def __init__(self, permissions=None, store=None, emitter=None):
self.secret_attributes = ['password']
self.permissions = permissions or Permissions(
path='fixtures/permissions.yaml')
self.store = store or Users()
self.emitter = emitter
self.replay_stamp = None
self.page_size = 10
self.record_maximum_size = 100000
self.routes = []
self._add_url_rule('/login', 'login', self.login, methods=['POST'])
self._add_url_rule('/signin', 'signin', self.signin, methods=['POST'])
self._add_url_rule('/check',
'check',
self.check_bearer,
methods=['GET', 'POST'])
self._add_url_rule('/renew',
'renew',
self.renew_bearer,
methods=['GET', 'POST'])
self._add_url_rule('/users', 'index', self.index)
self._add_url_rule('/users/page/<token>', 'page', self.page)
self._add_url_rule('/register', 'post', self.post, methods=['POST'])
self._add_url_rule('/users/<id>', 'get', self.get)
self._add_url_rule('/users/<id>', 'put', self.put, methods=['PUT'])
self._add_url_rule('/users/<id>',
'delete',
self.delete,
methods=['DELETE'])
def get_permissions(cls, reference):
perm = Permissions(0)
perm.set_mode('u', 'r', True)
perm.set_mode('u', 'w', True)
perm.set_mode('g', 'r', True)
perm.set_mode('o', 'r', True)
return perm
def get_permissions(cls, reference):
path = unicode(reference.path)
try:
mode = stat(path)[0]
except UnicodeEncodeError:
mode = stat(path.encode('utf-8'))[0]
return Permissions(mode)
def __init__(self,
permissions=None,
users=None,
channels=None,
state_file=None):
self.permissions = permissions or Permissions(
path='fixtures/permissions.yaml')
self.users = users
self.channels = channels
self.state_file = state_file or 'fixtures/state.yaml'
if state_file:
try:
with open(state_file, 'r') as stream:
logger.info(f"loading '{state_file}'...")
self.import_content(stream)
except FileNotFoundError:
logger.warning(f"can not load '{state_file}'")
self.routes = []
self._add_url_rule('/ping', 'ping', self.ping, methods=['GET', 'POST'])
self._add_url_rule('/snapshot',
'snapshot',
self.snapshot,
methods=['GET', 'POST'])
self._add_url_rule('/restore',
'restore',
self.restore,
methods=['POST'])
def test_load_file():
store = Permissions()
store.load(open('fixtures/permissions.yaml', 'r'))
assert store.authorize('access-content', 'x', 'universe') is False
assert store.authorize('access-content', 'x', 'community') is False
assert store.authorize('access-content', 'x', 'board') is False
assert store.authorize('access-content', 'leader', 'universe') is True
assert store.authorize('access-content', 'leader', 'community') is True
assert store.authorize('access-content', 'leader', 'board') is True
assert store.authorize('manage-content', 'member', 'universe') is False
assert store.authorize('manage-content', 'member', 'community') is False
assert store.authorize('manage-content', 'member', 'board') is False
assert store.authorize('manage-content', 'leader', 'universe') is True
assert store.authorize('manage-content', 'leader', 'community') is True
assert store.authorize('manage-content', 'leader', 'board') is True
assert store.authorize('manage-identities', 'leader', 'member') is False
assert store.authorize('manage-identities', 'leader', 'leader') is False
assert store.authorize('manage-identities', 'leader', 'support') is False
assert store.authorize('manage-identities', 'leader', 'robot') is False
assert store.authorize('manage-identities', 'support', 'member') is True
assert store.authorize('manage-identities', 'support', 'leader') is True
assert store.authorize('manage-identities', 'support', 'support') is False
assert store.authorize('manage-identities', 'support', 'robot') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-registered') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-leader') is True
assert store.authorize('manage-identities', 'leader',
'update-any-to-support') is False
assert store.authorize('manage-identities', 'leader',
'update-any- to-robot') is False
def test_grant_all():
scopes = ['alpha', 'beta', 'gamma']
items = [
dict(topic='with_list', personas=['a', 'b', 'c']),
dict(topic='with_item', persona='a'),
]
