def _map_policy(self, spolicy): policy = Policy() policy.owner = spolicy.owner for field in Policy.attributes: if field == 'owner': continue setattr(policy, field, self._map_policy_rule(getattr(spolicy, field))) return policy
def test_user_perms(): policy = Policy() assert policy.user_perms(chris_info) == ['read','write','create','delete'] policy = Policy(read=['R:ADMIN'], write=['R:ADMIN'], create=['jeremy'], delete=['jeremy']) assert policy.user_perms(chris_info) == ['read','write'] assert policy.user_perms(jeremy_info) == ['create', 'delete']
def test_policy_post_set(): policy = Policy(read=['chris','jeremy'],write=['NONE'],manage=['chris']) assert policy.read == ['chris','jeremy'] policy.read = ['one','tall'] assert 'chris' not in policy.read assert 'jeremy' not in policy.read assert 'tall' in policy.read
def test_policy_post_set(): policy = Policy(read=['chris', 'jeremy'], write=['NONE'], manage=['chris']) assert policy.read == ['chris', 'jeremy'] policy.read = ['one', 'tall'] assert 'chris' not in policy.read assert 'jeremy' not in policy.read assert 'tall' in policy.read
def _make_policy(member): """ Make a new private policy with the named member. """ policy = Policy() policy.owner = member for constraint in ('read', 'write', 'create', 'delete', 'manage'): setattr(policy, constraint, [member]) policy.accept = ['NONE'] return policy
def _read_policy(self, bag_path): """ Read and return a bag's policy file, return the Policy object. """ policy_filename = os.path.join(bag_path, 'policy') policy = read_utf8_file(policy_filename) policy_data = simplejson.loads(policy) policy = Policy() for key, value in policy_data.items(): policy.__setattr__(key, value) return policy
def _load_policy(self, spolicy): policy = Policy() for pol in spolicy: principal_name = pol.principal_name if pol.principal_type == 'R': principal_name = 'R:%s' % principal_name if pol.constraint == 'owner': policy.owner = principal_name else: principals = getattr(policy, pol.constraint, []) principals.append(principal_name) setattr(policy, pol.constraint, principals) return policy
def _load_policy(self, spolicy): policy = Policy() if spolicy is not None: for pol in spolicy: principal_name = pol.principal_name if pol.principal_type == 'R': principal_name = 'R:%s' % pol.principal_name if pol.type == 'owner': policy.owner = principal_name else: principals = getattr(policy, pol.type, []) principals.append(principal_name) setattr(policy, pol.type, principals) return policy
def get(self, thing): """ Get a thing: recipe, bag, tiddler or user. """ lower_class = superclass_name(thing) if lower_class == 'tiddler': retriever = get_bag_retriever(self.environ, thing.bag) if retriever: try: thing = retriever[1](thing) except SpecialBagError as exc: raise NoTiddlerError( 'unable to get special tiddler: %s:%s:%s' % (thing.bag, thing.title, exc)) thing.store = self self._do_hook('get', thing) return thing elif lower_class == 'bag': if get_bag_retriever(self.environ, thing.name): policy = Policy(read=[], write=['NONE'], create=['NONE'], delete=['NONE'], manage=['NONE'], accept=['NONE']) thing.policy = policy thing.store = self self._do_hook('get', thing) return thing func = self._figure_function('get', thing) thing = func(thing) thing.store = self self._do_hook('get', thing) return thing
def _get_policy(self, key): pid = self.redis.uget(key) policy = Policy() if not pid: return policy for constraint in Policy.attributes: if constraint == 'owner': policy.owner = self.redis.uget('pid:%s:owner' % pid) if policy.owner == '': policy.owner = None else: key = 'pid:%s:%s' % (pid, constraint) values = self.redis.smembers(key) setattr(policy, constraint, [value.decode( self.redis.encoding) for value in values]) return policy
def test_bag_policy(): bag = Bag('policy_tester') bag.policy = Policy(read=['chris', 'jeremy']) assert bag.policy.allows(chris_info, 'read') py.test.raises(UserRequiredError, 'bag.policy.allows(guest_info, "read")')
