Example #1
0
    def __init__(self, **kwargs):

        self.task_data = {'cmd': None}
        self.request = kwargs.pop('request', {})
        self.response = kwargs.pop('response', {})
        try:
            self.session = self.request.env['session']
            self.input = self.request.context['data']
            self.output = self.request.context['result']
            self.user_id = self.session.get('user_id')
            self.role_id = self.session.get('role_id')
        except AttributeError:
            # when we want to use engine functions independently,
            # we need to create a fake current object
            self.session = {}
            self.input = {}
            self.output = {}
            self.user_id = None
            self.role_id = None

        self.lang_code = self.input.get('lang_code', settings.DEFAULT_LANG)
        self.log = log
        self.pool = {}
        AuthBackend = get_object_from_path(settings.AUTH_BACKEND)
        self.auth = lazy_object_proxy.Proxy(lambda: AuthBackend(self))
        self.user = lazy_object_proxy.Proxy(lambda: self.auth.get_user())
        self.role = lazy_object_proxy.Proxy(lambda: self.auth.get_role())

        self.msg_cache = Notify(self.user_id)
        log.debug("\n\nINPUT DATA: %s" % self.input)
        self.permissions = []
Example #2
0
    def __init__(self, **kwargs):
        super(WFCurrent, self).__init__(**kwargs)
        self.workflow_name = kwargs.pop('workflow_name', '')
        self.spec = None
        self.workflow = None
        self.task_type = ''
        self.task = None
        self.pool = {}
        self.task_name = ''
        self.activity = ''
        self.lane_permissions = []
        self.lane_relations = ''
        self.old_lane = ''
        self.lane_owners = None
        self.lane_name = ''

        if 'token' in self.input:
            self.token = self.input['token']
            log.info("TOKEN iNCOMiNG: %s " % self.token)
            self.new_token = False
        else:
            self.token = uuid4().hex
            self.new_token = True
            log.info("TOKEN NEW: %s " % self.token)

        self.wfcache = WFCache(self.token)
        log.debug("\n\nWF_CACHE: %s" % self.wfcache.get())
        self.set_client_cmds()
Example #3
0
    def __init__(self, **kwargs):

        self.task_data = {'cmd': None}
        self.request = kwargs.pop('request', {})
        self.response = kwargs.pop('response', {})
        try:
            self.session = self.request.env['session']
            self.input = self.request.context['data']
            self.output = self.request.context['result']
            self.user_id = self.session.get('user_id')
            self.role_id = self.session.get('role_id')
        except AttributeError:
            # when we want to use engine functions independently,
            # we need to create a fake current object
            self.session = {}
            self.input = {}
            self.output = {}
            self.user_id = None
            self.role_id = None

        self.lang_code = self.input.get('lang_code', settings.DEFAULT_LANG)
        self.log = log
        self.pool = {}
        AuthBackend = get_object_from_path(settings.AUTH_BACKEND)
        self.auth = lazy_object_proxy.Proxy(lambda: AuthBackend(self))
        self.user = lazy_object_proxy.Proxy(lambda: self.auth.get_user())
        self.role = lazy_object_proxy.Proxy(lambda: self.auth.get_role())

        self.msg_cache = Notify(self.user_id)
        log.debug("\n\nINPUT DATA: %s" % self.input)
        self.permissions = []
Example #4
0
    def __init__(self, **kwargs):

        self.task_data = {'cmd': None}
        self.session = Session()
        self.headers = {}
        self.input = {}  # when we want to use engine functions independently,
        self.output = {}  # we need to create a fake current object
        try:
            self.session = kwargs['session']
            self.input = kwargs['input']
        except KeyError:
            self.request = kwargs.pop('request', {})
            self.response = kwargs.pop('response', {})
            if 'env' in self.request:
                self.session = self.request.env['session']
                self.input = self.request.context['data']
                self.output = self.request.context['result']

        self.remote_addr = None
        self.user_id = self.session.get('user_id')
        self.role_id = self.session.get('role_id')