permissions = Permissions(authorized_scopes=scopes)
for scope in scopes: # nothing is authorized
assert permissions.authorize(scope, 'a', 'with_list') is False
assert permissions.authorize(scope, 'b', 'with_list') is False
assert permissions.authorize(scope, 'c', 'with_list') is False
assert permissions.authorize(scope, 'x', 'with_list') is False
assert permissions.authorize(scope, 'a', 'with_item') is False
assert permissions.authorize(scope, 'x', 'with_item') is False
for scope in scopes: # set permissions
permissions.grant_all(scope, items)
for scope in scopes: # some actions are authorized
assert permissions.authorize(scope, 'a', 'with_list') is True
assert permissions.authorize(scope, 'b', 'with_list') is True
assert permissions.authorize(scope, 'c', 'with_list') is True
assert permissions.authorize(scope, 'x', 'with_list') is False
assert permissions.authorize(scope, 'a', 'with_item') is True
assert permissions.authorize(scope, 'x', 'with_item') is False
with py_raises(ValueError) as error:
permissions.grant_all(scope='*alien*', items=items)
def _internal_init(self):
"""Internal: Initialize all class members to their default value"""
if not os.path.exists(self.profile):
os.makedirs(self.profile)
# Preferences files written to
self.written_prefs = set()
# Our magic markers
nonce = '%s %s' % (str(time.time()), uuid.uuid4())
self.delimeters = ('#MozRunner Prefs Start %s' % nonce,
'#MozRunner Prefs End %s' % nonce)
# If sub-classes want to set default preferences
if hasattr(self.__class__, 'preferences'):
self.set_preferences(self.__class__.preferences)
# Set additional preferences
self.set_preferences(self._preferences)
self.permissions = Permissions(self.profile, self._locations)
prefs_js, user_js = self.permissions.network_prefs(self._proxy)
self.set_preferences(prefs_js, 'prefs.js')
self.set_preferences(user_js)
# handle add-on installation
self.addon_manager = AddonManager(self.profile, restore=self.restore)
self.addon_manager.install_addons(self._addons, self._addon_manifests)
# handle webapps
self.webapps = WebappCollection(profile=self.profile, apps=self._apps)
self.webapps.update_manifests()
def __init__(
self,
profile=None, # Path to the profile
addons=None, # String of one or list of addons to install
addon_manifests=None, # Manifest for addons, see http://ahal.ca/blog/2011/bulk-installing-fx-addons/
preferences=None, # Dictionary or class of preferences
locations=None, # locations to proxy
proxy=None, # setup a proxy - dict of server-loc,server-port,ssl-port
restore=True # If true remove all installed addons preferences when cleaning up
):
# if true, remove installed addons/prefs afterwards
self.restore = restore
# prefs files written to
self.written_prefs = set()
# our magic markers
nonce = '%s %s' % (str(time.time()), uuid.uuid4())
self.delimeters = ('#MozRunner Prefs Start %s' % nonce,
'#MozRunner Prefs End %s' % nonce)
# Handle profile creation
self.create_new = not profile
if profile:
# Ensure we have a full path to the profile
self.profile = os.path.abspath(os.path.expanduser(profile))
if not os.path.exists(self.profile):
os.makedirs(self.profile)
else:
self.profile = self.create_new_profile()
# set preferences
if hasattr(self.__class__, 'preferences'):
# class preferences
self.set_preferences(self.__class__.preferences)
self._preferences = preferences
if preferences:
# supplied preferences
if isinstance(preferences, dict):
# unordered
preferences = preferences.items()
# sanity check
assert not [i for i in preferences if len(i) != 2]
else:
preferences = []
self.set_preferences(preferences)
# set permissions
self._locations = locations # store this for reconstruction
self._proxy = proxy
self.permissions = Permissions(self.profile, locations)
prefs_js, user_js = self.permissions.network_prefs(proxy)
self.set_preferences(prefs_js, 'prefs.js')
self.set_preferences(user_js)
# handle addon installation
self.addon_manager = AddonManager(self.profile)
self.addon_manager.install_addons(addons, addon_manifests)
def test_authorized_scopes():
permissions = Permissions()
for scope in permissions.authorized_scopes:
