Exemple #1
0
    def __init__(self, request):
        # Store some shortcuts.
        permission = request.registry.permission
        self._check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request)

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and
                          hasattr(service, 'viewset') and
                          hasattr(service, 'resource'))
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_collection = getattr(service, "type", None) == "collection"

            # Try to fetch the target object. Its existence will affect permissions checking.
            if not self.on_collection and request.method.lower() in ("put", "delete", "patch"):
                resource = service.resource(request=request, context=self)
                try:
                    # Save a reference, to avoid refetching from storage in resource.
                    self.current_record = resource.model.get_record(resource.record_id)
                except storage_exceptions.RecordNotFoundError:
                    pass

            self.permission_object_id, self.required_permission = (
                self._find_required_permission(request, service))

            # To obtain shared records on a collection endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, '*')

        self._settings = request.registry.settings
Exemple #2
0
    def __init__(self, request):
        # Make it available for the authorization policy.
        self.get_prefixed_userid = functools.partial(prefixed_userid, request)

        # Store some shortcuts.
        permission = request.registry.permission
        self.check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and hasattr(service, 'viewset')
                          and hasattr(service, 'resource'))
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_collection = getattr(service, "type", None) == "collection"

            self.permission_object_id, self.required_permission = (
                self._find_required_permission(request, service))

            # To obtain shared records on a collection endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, '*')

            # Check if principals are allowed explicitly from settings.
            settings = request.registry.settings
            setting = '%s_%s_principals' % (self.resource_name,
                                            self.required_permission)
            self.allowed_principals = aslist(settings.get(setting, ''))
    def __init__(self, request):
        # Make it available for the authorization policy.
        self.get_prefixed_userid = functools.partial(prefixed_userid, request)

        # Store some shortcuts.
        permission = request.registry.permission
        self.check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and
                          hasattr(service, 'viewset') and
                          hasattr(service, 'resource'))
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_collection = getattr(service, "type", None) == "collection"

            self.permission_object_id, self.required_permission = (
                self._find_required_permission(request, service))

            # To obtain shared records on a collection endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, '*')

            # Check if principals are allowed explicitly from settings.
            settings = request.registry.settings
            setting = '%s_%s_principals' % (self.resource_name,
                                            self.required_permission)
            self.allowed_principals = aslist(settings.get(setting, ''))
Exemple #4
0
    def __init__(self, request):
        # Store some shortcuts.
        permission = request.registry.permission
        self._check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request)

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and
                          hasattr(service, 'viewset') and
                          hasattr(service, 'resource'))
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_collection = getattr(service, 'type', None) == 'collection'

            # Try to fetch the target object. Its existence will affect permissions checking.
            if not self.on_collection and request.method.lower() in ('put', 'delete', 'patch'):
                resource = service.resource(request=request, context=self)
                try:
                    # Save a reference, to avoid refetching from storage in resource.
                    self.current_record = resource.model.get_record(resource.record_id)
                except storage_exceptions.RecordNotFoundError:
                    pass

            self.permission_object_id, self.required_permission = (
                self._find_required_permission(request, service))

            # To obtain shared records on a collection endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, '*')

        self._settings = request.registry.settings
Exemple #5
0
    def __init__(self, request):
        # Make it available for the authorization policy.
        self.get_prefixed_userid = functools.partial(prefixed_userid, request)

        self._check_permission = request.registry.permission.check_permission

        # Partial collections of ShareableResource:
        self.shared_ids = None

        # Store service, resource, record and required permission.
        service = utils.current_service(request)

        is_on_resource = (service is not None and
                          hasattr(service, 'viewset') and
                          hasattr(service, 'resource'))

        if is_on_resource:
            self.on_collection = getattr(service, "type", None) == "collection"
            self.permission_object_id = self.get_permission_object_id(request)

            # Decide what the required unbound permission is depending on the
            # method that's being requested.
            if request.method.lower() == "put":
                # In the case of a "PUT", check if the targetted record already
                # exists, return "write" if it does, "create" otherwise.

                # If the view exists, use its collection to catch an
                # eventual NotFound.
                resource = service.resource(request=request, context=self)
                try:
                    record = resource.model.get_record(resource.record_id)
                    self.current_record = record
                except storage_exceptions.RecordNotFoundError:
                    self.permission_object_id = service.collection_path.format(
                        **request.matchdict)
                    self.required_permission = "create"
                else:
                    self.required_permission = "write"
            else:
                method = request.method.lower()
                self.required_permission = self.method_permissions.get(method)

            self.resource_name = request.current_resource_name

            if self.on_collection:
                object_id_match = self.get_permission_object_id(request, '*')
                self.get_shared_ids = functools.partial(
                    request.registry.permission.get_accessible_objects,
                    object_id_match=object_id_match)

            settings = request.registry.settings
            setting = '%s_%s_principals' % (self.resource_name,
                                            self.required_permission)
            self.allowed_principals = aslist(settings.get(setting, ''))
Exemple #6
0
    def __init__(self, request):
        # Make it available for the authorization policy.
        self.get_prefixed_userid = functools.partial(prefixed_userid, request)

        self._check_permission = request.registry.permission.check_permission

        # Partial collections of ShareableResource:
        self.shared_ids = None

        # Store service, resource, record and required permission.
        service = utils.current_service(request)

        is_on_resource = (service is not None and hasattr(service, 'viewset')
                          and hasattr(service, 'resource'))

        if is_on_resource:
            self.on_collection = getattr(service, "type", None) == "collection"
            self.permission_object_id = self.get_permission_object_id(request)

            # Decide what the required unbound permission is depending on the
            # method that's being requested.
            if request.method.lower() == "put":
                # In the case of a "PUT", check if the targetted record already
                # exists, return "write" if it does, "create" otherwise.