        self.log = log
        self.pool = {}
        AuthBackend = get_object_from_path(settings.AUTH_BACKEND)
        self.auth = lazy_object_proxy.Proxy(lambda: AuthBackend(self))
        self.user = lazy_object_proxy.Proxy(lambda: self.auth.get_user())
        self.role = lazy_object_proxy.Proxy(lambda: self.auth.get_role())
        log.debug("\n\nINPUT DATA: %s" % self.input)
        self.permissions = []
Example #5
0
    def check_for_permission(self):
        # TODO: Works but not beautiful, needs review!
        """
        Checks if current user (or role) has the required permission
        for current workflow step.

        Raises:
            HTTPError: if user doesn't have required permissions.
        """
        if self.current.task:
            lane = self.current.lane_id
            permission = "%s.%s.%s" % (self.current.workflow_name, lane,
                                       self.current.task_name)
        else:
            permission = self.current.workflow_name
        log.debug("CHECK PERM: %s" % permission)

        if (self.current.task_type not in PERM_REQ_TASK_TYPES
                or permission.startswith(tuple(settings.ANONYMOUS_WORKFLOWS))
                or
            (self.current.is_auth
             and permission.startswith(tuple(settings.COMMON_WORKFLOWS)))):
            return
        # FIXME:needs hardening

        log.debug("REQUIRE PERM: %s" % permission)
        if not self.current.has_permission(permission):
            raise HTTPError(
                403, "You don't have required permission: %s" % permission)
Example #6
0
def _load_translations():
    all_translations = {}
    log.debug('Loading translations')
    for language in settings.TRANSLATIONS:
        translations = {}
        for domain, default_lang in settings.TRANSLATION_DOMAINS.items():
            if language == default_lang:
                # For the default language of the domain, use untranslated messages
                catalog = gettextlib.NullTranslations()
            else:
                # For other languages, we need to insert the translations
                log.debug(
                    'Loading translation of language {lang} for {domain}'.format(
                        lang=language, domain=domain))
                try:
                    catalog = gettextlib.translation(
                        domain=domain,
                        localedir=settings.TRANSLATIONS_DIR,
                        languages=[language],
                        fallback=False,
                    )
                except IOError:
                    log.error('Translations for language {lang} for {domain} not found! '
                              'Falling back to default language!'.format(lang=language,
                                                                         domain=domain))
                    catalog = gettextlib.NullTranslations()
            translations[domain] = catalog
        all_translations[language] = translations
    return all_translations
Example #7
0
    def __init__(self, **kwargs):
        super(WFCurrent, self).__init__(**kwargs)
        self.workflow_name = kwargs.pop('workflow_name', '')
        self.spec = None
        self.workflow = None
        self.task_type = ''
        self.task = None
        self.pool = {}
        self.task_name = ''
        self.activity = ''
        self.lane_permissions = []
        self.lane_relations = ''
        self.old_lane = ''
        self.lane_owners = None
        self.lane_name = ''

        if 'token' in self.input:
            self.token = self.input['token']
            log.info("TOKEN iNCOMiNG: %s " % self.token)
            self.new_token = False
        else:
            self.token = uuid4().hex
            self.new_token = True
            log.info("TOKEN NEW: %s " % self.token)