permissions.grant(scope, 'persona', 'topic')
assert permissions.authorize(scope, 'persona', 'topic') is True
assert permissions.authorize('*unknown*', 'persona', 'topic') is False
assert permissions.authorize(scope, '*unknown*', 'topic') is False
assert permissions.authorize(scope, 'persona', '*unknown*') is False
def on_server_sync(self, msg):
self.max_bandwidth = msg.max_bandwidth
self.welcome_text = msg.welcome_text
if msg.permissions:
if not self.permissions:
self.permissions = Permissions(msg.permissions)
else:
self.permissions.update(msg.permissions)
self.bot.connected()
def test_grant_and_authorize():
permissions = Permissions(authorized_scopes=['scope'])
assert permissions.count() == 0
assert permissions.authorize(
scope='scope', persona='persona', topic='topic') is False
permissions.grant(scope='scope', persona='persona', topic='topic')
assert permissions.count() == 1
assert permissions.authorize(
scope='scope', persona='persona', topic='topic') is True
assert permissions.authorize(
scope='*unknown*', persona='persona', topic='topic') is False
assert permissions.authorize(
scope='scope', persona='*unknown*', topic='topic') is False
assert permissions.authorize(
scope='scope', persona='persona', topic='*unknown*') is False
def _internal_init(self):
"""Internal: Initialize all class members to their default value"""
if not os.path.exists(self.profile):
os.makedirs(self.profile)
# Preferences files written to
self.written_prefs = set()
# Our magic markers
nonce = '%s %s' % (str(time.time()), uuid.uuid4())
self.delimeters = ('#MozRunner Prefs Start %s' % nonce,
'#MozRunner Prefs End %s' % nonce)
# If sub-classes want to set default preferences
if hasattr(self.__class__, 'preferences'):
self.set_preferences(self.__class__.preferences)
# Set additional preferences
self.set_preferences(self._preferences)
self.permissions = Permissions(self.profile, self._locations)
prefs_js, user_js = self.permissions.network_prefs(self._proxy)
if self._whitelistpaths:
# On macOS we don't want to support a generalized read whitelist,
# and the macOS sandbox policy language doesn't have support for
# lists, so we handle these specially.
if platform.system() == "Darwin":
assert len(self._whitelistpaths) <= 2
if len(self._whitelistpaths) == 2:
prefs_js.append(
("security.sandbox.content.mac.testing_read_path2",
self._whitelistpaths[1]))
prefs_js.append(
("security.sandbox.content.mac.testing_read_path1",
self._whitelistpaths[0]))
else:
prefs_js.append(
("security.sandbox.content.read_path_whitelist",
",".join(self._whitelistpaths)))
self.set_preferences(prefs_js, 'prefs.js')
self.set_preferences(user_js)
# handle add-on installation
self.addon_manager = AddonManager(self.profile, restore=self.restore)
self.addon_manager.install_addons(self._addons, self._addon_manifests)
def __init__(self, name='', permissions=None, store=None, emitter=None):
self.name = name or 'universe'
self.prefix = '' if name == 'universe' else name
self.permissions = permissions or Permissions(
path='fixtures/permissions.yaml')
self.store = store or Records()
self.emitter = emitter
self.replay_stamp = None
self.record_maximum_size = 1000000
self.page_size = 10
self.routes = []
self._add_url_rule('/', 'index', self.index)
self._add_url_rule('/page/<token>', 'page', self.page)
self._add_url_rule('/', 'post', self.post, methods=['POST'])
self._add_url_rule('/<id>', 'get', self.get)
self._add_url_rule('/<id>', 'put', self.put, methods=['PUT'])
self._add_url_rule('/<id>', 'delete', self.delete, methods=['DELETE'])
def __init__(self, config_file):
self.config_file = config_file
self.config = json.load(open(self.config_file))
self.me = self.config["me"]
self.net = self.config["network"]
self.module_manager = ModuleManager(self)
self.hook_manager = HookManager(self)
self.perms = Permissions(self)
self.connection = IRCConnection(self.net["address"], self.net["port"], self.net["ssl"], self.config["proxies"].get(self.net.get("proxy", "none"), None), self.net.get("flood_interval", 0.0))
self.running = True
self.state = {} # Dict used to hold stuff like last line received and last message etc...
