Exemple #1
0
    def permits(self, context, principals, permission):
        if not permission or permission == NO_PERMISSION_REQUIRED:
            return True
        if permission == NOT_ALLOWED:
            return ACLDenied('<NOT ALLOWED permission>', None, permission,
                             principals, context)

        if SUPERUSER_URI in principals or \
           auth_service.get_effective_userid() == SUPERUSER_URI:
            return ACLAllowed('Superuser', None, permission, principals,
                              context)

        return super(PtahAuthorizationPolicy,
                     self).permits(context, principals, permission)
Exemple #2
0
    def permits(self, context, principals, permission):
        if not permission or permission == NO_PERMISSION_REQUIRED:
            return True
        if permission == NOT_ALLOWED:
            return ACLDenied(
                '<NOT ALLOWED permission>',
                None, permission, principals, context)

        if SUPERUSER_URI in principals or \
           auth_service.get_effective_userid() == SUPERUSER_URI:
            return ACLAllowed(
                'Superuser', None, permission, principals, context)

        return super(PtahAuthorizationPolicy, self).permits(
            context, principals, permission)
Exemple #3
0
def check_permission(permission, context, request=None, throw=False):
    """ Check `permission` withing `context`.

    :param permission: Permission
    :type permission: (Permission or sting)
    :param context: Context object
    :param throw: Throw HTTPForbidden exception.
    """

    if not permission or permission == NO_PERMISSION_REQUIRED:
        return True
    if permission == NOT_ALLOWED:
        if throw:
            raise HTTPForbidden()
        return False

    userid = auth_service.get_effective_userid()
    if userid == SUPERUSER_URI:
        return True

    AUTHZ = get_current_registry().getUtility(IAuthorizationPolicy)

    principals = [Everyone.id]

    if userid is not None:
        principals.extend((Authenticated.id, userid))

        roles = get_local_roles(userid, context=context)
        if roles:
            principals.extend(roles)

    res = AUTHZ.permits(context, principals, permission)

    if isinstance(res, ACLDenied):
        if throw:
            raise HTTPForbidden(res)

        return False
    return True
Exemple #4
0
def check_permission(permission, context, request=None, throw=False):
    """ Check `permission` withing `context`.

    :param permission: Permission
    :type permission: (Permission or sting)
    :param context: Context object
    :param throw: Throw HTTPForbidden exception.
    """

    if not permission or permission == NO_PERMISSION_REQUIRED:
        return True
    if permission == NOT_ALLOWED:
        if throw:
            raise HTTPForbidden()
        return False

    userid = auth_service.get_effective_userid()
    if userid == SUPERUSER_URI:
        return True

    AUTHZ = get_current_registry().getUtility(IAuthorizationPolicy)

    principals = [Everyone.id]

    if userid is not None:
        principals.extend((Authenticated.id, userid))

        roles = get_local_roles(userid, context=context)
        if roles:
            principals.extend(roles)

    res = AUTHZ.permits(context, principals, permission)

    if isinstance(res, ACLDenied):
        if throw:
            raise HTTPForbidden(res)

        return False
    return True