        self.wfcache = WFCache(self.token)
        log.debug("\n\nWF_CACHE: %s" % self.wfcache.get())
        self.set_client_cmds()
Example #8
0
 def start_engine(self, **kwargs):
     self.current = WFCurrent(**kwargs)
     self.check_for_authentication()
     self.check_for_permission()
     self.workflow = self.load_or_create_workflow()
     log.debug(
         "\n\n::::::::::: ENGINE STARTED :::::::::::\n"
         "\tWF: %s (Possible) TASK:%s\n"
         "\tCMD:%s\n"
         "\tSUBCMD:%s" %
         (self.workflow.name, self.workflow.get_tasks(Task.READY),
          self.current.input.get('cmd'), self.current.input.get('subcmd')))
     self.current.workflow = self.workflow
Example #9
0
 def start_engine(self, **kwargs):
     self.current = WFCurrent(**kwargs)
     self.check_for_authentication()
     self.check_for_permission()
     self.workflow = self.load_or_create_workflow()
     log.debug("\n\n::::::::::: ENGINE STARTED :::::::::::\n"
               "\tWF: %s (Possible) TASK:%s\n"
               "\tCMD:%s\n"
               "\tSUBCMD:%s" % (
                   self.workflow.name,
                   self.workflow.get_tasks(Task.READY),
                   self.current.input.get('cmd'), self.current.input.get('subcmd')))
     self.current.workflow = self.workflow
Example #10
0
 def check_for_permission(self):
     """
     since wf task has their own perm. checker,
     this method called only by "call()" dispatcher
     """
     permission = "%s.%s" % (self.object.__class__.__name__, self.cmd)
     log.debug("CHECK CRUD PERM: %s" % permission)
     if (self.current.task_type in NO_PERM_TASKS_TYPES or
                 permission in settings.ANONYMOUS_WORKFLOWS):
         return
     if not self.current.has_permission(permission):
         raise falcon.HTTPForbidden("Permission denied",
                                    "You don't have required CRUD permission: %s" % permission)
Example #11
0
 def check_for_permission(self):
     # TODO: Works but not beautiful, needs review!
     if self.current.task:
         permission = "%s.%s" % (self.current.workflow_name, self.current.task_name)
     else:
         permission = self.current.workflow_name
     log.debug("CHECK PERM: %s" % permission)
     if (self.current.task_type in NO_PERM_TASKS_TYPES or
             permission.startswith(tuple(settings.ANONYMOUS_WORKFLOWS))):
         return
     log.debug("REQUIRE PERM: %s" % permission)
     if not self.current.has_permission(permission):
         raise falcon.HTTPForbidden("Permission denied",
                                    "You don't have required permission: %s" % permission)
Example #12
0
    def process_response(self, req, resp, resource):
        if 'result' not in req.context:
            return
        req.context['result']['is_login'] = '******' in req.env['session']
        if settings.DEBUG:
            req.context['result']['_debug_queries'] = sys._debug_db_queries
            sys._debug_db_queries = []
        if resp.body is None and req.context['result']:
            resp.body = json.dumps(req.context['result'])

        try:
            log.debug("RESPONSE: %s" % resp.body)
        except:
            log.exception("ERR: RESPONSE CANT BE LOGGED ")
Example #13
0
 def check_for_permission(self):
     """
     since wf task has their own perm. checker,
     this method called only by "call()" dispatcher
     """
     permission = "%s.%s" % (self.object.__class__.__name__, self.cmd)
     log.debug("CHECK CRUD PERM: %s" % permission)
     if (self.current.task_type in NO_PERM_TASKS_TYPES
             or permission in settings.ANONYMOUS_WORKFLOWS):
         return
     if not self.current.has_permission(permission):
         raise falcon.HTTPForbidden(
             "Permission denied",
             "You don't have required CRUD permission: %s" % permission)
Example #14
0
    def start_engine(self, **kwargs):
        """
        Initializes the workflow with given request, response objects and diagram name.

        Args:
            session:
            input:
            workflow_name (str): Name of workflow diagram without ".bpmn" suffix.
             File must be placed under one of configured :py:attr:`~zengine.settings.WORKFLOW_PACKAGES_PATHS`

        """
        self.current = WFCurrent(**kwargs)
        self.wf_state = {'in_external': False, 'finished': False}
        if not self.current.new_token:
            self.wf_state = self.current.wf_cache.get(self.wf_state)
            self.current.workflow_name = self.wf_state['name']
            # if we have a pre-selected object to work with,
            # inserting it as current.input['id'] and task_data['object_id']
            if 'subject' in self.wf_state:
                self.current.input['id'] = self.wf_state['subject']
                self.current.task_data['object_id'] = self.wf_state['subject']
        self.check_for_authentication()
        self.check_for_permission()
        self.workflow = self.load_or_create_workflow()

