def permits(self, context, principals, permission):
if not permission or permission == NO_PERMISSION_REQUIRED:
return True
if permission == NOT_ALLOWED:
return ACLDenied('<NOT ALLOWED permission>', None, permission,
principals, context)
if SUPERUSER_URI in principals or \
auth_service.get_effective_userid() == SUPERUSER_URI:
return ACLAllowed('Superuser', None, permission, principals,
context)
return super(PtahAuthorizationPolicy,
self).permits(context, principals, permission)
def permits(self, context, principals, permission):
if not permission or permission == NO_PERMISSION_REQUIRED:
return True
if permission == NOT_ALLOWED:
return ACLDenied(
'<NOT ALLOWED permission>',
None, permission, principals, context)
if SUPERUSER_URI in principals or \
auth_service.get_effective_userid() == SUPERUSER_URI:
return ACLAllowed(
'Superuser', None, permission, principals, context)
return super(PtahAuthorizationPolicy, self).permits(
context, principals, permission)
def check_permission(permission, context, request=None, throw=False):
""" Check `permission` withing `context`.
:param permission: Permission
:type permission: (Permission or sting)
:param context: Context object
:param throw: Throw HTTPForbidden exception.
"""
if not permission or permission == NO_PERMISSION_REQUIRED:
return True
if permission == NOT_ALLOWED:
if throw:
raise HTTPForbidden()
return False
userid = auth_service.get_effective_userid()
if userid == SUPERUSER_URI:
return True
AUTHZ = get_current_registry().getUtility(IAuthorizationPolicy)
principals = [Everyone.id]
if userid is not None:
principals.extend((Authenticated.id, userid))
roles = get_local_roles(userid, context=context)
if roles:
principals.extend(roles)
res = AUTHZ.permits(context, principals, permission)
if isinstance(res, ACLDenied):
if throw:
raise HTTPForbidden(res)
return False
return True
def check_permission(permission, context, request=None, throw=False):
""" Check `permission` withing `context`.
:param permission: Permission
:type permission: (Permission or sting)
:param context: Context object
:param throw: Throw HTTPForbidden exception.
"""
if not permission or permission == NO_PERMISSION_REQUIRED:
return True
if permission == NOT_ALLOWED:
if throw:
raise HTTPForbidden()
return False
userid = auth_service.get_effective_userid()
if userid == SUPERUSER_URI:
return True
AUTHZ = get_current_registry().getUtility(IAuthorizationPolicy)
principals = [Everyone.id]
if userid is not None:
principals.extend((Authenticated.id, userid))
roles = get_local_roles(userid, context=context)
if roles:
principals.extend(roles)
res = AUTHZ.permits(context, principals, permission)
if isinstance(res, ACLDenied):
if throw:
raise HTTPForbidden(res)
return False
return True
