def _authorize(self, user_name, resource_type, resource_owner, action_name): qualified_action = '%s:%s' % (resource_type, action_name) identity = {'user': user_name, 'groups': self._get_groups(user_name)} resource = {'type': resource_type, 'owner': resource_owner} action = {'name': qualified_action} if not self._authorizer.authorize(identity, resource, action): raise Forbidden('User "%s" does not have authorization for "%s"' % (user_name, qualified_action))
def _get_groups(self, user): groups = [] if user: try: groups = [ g.gr_name for g in grp.getgrall() if user in g.gr_mem ] gid = pwd.getpwnam(user).pw_gid groups.append(grp.getgrgid(gid).gr_name) except: raise Forbidden('Failed to find details for user "%s"' % user) return groups