        # if form data exists in input (user submitted)
        # put form data in wf task_data
        if 'form' in self.current.input:
            form = self.current.input['form']
            if 'form_name' in form:
                self.current.task_data[form['form_name']] = form

        # in wf diagram, if property is stated as init = True
        # demanded initial values are assigned and put to cache
        start_init_values = self.workflow_spec.wf_properties.get(
            'init', 'False') == 'True'
        if start_init_values:
            WFInit = get_object_from_path(settings.WF_INITIAL_VALUES)()
            WFInit.assign_wf_initial_values(self.current)

        log_msg = (
            "\n\n::::::::::: ENGINE STARTED :::::::::::\n"
            "\tWF: %s (Possible) TASK:%s\n"
            "\tCMD:%s\n"
            "\tSUBCMD:%s" %
            (self.workflow.name, self.workflow.get_tasks(Task.READY),
             self.current.input.get('cmd'), self.current.input.get('subcmd')))
        log.debug(log_msg)
        sys._zops_wf_state_log = log_msg
        self.current.workflow = self.workflow
Example #15
0
    def send_to_prv_exchange(self, user_id, message=None):
        """
        Send messages through logged in users private exchange.

        Args:
            user_id string: User key
            message dict: Message object

        """
        exchange = 'prv_%s' % user_id.lower()
        msg = json.dumps(message, cls=ZEngineJSONEncoder)
        log.debug("Sending following users \"%s\" exchange:\n%s " %
                  (exchange, msg))
        self.get_channel().publish(exchange=exchange, routing_key='', body=msg)
Example #16
0
    def process_response(self, req, resp, resource):
        if 'result' not in req.context:
            return
        req.context['result']['is_login'] = '******' in req.env['session']
        if settings.DEBUG:
            req.context['result']['_debug_queries'] = sys._debug_db_queries
            sys._debug_db_queries = []
        if resp.body is None and req.context['result']:
            resp.body = json.dumps(req.context['result'])

        try:
            log.debug("RESPONSE: %s" % resp.body)
        except:
            log.exception("ERR: RESPONSE CANT BE LOGGED ")
Example #17
0
    def send_to_default_exchange(self, sess_id, message=None):
        """
        Send messages through RabbitMQ's default exchange,
        which will be delivered through routing_key (sess_id).

        This method only used for un-authenticated users, i.e. login process.

        Args:
            sess_id string: Session id
            message dict: Message object.
        """
        msg = json.dumps(message, cls=ZEngineJSONEncoder)
        log.debug(
            "Sending following message to %s queue through default exchange:\n%s"
            % (sess_id, msg))
        self.get_channel().publish(exchange='', routing_key=sess_id, body=msg)
Example #18
0
 def check_for_permission(self):
     # TODO: Works but not beautiful, needs review!
     if self.current.task:
         permission = "%s.%s" % (self.current.workflow_name,
                                 self.current.task_name)
     else:
         permission = self.current.workflow_name
     log.debug("CHECK PERM: %s" % permission)
     if (self.current.task_type in NO_PERM_TASKS_TYPES
             or permission.startswith(tuple(settings.ANONYMOUS_WORKFLOWS))):
         return
     log.debug("REQUIRE PERM: %s" % permission)
     if not self.current.has_permission(permission):
         raise falcon.HTTPForbidden(
             "Permission denied",
             "You don't have required permission: %s" % permission)
Example #19
0
    def check_for_permission(self):
        """
        Checks permissions of auto-generated CRUD views.

        Required permissions calculated according to
        ``ModelName . self.cmd`` scheme.