class Serialization(SerializationInterface): """ Turn various entities to and from JSON. """ def list_recipes(self, recipes): """ Create a JSON list of recipe names from the provided recipes. """ return simplejson.dumps([recipe.name for recipe in recipes]) def list_bags(self, bags): """ Create a JSON list of bag names from the provided bags. """ return simplejson.dumps([bag.name for bag in bags]) def list_tiddlers(self, tiddlers): """ List the tiddlers as JSON. The format is a list of dicts in the form described by self._tiddler_dict. """ fat = self.environ.get('tiddlyweb.query', {}).get('fat', [False])[0] render = self.environ.get('tiddlyweb.query', {}).get('render', [False])[0] return simplejson.dumps([self._tiddler_dict(tiddler, fat, render) for tiddler in tiddlers]) def recipe_as(self, recipe): """ A recipe as a JSON dictionary. """ policy_dict = dict([(key, getattr(recipe.policy, key)) for key in Policy.attributes]) return simplejson.dumps(dict(desc=recipe.desc, policy=policy_dict, recipe=recipe.get_recipe())) def as_recipe(self, recipe, input_string): """ Turn a JSON dictionary into a Recipe if it is in the proper form. Include the policy. """ try: info = simplejson.loads(input_string) except simplejson.JSONDecodeError, exc: raise RecipeFormatError( 'unable to make json into recipe: %s, %s' % (recipe.name, exc)) recipe.set_recipe(info.get('recipe', [])) recipe.desc = info.get('desc', u'') if info.get('policy', {}): recipe.policy = Policy() for key, value in info['policy'].items(): recipe.policy.__setattr__(key, value) return recipe
def test_policy_init_set(): policy = Policy(read=['chris', 'jeremy'], write=['NONE'], manage=['chris']) assert policy.read == ['chris', 'jeremy'] assert policy.write == ['NONE'] assert policy.create == [] assert policy.delete == [] assert policy.manage == ['chris']
def private_policy(username): return Policy(owner=username, read=[username], write=[username], create=[username], delete=[username], manage=[username], accept=['NONE'])
def test_policy_create(): policy = Policy() assert type(policy) == Policy assert policy.read == [] assert policy.write == [] assert policy.create == [] assert policy.delete == [] assert policy.manage == []
def remove_from_policy(user_to_remove, policy): """ remove the user from the policy. Manage should already have been checked ignore the owner section, so that if the owner is removed they can add themselves back in. NB - that will require extra code somewhere """ new_policy = Policy() for attr, values in policy.__dict__.iteritems(): if attr != 'owner' and user_to_remove.usersign in getattr(policy, attr): setattr(new_policy, attr, getattr(policy, attr)) getattr(new_policy, attr).remove(user_to_remove.usersign) else: setattr(new_policy, attr, getattr(policy, attr)) new_policy.owner = policy.owner return new_policy
def test_reuse_policy_object(): """ Explicitly test a bug fix in policy handling wherein the owner field could get transformed into (and stay) a list thus ruining second use. Not that second use is encourage, but it could happen. """ policy = Policy() policy.owner = u"campy" bag = Bag("policytest1") bag.policy = policy store.put(bag) bag = Bag("policytest2") bag.policy = policy store.put(bag) bag1 = store.get(Bag("policytest1")) bag2 = store.get(Bag("policytest2")) assert bag1.policy.owner == "campy" assert bag2.policy.owner == "campy" assert bag1.policy.owner == bag2.policy.owner
def test_reuse_policy_object(): """ Explicitly test a bug fix in policy handling wherein the owner field could get transformed into (and stay) a list thus ruining second use. Not that second use is encourage, but it could happen. """ policy = Policy() policy.owner = u'campy' bag = Bag('policytest1') bag.policy = policy STORE.put(bag) bag = Bag('policytest2') bag.policy = policy STORE.put(bag) bag1 = STORE.get(Bag('policytest1')) bag2 = STORE.get(Bag('policytest2')) assert bag1.policy.owner == 'campy' assert bag2.policy.owner == 'campy' assert bag1.policy.owner == bag2.policy.owner
