def package_relationship_create(context, data_dict):
user = context['user']
id = data_dict['subject']
id2 = data_dict['object']
# If we can update each package we can see the relationships
authorized1 = authz.is_authorized_boolean(
'package_update', context, {'id': id})
authorized2 = authz.is_authorized_boolean(
'package_update', context, {'id': id2})
if not (authorized1 and authorized2):
return {'success': False, 'msg': _('User %s not authorized to edit these packages') % user}
else:
return {'success': True}
def package_relationships_list(context, data_dict):
user = context.get("user")
id = data_dict["id"]
id2 = data_dict.get("id2")
# If we can see each package we can see the relationships
authorized1 = authz.is_authorized_boolean("package_show", context, {"id": id})
if id2:
authorized2 = authz.is_authorized_boolean("package_show", context, {"id": id2})
else:
authorized2 = True
if not (authorized1 and authorized2):
return {"success": False, "msg": _("User %s not authorized to read these packages") % user}
else:
return {"success": True}
def package_relationship_delete(context, data_dict):
user = context['user']
relationship = context['relationship']
# If you can create this relationship the you can also delete it
authorized = authz.is_authorized_boolean('package_relationship_create', context, data_dict)
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete relationship %s') % (user ,relationship.id)}
else:
return {'success': True}
def package_relationship_create(context, data_dict):
user = context['user']
id = data_dict['subject']
id2 = data_dict['object']
# If we can update each package we can see the relationships
authorized1 = authz.is_authorized_boolean('package_update', context,
{'id': id})
authorized2 = authz.is_authorized_boolean('package_update', context,
{'id': id2})
if not (authorized1 and authorized2):
return {
'success': False,
'msg': _('User %s not authorized to edit these packages') % user
}
else:
return {'success': True}
def package_relationships_list(context, data_dict):
user = context.get('user')
id = data_dict['id']
id2 = data_dict.get('id2')
# If we can see each package we can see the relationships
authorized1 = authz.is_authorized_boolean(
'package_show', context, {'id': id})
if id2:
authorized2 = authz.is_authorized_boolean(
'package_show', context, {'id': id2})
else:
authorized2 = True
if not (authorized1 and authorized2):
return {'success': False, 'msg': _('User %s not authorized to read these packages') % user}
else:
return {'success': True}
def package_relationship_delete(context, data_dict):
user = context['user']
relationship = context['relationship']
# If you can create this relationship the you can also delete it
authorized = authz.is_authorized_boolean('package_relationship_create', context, data_dict)
if not authorized:
return {'success': False, 'msg': _('User %s not authorized to delete relationship %s') % (user ,relationship.id)}
else:
return {'success': True}
def package_relationships_list(context, data_dict):
user = context.get('user')
id = data_dict['id']
id2 = data_dict.get('id2')
# If we can see each package we can see the relationships
authorized1 = authz.is_authorized_boolean(
'package_show', context, {'id': id})
if id2:
authorized2 = authz.is_authorized_boolean(
'package_show', context, {'id': id2})
else:
authorized2 = True
if not (authorized1 and authorized2):
return {'success': False, 'msg': _('User %s not authorized to read these packages') % user}
else:
return {'success': True}
def test_auth_deleted_users_are_always_unauthorized():
always_success = lambda x, y: {"success": True}
authz._AuthFunctions._build()
authz._AuthFunctions._functions["always_success"] = always_success
username = "******"
user_obj = factories.User()
username = user_obj["name"]
user = model.User.get(username)
user.delete()
assert not authz.is_authorized_boolean("always_success",
{"user": username})
del authz._AuthFunctions._functions["always_success"]
def test_auth_deleted_users_are_always_unauthorized(self):
always_success = lambda x,y: {'success': True}
authz._AuthFunctions._build()