        """
        permission = "%s.%s" % (self.object.__class__.__name__, self.cmd)
        log.debug("CHECK CRUD PERM: %s" % permission)
        if (self.current.task_type not in PERM_REQ_TASK_TYPES
                or permission in settings.ANONYMOUS_WORKFLOWS):
            return
        if not self.current.has_permission(permission):
            raise HTTPError(
                403,
                "You don't have required CRUD permission: %s" % permission)
Example #20
0
    def process_response(self, request, response, resource):
        origin = request.get_header('Origin')
        if not settings.DEBUG:
            if origin in settings.ALLOWED_ORIGINS or not origin:
                response.set_header('Access-Control-Allow-Origin', origin)
            else:
                log.debug("CORS ERROR: %s not allowed, allowed hosts: %s" % (origin,
                                                                             settings.ALLOWED_ORIGINS))
                raise falcon.HTTPForbidden("Denied", "Origin not in ALLOWED_ORIGINS: %s" % origin)
                response.status = falcon.HTTP_403
        else:
            response.set_header('Access-Control-Allow-Origin', origin or '*')

        response.set_header('Access-Control-Allow-Credentials', "true")
        response.set_header('Access-Control-Allow-Headers', 'Content-Type')
        # This could be overridden in the resource level
        response.set_header('Access-Control-Allow-Methods', 'OPTIONS')
Example #21
0
 def _do_login(self):
     """
     logs in the "test_user"
     """
     self.client.sess_id = uuid4().hex
     self.client.set_path("/login/")
     resp = self.client.post()
     assert resp.json['forms']['schema']['title'] == 'LoginForm'
     req_fields = resp.json['forms']['schema']['required']
     assert all([(field in req_fields)
                 for field in ('username', 'password')])
     resp = self.client.post(username=self.client.username
                             or self.client.user.username,
                             password="******",
                             cmd="do")
     log.debug("login result :\n%s" % resp.json)
     assert resp.json['cmd'] == 'upgrade'
Example #22
0
    def switch_to_external_wf(self):
        """
        External workflow switcher.

        This method copies main workflow information into
        a temporary dict `main_wf` and makes external workflow
        acting as main workflow.

        """

        # External WF name should be stated at main wf diagram and type should be service task.
        if (self.current.task_type == 'ServiceTask'
                and self.current.task.task_spec.type == 'external'):

            log.debug("Entering to EXTERNAL WF")

            # Main wf information is copied to main_wf.
            main_wf = self.wf_state.copy()

            # workflow name from main wf diagram is assigned to current workflow name.
            # workflow name must be either in task_data with key 'external_wf' or in main diagram's
            # topic.
            self.current.workflow_name = self.current.task_data.pop('external_wf', False) or self.\
                current.task.task_spec.topic

            # For external WF, check permission and authentication. But after cleaning current task.
            self._clear_current_task()

            # check for auth and perm. current task cleared, do against new workflow_name
            self.check_for_authentication()
            self.check_for_permission()

            # wf knowledge is taken for external wf.
            self.workflow_spec = self.get_worfklow_spec()
            # New WF instance is created for external wf.
            self.workflow = self.create_workflow()
            # Current WF is this WF instance.
            self.current.workflow = self.workflow
            # main_wf: main wf information.
            # in_external: it states external wf in progress.
            # finished: it shows that main wf didn't finish still progress in external wf.
            self.wf_state = {
                'main_wf': main_wf,
                'in_external': True,
                'finished': False
            }
Example #23
0
    def log_wf_state(self):
        """
        logging the state of the workflow and data
        """
        output = '\n- - - - - -\n'
        output += "WORKFLOW: %s ( %s )" % (self.current.workflow_name.upper(),
                                           self.current.workflow.name)

        output += "\nTASK: %s ( %s )\n" % (self.current.task_name, self.current.task_type)
        output += "DATA:"
        for k, v in self.current.task_data.items():
            if v:
                output += "\n\t%s: %s" % (k, v)
        output += "\nCURRENT:"
        output += "\n\tACTIVITY: %s" % self.current.activity
        output += "\n\tPOOL: %s" % self.current.pool
        output += "\n\tTOKEN: %s" % self.current.token
        log.debug(output + "\n= = = = = =\n")
Example #24
0
    def process_response(self, request, response, resource):
        origin = request.get_header('Origin')
        if not settings.DEBUG:
            if origin in settings.ALLOWED_ORIGINS or not origin:
                response.set_header('Access-Control-Allow-Origin', origin)
            else:
                log.debug("CORS ERROR: %s not allowed, allowed hosts: %s" %
                          (origin, settings.ALLOWED_ORIGINS))
                raise falcon.HTTPForbidden(
                    "Denied", "Origin not in ALLOWED_ORIGINS: %s" % origin)
                response.status = falcon.HTTP_403
        else:
            response.set_header('Access-Control-Allow-Origin', origin or '*')