                # If the view exists, use its collection to catch an
                # eventual NotFound.
                resource = service.resource(request=request, context=self)
                try:
                    record = resource.model.get_record(resource.record_id)
                    self.current_record = record
                except storage_exceptions.RecordNotFoundError:
                    self.permission_object_id = service.collection_path.format(
                        **request.matchdict)
                    self.required_permission = "create"
                else:
                    self.required_permission = "write"
            else:
                method = request.method.lower()
                self.required_permission = self.method_permissions.get(method)

            self.resource_name = request.current_resource_name

            if self.on_collection:
                object_id_match = self.get_permission_object_id(request, '*')
                self.get_shared_ids = functools.partial(
                    request.registry.permission.get_accessible_objects,
                    object_id_match=object_id_match)

            settings = request.registry.settings
            setting = '%s_%s_principals' % (self.resource_name,
                                            self.required_permission)
            self.allowed_principals = aslist(settings.get(setting, ''))
Exemple #7
0
    def __init__(self, request):
        # Store some shortcuts.
        permission = request.registry.permission
        self._check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        self.get_prefixed_principals = functools.partial(
            utils.prefixed_principals, request)

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and hasattr(service, "viewset")
                          and hasattr(service, "resource"))
        self._resource = None
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_plural_endpoint = getattr(service, "type",
                                              None) == "plural"

            # Check if this request targets an individual object.
            # Its existence will affect permissions checking (cf `_find_required_permission()`).
            # There are cases where the permission is not directly related to the HTTP method,
            # For example:
            # - with POST on plural endpoint, with an id supplied
            # - with PUT on an object, which can either be creation or update
            is_write_on_object = not self.on_plural_endpoint and request.method.lower(
            ) in (
                "put",
                "delete",
                "patch",
            )
            is_post_on_plural = self.on_plural_endpoint and request.method.lower(
            ) == "post"
            if is_write_on_object or is_post_on_plural:
                # We instantiate the resource to determine the object targeted by the request.
                self._resource = resource = service.resource(request=request,
                                                             context=self)
                if resource.object_id is not None:  # Skip POST on plural without id.
                    try:
                        # Save a reference, to avoid refetching from storage in resource.
                        self.current_object = resource.model.get_object(
                            resource.object_id)
                    except storage_exceptions.ObjectNotFoundError:
                        pass

            self.permission_object_id, self.required_permission = self._find_required_permission(
                request, service)

            # To obtain shared objects on a plural endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, "*")

        self._settings = request.registry.settings
Exemple #8
0
    def __init__(self, request):
        # Store some shortcuts.
        permission = request.registry.permission
        self._check_permission = permission.check_permission
        self._get_accessible_objects = permission.get_accessible_objects

        self.get_prefixed_principals = functools.partial(
            utils.prefixed_principals, request)

        # Store current resource and required permission.
        service = utils.current_service(request)
        is_on_resource = (service is not None and hasattr(service, 'viewset')
                          and hasattr(service, 'resource'))
        if is_on_resource:
            self.resource_name = request.current_resource_name
            self.on_collection = getattr(service, "type", None) == "collection"

            self.permission_object_id, self.required_permission = (
                self._find_required_permission(request, service))

            # To obtain shared records on a collection endpoint, use a match:
            self._object_id_match = self.get_permission_object_id(request, '*')

        self._settings = request.registry.settings
Exemple #9
0
    def test_current_service_returns_none_for_unexisting_patterns(self):
        request = DummyRequest()
        request.matched_route.pattern = '/unexisting'
        request.registry.cornice_services = {}

        self.assertEqual(current_service(request), None)
Exemple #10
0
    def test_current_service_returns_the_service_for_existing_patterns(self):
        request = DummyRequest()
        request.matched_route.pattern = '/buckets'
        request.registry.cornice_services = {'/buckets': mock.sentinel.service}

        self.assertEqual(current_service(request), mock.sentinel.service)
Exemple #11
0
    def test_current_service_returns_none_for_unexisting_patterns(self):
        request = DummyRequest()
        request.matched_route.pattern = "/unexisting"
        request.registry.cornice_services = {}

        self.assertEqual(current_service(request), None)
Exemple #12
0
    def test_current_service_returns_the_service_for_existing_patterns(self):
        request = DummyRequest()
        request.matched_route.pattern = "/buckets"
        request.registry.cornice_services = {"/buckets": mock.sentinel.service}

        self.assertEqual(current_service(request), mock.sentinel.service)