management

    policies = [
        BasicAuthAuthenticationPolicy(check_credentials),
        HawkAuthenticationPolicy(decode_hawk_id=get_credentials),
    ]
    authn_policy = MultiAuthenticationPolicy(policies)

    # Unauthorized view
    config.add_forbidden_view(forbidden_view)

    # Global permissions
    model_creators = settings.get("daybed.can_create_model", "Everyone")
    token_creators = settings.get("daybed.can_create_token", "Everyone")
    token_managers = settings.get("daybed.can_manage_token", None)

    authz_policy = DaybedAuthorizationPolicy(
        model_creators=build_list(model_creators),
        token_creators=build_list(token_creators),
        token_managers=build_list(token_managers),
    )
    config.set_authentication_policy(authn_policy)
    config.set_authorization_policy(authz_policy)

    # We need to scan AFTER setting the authn / authz policies
    config.scan("daybed.views")

    # Attach the token to the request, coming from Pyramid as userid
    def get_credentials_id(request):
        try:
            credentials_id, _ = get_credentials(request,
                                                request.authenticated_userid)
            return credentials_id
        except ValueError:
            return None

    config.add_request_method(get_credentials_id, 'credentials_id', reify=True)

    # Events

    # Helper for notifying events
    def notify(request, event, *args):
        klass = config.maybe_dotted('daybed.events.' + event)
        event = klass(*(args + (request, )))
        request.registry.notify(event)

    config.add_request_method(notify, 'notify')

    # Backend

    config.registry.tokenHmacKey = settings['daybed.tokenHmacKey']

    # backend initialisation
    backend_class = config.maybe_dotted(settings['daybed.backend'])
    config.registry.backend = backend_class.load_from_config(config)

    # Indexing

    # Connect client to hosts in conf
    index_hosts = build_list(
        settings.get('elasticsearch.hosts', "localhost:9200"))
    indices_prefix = settings.get('elasticsearch.indices_prefix', 'daybed_')
    config.registry.index = index = indexer.ElasticSearchIndexer(
        index_hosts, indices_prefix)

    # Suscribe index methods to API events
    config.add_subscriber(index.on_model_created, events.ModelCreated)
    config.add_subscriber(index.on_model_updated, events.ModelUpdated)
    config.add_subscriber(index.on_model_deleted, events.ModelDeleted)
    config.add_subscriber(index.on_record_created, events.RecordCreated)
    config.add_subscriber(index.on_record_updated, events.RecordUpdated)
    config.add_subscriber(index.on_record_deleted, events.RecordDeleted)

    # Renderers

    # Force default accept header to JSON
    def add_default_accept(event):
        json_mime = 'application/json'
        accept = event.request.headers.get('Accept', json_mime)
        if json_mime in accept:
            accept = json_mime
        event.request.headers["Accept"] = accept

    config.add_subscriber(add_default_accept, NewRequest)

    # JSONP
    config.add_renderer('jsonp', JSONP(param_name='callback'))

    # Geographic data renderer
    config.add_renderer('geojson', GeoJSON())

    # Requests attachments

    def attach_objects_to_request(event):
        event.request.db = config.registry.backend
        event.request.index = config.registry.index
        http_scheme = event.request.registry.settings.get('daybed.http_scheme')
        if http_scheme:
            event.request.scheme = http_scheme

    config.add_subscriber(attach_objects_to_request, NewRequest)

    # Plugins

    try:
        config.include("daybed_browserid")
    except ImportError:
        pass

    return config.make_wsgi_app()
Example #6
0
 def setUp(self):
     self.policy = DaybedAuthorizationPolicy()
     self.context = mock.MagicMock()
     self.context.db.get_model_permissions.return_value = {}