def check_permission(self,
action,
username=None,
resource=None,
perm=None):
"""Return True if permission to perform action for the given resource
is allowed."""
if username is None:
username = '******'
if resource:
if resource.realm is None:
resource = None
elif resource.neighborhood is not None:
try:
compmgr = manager_for_neighborhood(self.env,
resource.neighborhood)
except ResourceNotFound:
# FIXME: raise ?
return False
else:
return PermissionSystem(compmgr).check_permission(
action, username, resource, perm)
for policy in self.policies:
decision = policy.check_permission(action, username, resource,
perm)
if decision is not None:
if decision is False:
self.log.debug("%s denies %s performing %s on %r",
policy.__class__.__name__, username, action,
resource)
return decision
self.log.debug("No policy allowed %s performing %s on %r", username,
action, resource)
return False
def check_permission(self, action, username=None, resource=None, perm=None):
"""Return True if permission to perform action for the given resource
is allowed."""
if username is None:
username = '******'
if resource:
if resource.realm is None:
resource = None
elif resource.neighborhood is not None:
try:
compmgr = manager_for_neighborhood(self.env,
resource.neighborhood)
except ResourceNotFound:
#FIXME: raise ?
return False
else:
return PermissionSystem(compmgr).check_permission(
action, username, resource, perm)
for policy in self.policies:
decision = policy.check_permission(action, username, resource,
perm)
if decision is not None:
if not decision:
self.log.debug("%s denies %s performing %s on %r",
policy.__class__.__name__, username,
action, resource)
return decision
self.log.debug("No policy allowed %s performing %s on %r",
username, action, resource)
return False
def __init__(self, env, username=None, resource=None, cache=None,
groups=None):
if resource and resource.neighborhood is not None:
env = manager_for_neighborhood(env, resource.neighborhood)
resource = Neighborhood(None, None).child(resource)
self.env = env
self.username = username or 'anonymous'
self._resource = resource
if cache is None:
cache = {}
self._cache = cache
def _has_permission(self, action, resource):
key = (self.username, hash(resource), action)
cached = self._cache.get(key)
if cached:
cache_decision, cache_resource = cached
if resource == cache_resource:
return cache_decision
perm = self
permsys = PermissionSystem(self.env)
if resource is not self._resource:
if resource.neighborhood is not None:
perm = PermissionCache(self.env, self.username, resource, {})
permsys = PermissionSystem(
manager_for_neighborhood(self.env, resource.neighborhood))
else:
perm = PermissionCache(self.env, self.username, resource,
self._cache)
decision = permsys.check_permission(action, perm.username, resource,
perm)
self._cache[key] = (decision, resource)
return decision
def _has_permission(self, action, resource):
key = (self.username, hash(resource), action)
cached = self._cache.get(key)
if cached:
cache_decision, cache_resource = cached
if resource == cache_resource:
return cache_decision
perm = self
permsys = PermissionSystem(self.env)
if resource is not self._resource:
if resource.neighborhood is not None:
perm = PermissionCache(self.env, self.username, resource, {})
permsys = PermissionSystem(manager_for_neighborhood(
self.env, resource.neighborhood))
else:
perm = PermissionCache(self.env, self.username, resource,
self._cache)
decision = permsys.check_permission(action, perm.username, resource,
perm)
self._cache[key] = (decision, resource)
return decision
