Python parse_acl Exemples

Exemple #1

Fichier : test_acl.py Projet : wendy-king/x7_venv

 def test_parse_acl(self):
     self.assertEquals(acl.parse_acl(None), ([], []))
     self.assertEquals(acl.parse_acl(''), ([], []))
     self.assertEquals(acl.parse_acl('.r:ref1'), (['ref1'], []))
     self.assertEquals(acl.parse_acl('.r:-ref1'), (['-ref1'], []))
     self.assertEquals(acl.parse_acl('account:user'),
                       ([], ['account:user']))
     self.assertEquals(acl.parse_acl('account'), ([], ['account']))
     self.assertEquals(acl.parse_acl('acc1,acc2:usr2,.r:ref3,.r:-ref4'),
                       (['ref3', '-ref4'], ['acc1', 'acc2:usr2']))
     self.assertEquals(acl.parse_acl(
         'acc1,acc2:usr2,.r:ref3,acc3,acc4:usr4,.r:ref5,.r:-ref6'),
         (['ref3', 'ref5', '-ref6'],
          ['acc1', 'acc2:usr2', 'acc3', 'acc4:usr4']))

Exemple #2

 def test_parse_acl(self):
     self.assertEquals(acl.parse_acl(None), ([], []))
     self.assertEquals(acl.parse_acl(''), ([], []))
     self.assertEquals(acl.parse_acl('.r:ref1'), (['ref1'], []))
     self.assertEquals(acl.parse_acl('.r:-ref1'), (['-ref1'], []))
     self.assertEquals(acl.parse_acl('account:user'),
                       ([], ['account:user']))
     self.assertEquals(acl.parse_acl('account'), ([], ['account']))
     self.assertEquals(acl.parse_acl('acc1,acc2:usr2,.r:ref3,.r:-ref4'),
                       (['ref3', '-ref4'], ['acc1', 'acc2:usr2']))
     self.assertEquals(
         acl.parse_acl(
             'acc1,acc2:usr2,.r:ref3,acc3,acc4:usr4,.r:ref5,.r:-ref6'),
         (['ref3', 'ref5', '-ref6'
           ], ['acc1', 'acc2:usr2', 'acc3', 'acc4:usr4']))

Exemple #3

Fichier : tempauth.py Projet : wendy-king/x7_venv

 def authorize(self, req):
     """
     Returns None if the request is authorized to continue or a standard
     WSGI response callable if not.
     """
     try:
         version, account, container, obj = split_path(req.path, 1, 4, True)
     except ValueError:
         return HTTPNotFound(request=req)
     if not account or not account.startswith(self.reseller_prefix):
         return self.denied_response(req)
     user_groups = (req.remote_user or '').split(',')
     if '.reseller_admin' in user_groups and \
             account != self.reseller_prefix and \
             account[len(self.reseller_prefix)] != '.':
         req.environ['chase_owner'] = True
         return None
     if account in user_groups and \
             (req.method not in ('DELETE', 'PUT') or container):
         # If the user is admin for the account and is not trying to do an
         # account DELETE or PUT...
         req.environ['chase_owner'] = True
         return None
     if (req.environ.get('chase_sync_key')
             and req.environ['chase_sync_key'] == req.headers.get(
                 'x-container-sync-key', None)
             and 'x-timestamp' in req.headers
             and (req.remote_addr in self.allowed_sync_hosts
                  or get_remote_client(req) in self.allowed_sync_hosts)):
         return None
     referrers, groups = parse_acl(getattr(req, 'acl', None))
     if referrer_allowed(req.referer, referrers):
         if obj or '.rlistings' in groups:
             return None
         return self.denied_response(req)
     if not req.remote_user:
         return self.denied_response(req)
     for user_group in user_groups:
         if user_group in groups:
             return None
     return self.denied_response(req)

Exemple #4

Fichier : tempauth.py Projet : wendy-king/x7_venv

 def authorize(self, req):
     """
     Returns None if the request is authorized to continue or a standard
     WSGI response callable if not.
     """
     try:
         version, account, container, obj = split_path(req.path, 1, 4, True)
     except ValueError:
         return HTTPNotFound(request=req)
     if not account or not account.startswith(self.reseller_prefix):
         return self.denied_response(req)
     user_groups = (req.remote_user or '').split(',')
     if '.reseller_admin' in user_groups and \
             account != self.reseller_prefix and \
             account[len(self.reseller_prefix)] != '.':
         req.environ['chase_owner'] = True
         return None
     if account in user_groups and \
             (req.method not in ('DELETE', 'PUT') or container):
         # If the user is admin for the account and is not trying to do an
         # account DELETE or PUT...
         req.environ['chase_owner'] = True
         return None
     if (req.environ.get('chase_sync_key') and
         req.environ['chase_sync_key'] ==
             req.headers.get('x-container-sync-key', None) and
         'x-timestamp' in req.headers and
         (req.remote_addr in self.allowed_sync_hosts or
          get_remote_client(req) in self.allowed_sync_hosts)):
         return None
     referrers, groups = parse_acl(getattr(req, 'acl', None))
     if referrer_allowed(req.referer, referrers):
         if obj or '.rlistings' in groups:
             return None
         return self.denied_response(req)
     if not req.remote_user:
         return self.denied_response(req)
     for user_group in user_groups:
         if user_group in groups:
             return None
     return self.denied_response(req)

Exemple #5

Fichier : chase_auth.py Projet : wendy-king/x7_venv

 def _authorize_anon_object(self, req, account, container, obj):
     referrers, groups = parse_acl(getattr(req, 'acl', None))
     if referrer_allowed(req.referer, referrers):
         self.log.debug('anonymous request AUTHORIZED OKAY')
         return None
     return self.unauthorized(req)

Exemple #6

Fichier : chase_auth.py Projet : wendy-king/x7_venv

 def _authorize_anon_object(self, req, account, container, obj):
     referrers, groups = parse_acl(getattr(req, "acl", None))
     if referrer_allowed(req.referer, referrers):
         self.log.debug("anonymous request AUTHORIZED OKAY")
         return None
     return self.unauthorized(req)