        response.set_header('Access-Control-Allow-Credentials', "true")
        response.set_header('Access-Control-Allow-Headers', 'Content-Type')
        # This could be overridden in the resource level
        response.set_header('Access-Control-Allow-Methods', 'OPTIONS')
Example #25
0
    def log_wf_state(self):
        """
        logging the state of the workflow and data
        """
        output = '\n- - - - - -\n'
        output += "WORKFLOW: %s ( %s )" % (self.current.workflow_name.upper(),
                                           self.current.workflow.name)

        output += "\nTASK: %s ( %s )\n" % (self.current.task_name,
                                           self.current.task_type)
        output += "DATA:"
        for k, v in self.current.task_data.items():
            if v:
                output += "\n\t%s: %s" % (k, v)
        output += "\nCURRENT:"
        output += "\n\tACTIVITY: %s" % self.current.activity
        output += "\n\tPOOL: %s" % self.current.pool
        output += "\n\tTOKEN: %s" % self.current.token
        log.debug(output + "\n= = = = = =\n")
Example #26
0
    def install_language(cls, language_code):
        """Install the translations for language specified by `language_code`.

        If we don't have translations for this language, then the default language will be used.

        If the language specified is already installed, then this is a no-op.
        """
        # Skip if the language is already installed
        if language_code == cls.language:
            return
        try:
            cls._active_catalogs = cls._translation_catalogs[language_code]
            cls.language = language_code
            log.debug('Installed language %s', language_code)
        except KeyError:
            default = settings.DEFAULT_LANG
            log.warning('Unknown language %s, falling back to %s', language_code, default)
            cls._active_catalogs = cls._translation_catalogs[default]
            cls.language = default
Example #27
0
    def install_locale(cls, locale_code, locale_type):
        """Install the locale specified by `language_code`, for localizations of type `locale_type`.

        If we can't perform localized formatting for the specified locale,
        then the default localization format will be used.

        If the locale specified is already installed for the selected type, then this is a no-op.
        """

        # Skip if the locale is already installed
        if locale_code == getattr(cls, locale_type):
            return
        try:
            # We create a Locale instance to see if the locale code is supported
            locale = Locale(locale_code)
            log.debug('Installed locale %s', locale_code)
        except UnknownLocaleError:
            default = settings.DEFAULT_LOCALIZATION_FORMAT
            log.warning('Unknown locale %s, falling back to %s', locale_code, default)
            locale = Locale(default)
        setattr(cls, locale_type, locale.language)
Example #28
0
    def process_response(self, req, resp, resource):
        """
        Serializes ``req.context['result']`` to resp.body as JSON.

        If :attr:`~zengine.settings.DEBUG` is True,
        ``sys._debug_db_queries`` (set by pyoko) added to response.

        """
        if 'result' not in req.context:
            return
        req.context['result']['is_login'] = '******' in req.env['session']
        if settings.DEBUG:
            req.context['result']['_debug_queries'] = sys._debug_db_queries
            sys._debug_db_queries = []
        if resp.body is None and req.context['result']:
            resp.body = json.dumps(req.context['result'])

        try:
            log.debug("RESPONSE: %s" % resp.body)
        except:
            log.exception("ERR: RESPONSE CANT BE LOGGED ")
Example #29
0
    def check_for_lane_permission(self):
        """
        One or more permissions can be associated with a lane of a workflow.
        In a similar way, a lane can be restricted with relation to other lanes of the workflow.