def test_user_perms(): policy = Policy() assert policy.user_perms(chris_info) == ['read', 'write', 'create', 'delete'] policy = Policy(read=['R:ADMIN'], write=['R:ADMIN'], create=['jeremy'], delete=['jeremy']) assert policy.user_perms(chris_info) == ['read', 'write'] assert policy.user_perms(jeremy_info) == ['create', 'delete']
def test_policy_equal(): policy1 = Policy() policy2 = Policy() policy1.owner = 'frank' policy1.read = ['cow', 'moo'] policy2.owner = 'frank' policy2.read = ['cow', 'moo'] assert policy1 == policy2 policy2.read = ['cow', 'noo'] assert policy1 != policy2 policy2.read = ['cow', 'moo'] policy2.owner = 'sam' assert policy1 != policy2
def bag_get(self, bag): gdbag = GDBag.get_by_key_name(self._bag_key(bag.name)) if not gdbag: raise NoBagError bag.desc = gdbag.desc policy = Policy(owner=gdbag.owner, read=gdbag.read, write=gdbag.write, create=gdbag.create, delete=gdbag.delete_, manage=gdbag.manage, accept=gdbag.accept) bag.policy = policy return bag
def _handle_headers(recipe, header): """ Parse recipe headers from text. """ headers = header.split('\n') for field, value in [x.split(': ', 1) for x in headers]: if field == 'policy': recipe.policy = Policy() info = simplejson.loads(value) for key, value in info.items(): recipe.policy.__setattr__(key, value) else: setattr(recipe, field, value)
def recipe_get(self, recipe): gdrecipe = GDRecipe.get_by_key_name(self._recipe_key(recipe.name)) if not gdrecipe: raise NoRecipeError recipe_list = [] for line in gdrecipe.recipe: bag, filter = line.split('?') recipe_list.append([bag, filter]) recipe.set_recipe(recipe_list) recipe.desc = gdrecipe.desc policy = Policy(owner=gdrecipe.owner, read=gdrecipe.read, write=gdrecipe.write, create=gdrecipe.create, delete=gdrecipe.delete_, manage=gdrecipe.manage, accept=gdrecipe.accept) recipe.policy = policy return recipe
def test_policy_allows(): policy = Policy(read=['chris', 'jeremy'], write=['NONE'], delete=['R:ADMIN'], manage=['chris']) assert policy.allows(chris_info, 'read') assert policy.allows(chris_info, 'delete') assert policy.allows(jeremy_info, 'read') py.test.raises(ForbiddenError, 'policy.allows(jeremy_info, "write")') assert policy.allows(chris_info, 'manage') py.test.raises(ForbiddenError, 'policy.allows(jeremy_info, "manage")') assert policy.allows(chris_info, 'create') py.test.raises(ForbiddenError, 'policy.allows(none_info, "write")') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "read")') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "write")') assert policy.allows(barnabas_info, 'create') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "manage")')
def test_policy_allows(): policy = Policy(read=['chris','jeremy'],write=['NONE'],delete=['R:ADMIN'],manage=['chris']) assert policy.allows(chris_info, 'read') assert policy.allows(chris_info, 'delete') assert policy.allows(jeremy_info, 'read') py.test.raises(ForbiddenError, 'policy.allows(jeremy_info, "write")') assert policy.allows(chris_info, 'manage') py.test.raises(ForbiddenError, 'policy.allows(jeremy_info, "manage")') assert policy.allows(chris_info, 'create') py.test.raises(ForbiddenError, 'policy.allows(none_info, "write")') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "read")') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "write")') assert policy.allows(barnabas_info, 'create') py.test.raises(ForbiddenError, 'policy.allows(barnabas_info, "manage")')
def as_recipe(self, recipe, input_string): """ Turn a ``JSON`` dictionary into a :py:class:`recipe <tiddlyweb.model.recipe.Recipe>` if it is in the proper form. Include the :py:class:`policy <tiddlyweb.model.policy.Policy>`. """ try: info = simplejson.loads(input_string) except simplejson.JSONDecodeError as exc: raise RecipeFormatError('unable to make json into recipe: %s, %s' % (recipe.name, exc)) recipe.set_recipe(info.get('recipe', [])) recipe.desc = info.get('desc', u'') if info.get('policy', {}): recipe.policy = Policy() for key, value in info['policy'].items(): recipe.policy.__setattr__(key, value) return recipe