authz._AuthFunctions._functions['always_success'] = always_success
# We can't reuse the username with the other tests because we can't
# rebuild_db(), because in the setup_class we get the sysadmin. If we
# rebuild the DB, we would delete the sysadmin as well.
username = '******'
self.create_user(username)
user = model.User.get(username)
user.delete()
assert not authz.is_authorized_boolean('always_success', {'user': username})
del authz._AuthFunctions._functions['always_success']
def package_relationship_delete(context, data_dict):
user = context["user"]
relationship = context["relationship"]
# If you can create this relationship the you can also delete it
authorized = authz.is_authorized_boolean("package_relationship_create", context, data_dict)
if not authorized:
return {
"success": False,
"msg": _("User %s not authorized to delete relationship %s") % (user, relationship.id),
}
else:
return {"success": True}
def setup_template_variables(self, context, data_dict):
# resource_view_dict = data_dict.get('resource_view')
resource_dict = data_dict.get('resource')
# start_edit_mode = 'true' if self.__is_allowed_to_edit(resource_dict) and \
# not self.__is_hxl_preview_config_saved(resource_view_dict) else 'false'
has_modify_permission = authz.is_authorized_boolean('package_update', context, {'id': resource_dict.get('package_id')})
return {
'hxl_preview_full_url': get.hxl_preview_iframe_url_show({
'has_modify_permission': has_modify_permission
}, data_dict)
}
def test_auth_deleted_users_are_always_unauthorized(self):
always_success = lambda x,y: {'success': True}
authz._AuthFunctions._build()
authz._AuthFunctions._functions['always_success'] = always_success
# We can't reuse the username with the other tests because we can't
# rebuild_db(), because in the setup_class we get the sysadmin. If we
# rebuild the DB, we would delete the sysadmin as well.
username = '******'
self.create_user(username)
user = model.User.get(username)
user.delete()
assert not authz.is_authorized_boolean('always_success', {'user': username})
del authz._AuthFunctions._functions['always_success']
def test_auth_deleted_users_are_always_unauthorized(self):
def always_success(x, y):
return {"success": True}
authz._AuthFunctions._build()
authz._AuthFunctions._functions["always_success"] = always_success
username = "******"
user = factories.User()
username = user["name"]
user = model.User.get(username)
user.delete()
assert not authz.is_authorized_boolean(
"always_success", {"user": username}
)
del authz._AuthFunctions._functions["always_success"]
def group_change_state(context, data_dict):
user = context['user']
group = logic_auth.get_group_object(context, data_dict)
# use logic for group_update
authorized = authz.is_authorized_boolean('group_update',
context,
data_dict)
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to change state of group %s') %
(str(user), group.id)
}
else:
return {'success': True}
def package_change_state(context, data_dict):
user = context['user']
package = logic_auth.get_package_object(context, data_dict)
# use the logic for package_update
authorized = authz.is_authorized_boolean('package_update',
context,
data_dict)
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to change state of package %s') %
(str(user), package.id)
}
else:
return {'success': True}
def group_change_state(context, data_dict):
user = context['user']
group = logic_auth.get_group_object(context, data_dict)
# use logic for group_update
authorized = authz.is_authorized_boolean('group_update',
context,
data_dict)
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to change state of group %s') %
(str(user), group.id)
}
else:
return {'success': True}
def package_change_state(context, data_dict):
user = context['user']
package = logic_auth.get_package_object(context, data_dict)
# use the logic for package_update
authorized = authz.is_authorized_boolean('package_update',
context,
data_dict)
if not authorized:
return {
'success': False,
'msg': _('User %s not authorized to change state of package %s') %
(str(user), package.id)
}
else:
return {'success': True}
def package_relationship_delete(context, data_dict):
user = context.get('user')
relationship = context['relationship']
# If you can create this relationship the you can also delete it
authorized = authz.is_authorized_boolean('package_relationship_create',
context, data_dict)
if not authorized:
return {
'success':
False,
'msg':
_(f'User {user} not authorized to delete relationship {relationship.id}'
)
}
else:
return {'success': True}