        When this method called on lane changes, it checks if the current user has the required
         permissions and proper relations. Raises a HTTPForbidden error if it is not.

        """
        # TODO: Cache lane_data in app memory
        if self.current.lane_permissions:
            log.debug("HAS LANE PERMS: %s" % self.current.lane_permissions)
            for perm in self.current.lane_permissions:
                if not self.current.has_permission(perm):
                    raise falcon.HTTPForbidden(
                        "Permission denied",
                        "You don't have required lane permission: %s" % perm)
        if self.current.lane_relations:
            context = self.get_pool_context()
            log.debug("HAS LANE RELS: %s" % self.current.lane_relations)
            if not eval(self.current.lane_relations, context):
                log.debug("LANE RELATION ERR: %s %s" %
                          (self.current.lane_relations, context))
                raise falcon.HTTPForbidden(
                    "Permission denied",
                    "You aren't qualified for this lane: %s" %
                    self.current.lane_relations)
Example #30
0
    def get_model_class(self):
        """
        Looks for the default model of this view from
        :py:attr:`Meta.model`. If it's not set, tries to get
        model name from ``current.input['model']``.

        Can be overridden to implement different model
        selection mechanism.

        Returns:
            :py:attr:`~pyoko.models.Model` class.
        """
        try:
            model = self.Meta.model if self.Meta.model else self.current.input[
                'model']
            if isinstance(model, Model):
                return model
            else:
                return model_registry.get_model(model)
        except:
            log.debug('No "model" given for CrudView')
            return None
Example #31
0
    def check_for_lane_permission(self):
        """
        One or more permissions can be associated with a lane
        of a workflow. In a similar way, a lane can be
        restricted with relation to other lanes of the workflow.

        This method called on lane changes and checks user has
        required permissions and relations.

        Raises:
             HTTPForbidden: if the current user hasn't got the
              required permissions and proper relations

        """
        # TODO: Cache lane_data in app memory
        if self.current.lane_permission:
            log.debug("HAS LANE PERM: %s" % self.current.lane_permission)
            perm = self.current.lane_permission
            if not self.current.has_permission(perm):
                raise HTTPError(
                    403, "You don't have required lane permission: %s" % perm)

        if self.current.lane_relations:
            context = self.get_pool_context()
            log.debug("HAS LANE RELS: %s" % self.current.lane_relations)
            try:
                cond_result = eval(self.current.lane_relations, context)
            except:
                log.exception("CONDITION EVAL ERROR : %s || %s" %
                              (self.current.lane_relations, context))
                raise
            if not cond_result:
                log.debug("LANE RELATION ERR: %s %s" %
                          (self.current.lane_relations, context))
                raise HTTPError(
                    403, "You aren't qualified for this lane: %s" %
                    self.current.lane_relations)
Example #32
0
    def check_for_lane_permission(self):
        """
        One or more permissions can be associated with a lane of a workflow.
        In a similar way, a lane can be restricted with relation to other lanes of the workflow.

        When this method called on lane changes, it checks if the current user has the required
         permissions and proper relations. Raises a HTTPForbidden error if it is not.

        """
        # TODO: Cache lane_data in app memory
        if self.current.lane_permissions:
            log.debug("HAS LANE PERMS: %s" % self.current.lane_permissions)
            for perm in self.current.lane_permissions:
                if not self.current.has_permission(perm):
                    raise falcon.HTTPForbidden("Permission denied",
                                               "You don't have required lane permission: %s" % perm)
        if self.current.lane_relations:
            context = self.get_pool_context()
            log.debug("HAS LANE RELS: %s" % self.current.lane_relations)
            if not eval(self.current.lane_relations, context):
                log.debug("LANE RELATION ERR: %s %s" % (self.current.lane_relations, context))
                raise falcon.HTTPForbidden(
                    "Permission denied",
                    "You aren't qualified for this lane: %s" % self.current.lane_relations)
Example #33
0
 def log_wf_state(self):
     log.debug(self.generate_wf_state_log() + "\n= = = = = =\n")