def as_bag(self, bag, input_string): """ Turn a ``JSON`` dictionary into a :py:class:`bag <tiddlyweb.model.bag.Bag>` if it is in the proper form. Include the :py:class:`policy <tiddlyweb.model.policy.Policy>`. """ try: info = simplejson.loads(input_string) except simplejson.JSONDecodeError as exc: raise BagFormatError('unable to make json into bag: %s, %s' % (bag.name, exc)) if info.get('policy', {}): bag.policy = Policy() for key, value in info['policy'].items(): bag.policy.__setattr__(key, value) bag.desc = info.get('desc', u'') return bag
def _check_bag(name, environ, user): """ Get the user's bag. Create if required. """ store = environ['tiddlyweb.store'] name = '%s-%s' % (user, name) name = name.replace('.', '_') try: bag = Bag(name) bag = store.get(bag) except NoBagError: uni_user = unicode(user) policy = Policy(owner=uni_user, manage=[uni_user], read=[uni_user], write=[uni_user], delete=[uni_user], create=[uni_user]) bag.policy = policy bag.desc = 'Twotes for %s' % uni_user; store.put(bag) return bag
for key in Policy.attributes]) info = dict(policy=policy_dict, desc=bag.desc) return simplejson.dumps(info) def as_bag(self, bag, input_string): """ Turn a JSON string into a bag. """ try: info = simplejson.loads(input_string) except simplejson.JSONDecodeError, exc: raise BagFormatError('unable to make json into bag: %s, %s' % (bag.name, exc)) if info.get('policy', {}): bag.policy = Policy() for key, value in info['policy'].items(): bag.policy.__setattr__(key, value) bag.desc = info.get('desc', u'') return bag def tiddler_as(self, tiddler): """ Create a JSON dictionary representing a tiddler, as described by _tiddler_dict plus the text of the tiddler. """ tiddler_dict = self._tiddler_dict(tiddler, fat=True) return simplejson.dumps(tiddler_dict) def as_tiddler(self, tiddler, input_string):
def test_policy_any(): policy = Policy(read=['ANY'], write=['ANY']) assert policy.allows(randomer_info, 'read') assert policy.allows(boom_info, 'write') py.test.raises(UserRequiredError, 'policy.allows(guest_info, "read")')
def test_malformed_policy(): policy = Policy() policy.read = None # set the policy to a bad form assert policy.allows(guest_info, 'read')
def _policy_dict_to_policy(policy_dict): policy = Policy() for constraint in policy_dict: setattr(policy, constraint, policy_dict[constraint]) return policy
def __init__(self, name, desc=u''): self._recipe = [] self.name = unicode(name) self.desc = unicode(desc) self.store = None self.policy = Policy()
def __init__(self, name, desc=u''): list.__init__(self) self.name = unicode(name) self.desc = unicode(desc) self.store = None self.policy = Policy()
def __init__(self, name, desc=u''): self.name = name self.desc = desc self.policy = Policy() # set to default policy self.store = None
def __init__(self, name, desc=u''): self._recipe = [] self.name = name self.desc = desc self.store = None self.policy = Policy()
retriever = get_bag_retriever(self.environ, thing.bag) if retriever: try: thing = retriever[1](thing) except SpecialBagError, exc: raise NoTiddlerError( 'unable to get remote tiddler: %s:%s:%s' % (thing.bag, thing.title, exc)) thing.store = self self._do_hook('get', thing) return thing elif lower_class == 'bag': if get_bag_retriever(self.environ, thing.name): policy = Policy(read=[], write=['NONE'], create=['NONE'], delete=['NONE'], manage=['NONE'], accept=['NONE']) thing.policy = policy thing.store = self self._do_hook('get', thing) return thing func = self._figure_function('get', thing) thing = func(thing) thing.store = self self._do_hook('get', thing) return thing def put(self, thing): """ Put a thing, recipe, bag or tiddler.
def _policy(self): policy = Policy() for key, value in DEFAULT_POLICY.items(): setattr(policy, key, value) return policy
def test_policy_any(): policy = Policy(read=['ANY'],write=['ANY']) assert policy.allows(randomer_info, 'read') assert policy.allows(boom_info, 'write') py.test.raises(UserRequiredError, 'policy.allows(guest_info, "read")')
def __init__(self, name, desc=u''): self.name = unicode(name) self.desc = unicode(desc) self.policy = Policy() # set to default policy self.store = None