def __init__(self, request): # Store some shortcuts. permission = request.registry.permission self._check_permission = permission.check_permission self._get_accessible_objects = permission.get_accessible_objects self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request) # Store current resource and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.resource_name = request.current_resource_name self.on_collection = getattr(service, "type", None) == "collection" # Try to fetch the target object. Its existence will affect permissions checking. if not self.on_collection and request.method.lower() in ("put", "delete", "patch"): resource = service.resource(request=request, context=self) try: # Save a reference, to avoid refetching from storage in resource. self.current_record = resource.model.get_record(resource.record_id) except storage_exceptions.RecordNotFoundError: pass self.permission_object_id, self.required_permission = ( self._find_required_permission(request, service)) # To obtain shared records on a collection endpoint, use a match: self._object_id_match = self.get_permission_object_id(request, '*') self._settings = request.registry.settings
def __init__(self, request): # Make it available for the authorization policy. self.get_prefixed_userid = functools.partial(prefixed_userid, request) # Store some shortcuts. permission = request.registry.permission self.check_permission = permission.check_permission self._get_accessible_objects = permission.get_accessible_objects # Store current resource and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.resource_name = request.current_resource_name self.on_collection = getattr(service, "type", None) == "collection" self.permission_object_id, self.required_permission = ( self._find_required_permission(request, service)) # To obtain shared records on a collection endpoint, use a match: self._object_id_match = self.get_permission_object_id(request, '*') # Check if principals are allowed explicitly from settings. settings = request.registry.settings setting = '%s_%s_principals' % (self.resource_name, self.required_permission) self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request): # Store some shortcuts. permission = request.registry.permission self._check_permission = permission.check_permission self._get_accessible_objects = permission.get_accessible_objects self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request) # Store current resource and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.resource_name = request.current_resource_name self.on_collection = getattr(service, 'type', None) == 'collection' # Try to fetch the target object. Its existence will affect permissions checking. if not self.on_collection and request.method.lower() in ('put', 'delete', 'patch'): resource = service.resource(request=request, context=self) try: # Save a reference, to avoid refetching from storage in resource. self.current_record = resource.model.get_record(resource.record_id) except storage_exceptions.RecordNotFoundError: pass self.permission_object_id, self.required_permission = ( self._find_required_permission(request, service)) # To obtain shared records on a collection endpoint, use a match: self._object_id_match = self.get_permission_object_id(request, '*') self._settings = request.registry.settings
def __init__(self, request): # Make it available for the authorization policy. self.get_prefixed_userid = functools.partial(prefixed_userid, request) self._check_permission = request.registry.permission.check_permission # Partial collections of ShareableResource: self.shared_ids = None # Store service, resource, record and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.on_collection = getattr(service, "type", None) == "collection" self.permission_object_id = self.get_permission_object_id(request) # Decide what the required unbound permission is depending on the # method that's being requested. if request.method.lower() == "put": # In the case of a "PUT", check if the targetted record already # exists, return "write" if it does, "create" otherwise. # If the view exists, use its collection to catch an # eventual NotFound. resource = service.resource(request=request, context=self) try: record = resource.model.get_record(resource.record_id) self.current_record = record except storage_exceptions.RecordNotFoundError: self.permission_object_id = service.collection_path.format( **request.matchdict) self.required_permission = "create" else: self.required_permission = "write" else: method = request.method.lower() self.required_permission = self.method_permissions.get(method) self.resource_name = request.current_resource_name if self.on_collection: object_id_match = self.get_permission_object_id(request, '*') self.get_shared_ids = functools.partial( request.registry.permission.get_accessible_objects, object_id_match=object_id_match) settings = request.registry.settings setting = '%s_%s_principals' % (self.resource_name, self.required_permission) self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request): # Store some shortcuts. permission = request.registry.permission self._check_permission = permission.check_permission self._get_accessible_objects = permission.get_accessible_objects self.get_prefixed_principals = functools.partial( utils.prefixed_principals, request) # Store current resource and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, "viewset") and hasattr(service, "resource")) self._resource = None if is_on_resource: self.resource_name = request.current_resource_name self.on_plural_endpoint = getattr(service, "type", None) == "plural" # Check if this request targets an individual object. # Its existence will affect permissions checking (cf `_find_required_permission()`). # There are cases where the permission is not directly related to the HTTP method, # For example: # - with POST on plural endpoint, with an id supplied # - with PUT on an object, which can either be creation or update is_write_on_object = not self.on_plural_endpoint and request.method.lower( ) in ( "put", "delete", "patch", ) is_post_on_plural = self.on_plural_endpoint and request.method.lower( ) == "post" if is_write_on_object or is_post_on_plural: # We instantiate the resource to determine the object targeted by the request. self._resource = resource = service.resource(request=request, context=self) if resource.object_id is not None: # Skip POST on plural without id. try: # Save a reference, to avoid refetching from storage in resource. self.current_object = resource.model.get_object( resource.object_id) except storage_exceptions.ObjectNotFoundError: pass self.permission_object_id, self.required_permission = self._find_required_permission( request, service) # To obtain shared objects on a plural endpoint, use a match: self._object_id_match = self.get_permission_object_id(request, "*") self._settings = request.registry.settings
def __init__(self, request): # Store some shortcuts. permission = request.registry.permission self._check_permission = permission.check_permission self._get_accessible_objects = permission.get_accessible_objects self.get_prefixed_principals = functools.partial( utils.prefixed_principals, request) # Store current resource and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.resource_name = request.current_resource_name self.on_collection = getattr(service, "type", None) == "collection" self.permission_object_id, self.required_permission = ( self._find_required_permission(request, service)) # To obtain shared records on a collection endpoint, use a match: self._object_id_match = self.get_permission_object_id(request, '*') self._settings = request.registry.settings
def test_current_service_returns_none_for_unexisting_patterns(self): request = DummyRequest() request.matched_route.pattern = '/unexisting' request.registry.cornice_services = {} self.assertEqual(current_service(request), None)
def test_current_service_returns_the_service_for_existing_patterns(self): request = DummyRequest() request.matched_route.pattern = '/buckets' request.registry.cornice_services = {'/buckets': mock.sentinel.service} self.assertEqual(current_service(request), mock.sentinel.service)
def test_current_service_returns_none_for_unexisting_patterns(self): request = DummyRequest() request.matched_route.pattern = "/unexisting" request.registry.cornice_services = {} self.assertEqual(current_service(request), None)
def test_current_service_returns_the_service_for_existing_patterns(self): request = DummyRequest() request.matched_route.pattern = "/buckets" request.registry.cornice_services = {"/buckets": mock.sentinel.service} self.assertEqual(current_service(request), mock.sentinel.service)