self.db = Database("etc/buhirc.db")
self.db.connect()
logging.basicConfig(level=getattr(logging, self.config["misc"]["loglevel"]), format='[%(asctime)s] %(levelname)s: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
self.requests_session = requests.session()
if self.config["misc"].get("http_proxy", "none") != "none":
proxy = self.config["proxies"].get(self.config["misc"]["http_proxy"], "none")
if proxy != "none":
self.requests_session.proxies = {"http": proxy, "https": proxy}
self.flood_verbs = [x.lower() for x in self.net.get("flood_verbs", [])]
self.help = {}
def get_user_permissions(self, user_id: int) -> Permissions:
row = self._execute_get_query_for_1_row(
queries.GET_USER_PERMISSIONS, {'user_id': user_id},
f'User id: {user_id} is not present in the permissions table')
return Permissions(row["permissions"])
#!/usr/bin/env python
import os
from permissions import Permissions
# import requests # noqa We are just importing this to prove the dependency installed correctly
# Parse the permissions file
lobPermissions = Permissions()
lobPermissionData = lobPermissions.parseYML(
"/github/workspace/" + os.environ['permissions_file_path'])
# permissions = lobPermissions.parseYML('test.yml')
# Parse the permissions file
trimisPermission = Permissions()
trimisPermissionData = trimisPermission.parseYML(
"/github/workspace/" + os.environ['restrictions_file_path'])
print(f"::set-output name=lob::{lobPermissionData}")
print(f"::set-output name=trimis::{trimisPermissionData}")
# if __name__ == "__main__":
# main()
def test_init():
permissions = Permissions()
assert permissions.count() == 0
def __init__(self,
profile=None,
addons=None,
addon_manifests=None,
apps=None,
preferences=None,
locations=None,
proxy=None,
restore=True):
# if true, remove installed addons/prefs afterwards
self.restore = restore
# prefs files written to
self.written_prefs = set()
# our magic markers
nonce = '%s %s' % (str(time.time()), uuid.uuid4())
self.delimeters = ('#MozRunner Prefs Start %s' % nonce,
'#MozRunner Prefs End %s' % nonce)
# Handle profile creation
self.create_new = not profile
if profile:
# Ensure we have a full path to the profile
self.profile = os.path.abspath(os.path.expanduser(profile))
if not os.path.exists(self.profile):
os.makedirs(self.profile)
else:
self.profile = self.create_new_profile()
# set preferences
if hasattr(self.__class__, 'preferences'):
# class preferences
self.set_preferences(self.__class__.preferences)
self._preferences = preferences
if preferences:
# supplied preferences
if isinstance(preferences, dict):
# unordered
preferences = preferences.items()
# sanity check
assert not [i for i in preferences if len(i) != 2]
else:
preferences = []
self.set_preferences(preferences)
# set permissions
self._locations = locations # store this for reconstruction
self._proxy = proxy
self.permissions = Permissions(self.profile, locations)
prefs_js, user_js = self.permissions.network_prefs(proxy)
self.set_preferences(prefs_js, 'prefs.js')
self.set_preferences(user_js)
# handle addon installation
self.addon_manager = AddonManager(self.profile, restore=self.restore)
self.addon_manager.install_addons(addons, addon_manifests)
# handle webapps
self.webapps = WebappCollection(profile=self.profile, apps=apps)
self.webapps.update_manifests()
def get_role_permissions(self, role_name: str) -> Permissions:
row = self._execute_get_query_for_1_row(queries.GET_ROLE_PERMISSIONS,
{'role_name': role_name})
return Permissions(row['role_permissions'])
from api_identities import Identities
from api_maintenance import Maintenance
from permissions import Permissions
from customization import c11n
from commands import Commands
logging.basicConfig(format='%(levelname)s %(message)s', level=logging.DEBUG)
logger = logging.getLogger(__name__)
app = Flask(__name__)
cors = CORS(app)
# WIP: Dockerfile optimised https://blog.realkinetic.com/building-minimal-docker-containers-for-python-applications-37d0272c52f3
# WIP: deploy on AWS with zappa
permissions = Permissions(path='fixtures/permissions.yaml')
identities = Identities(permissions=permissions)
identities.register_routes(app)
channels = {
k: Channel(name=k, permissions=permissions)
for k in ['universe', 'community', 'board', 'item']
}
for _, channel in channels.items():
channel.register_routes(app, wrapper=identities.inject_identity)
maintenance = Maintenance(permissions=permissions,
users=identities.store,
channels=channels,
state_file=c11n.state_file)
