def match_realms(request_realms, allowed_realms): """ Check if all requested realms are also allowed realms and that all allowed realms exist and return a filtered list with only the matched realms. In case of '*' in reques_realms, return all allowed realms including /:no realm:/ :param allowed_realms: list of realms from request (without '*') :param request_realms: list of allowed realms according to policies :return: list of realms which were in both lists """ all_realms = list(getRealms().keys()) all_allowed_realms = set() for realm in allowed_realms: if realm in all_realms: all_allowed_realms.add(realm) else: log.info('Policy allowed a realm that does not exist: %r', realm) realms = [] _ = context['translate'] if not request_realms or request_realms == ['']: realms = list(all_allowed_realms) # support for empty realms or no realms by realm = * elif '*' in request_realms: realms = list(all_allowed_realms) realms.append('/:no realm:/') # other cases, we iterate through the realm list elif len(request_realms) > 0 and not (request_realms == ['']): invalid_realms = [] for search_realm in request_realms: search_realm = search_realm.strip() if search_realm in all_allowed_realms: realms.append(search_realm) elif search_realm == '/:no realm:/': realms.append(search_realm) else: invalid_realms.append(search_realm) if not realms and invalid_realms: from linotp.lib.policy import PolicyException raise PolicyException(_('You do not have the rights to see these ' 'realms: %r. Check the policies!') % invalid_realms) return realms
def tokens(self): """ method: monitoring/tokens description: displays the number of the available tokens per realm arguments: * status - optional: takes assigned or unassigned, give the number of tokens with this characteristic * realms - optional: takes a realm, only the number of tokens in this realm will be displayed returns: a json result with: { "head": [], "data": [ [row1], [row2] .. ] } exception: if an error occurs an exception is serialized and returned """ result = {} try: param = request.params status = param.get('status') # do NOT initialize status with '' if status: status = status.split(',') request_realms = param.get('realms', '').split(',') monit_handler = MonitorHandler(context=self.request_context) realm_whitelist = monit_handler.get_allowed_realms() # by default we show all allowed realms realms = realm_whitelist # support for empty realms or no realms by realm = * if '*' in request_realms: realms = realm_whitelist realms.append('/:no realm:/') # other cases, we iterate through the realm list elif len(request_realms) > 0 and not (request_realms == ['']): realms = [] invalid_realms = [] for search_realm in request_realms: search_realm = search_realm.strip() if search_realm in realm_whitelist: realms.append(search_realm) elif search_realm == '/:no realm:/': realms.append(search_realm) else: invalid_realms.append(search_realm) if not realms and invalid_realms: raise PolicyException( _('You do not have the rights to ' 'monitor these realms: %r. ' 'Check the policies!') % invalid_realms) # if there was realm or no argument given: totals = {} realm_info = {} for a_realm in realms: realm_dict = {} token_count = monit_handler.token_per_realm_count( a_realm, status) for key in token_count.keys(): realm_dict[key] = token_count[key] totals[key] = totals.get(key, 0) + token_count[key] realm_info[a_realm] = realm_dict result[_('Summary')] = totals result[_('Realms')] = realm_info Session.commit() return sendResult(response, result) except PolicyException as policy_exception: log.exception(policy_exception) Session.rollback() return sendError(response, unicode(policy_exception), 1) except Exception as exc: log.exception(exc) Session.rollback() return sendError(response, exc) finally: Session.close() log.debug('[tokens] done')