def user_preprocessor_get_single(instance_id=None, **kw): """Create an User specific GET_SINGLE preprocessor. Accepts a single argument, `instance_id`, the primary key of the instance of the model to get. """ logger.info('`user_preprocessor_get_single` responded to request') if request.args.get('access_token', '') or \ request.headers.get('Authorization'): authorization = verify_authorization() if check_roles('generic', authorization.roles): logger.warning('User %d %s access failed User GET_SINGLE' % (authorization.id, 'grantee')) logger.warning('generic role unauthorized to access ' 'User GET_SINGLE') pass else: logger.info('User %d accessed User GET_SINGLE with no' 'role' % (authorization.id)) abort(403) else: logger.info('Anonymous user attempted to access User' 'GET_SINGLE') abort(403)
def user_preprocessor_get_many(search_params=None, **kw): """Create an User specific GET_MANY preprocessor. Accepts a single argument, `search_params`, which is a dictionary containing the search parameters for the request. """ logger.info('`user_preprocessor_get_many` responded to request') if request.args.get('access_token', '') or \ request.headers.get('Authorization'): authorization = verify_authorization() if check_roles('generic', authorization.roles): logger.warning('User %d %s access failed User GET_MANY' % (authorization.id, 'generic')) logger.warning('generic role unauthorized to access ' 'User GET_MANY') pass else: logger.info('User %d accessed User GET_MANY with no role' % (authorization.id)) abort(403) else: logger.info('Anonymous user attempted to access User GET_MANY') abort(403)
def user_preprocessor_delete_single(instance_id=None, **kw): """Create an User specific DELETE_SINGLE preprocessor. Accepts a single argument, `instance_id`, which is the primary key of the instance which will be deleted. """ logger.info('`user_preprocessor_delete_single` used for endpoint') if request.args.get('access_token', '') or \ request.headers.get('Authorization'): authorization = verify_authorization() if check_roles('generic', authorization.roles) and\ not check_roles('admin', authorization.roles): logger.warning('User %d %s access failed User ' 'DELETE_SINGLE' % (authorization.id, 'generic')) logger.warning('generic role unauthorized to access ' 'User DELETE_SINGLE') abort(401) elif check_roles('admin', authorization.roles): pass else: logger.info('User %d accessed User DELETE_SINGLE with ' 'no role' % (authorization.id)) abort(403) else: logger.info('Anonymous user attempted to access User ' 'DELETE_SINGLE') abort(403)
def user_preprocessor_post(data=None, **kw): """Create an User specific POST preprocessor. Accepts a single argument, `data`, which is the dictionary of fields to set on the new instance of the model. """ logger.info('`user_preprocessor_post` used for endpoint') if request.args.get('access_token', '') or \ request.headers.get('Authorization'): authorization = verify_authorization() if check_roles('generic', authorization.roles) and \ not check_roles('admin', authorization.roles): logger.warning('User %d %s access failed User POST' % (authorization.id, 'generic')) logger.warning('generic role unauthorized to access ' 'User POST') abort(401) elif check_roles('admin', authorization.roles): logger.info('User %d accessed User POST as %s' % (authorization.id, 'admin')) pass else: logger.info('User %d accessed User POST with no role' % (authorization.id)) abort(403) else: logger.info('Anonymous user attempted to access User POST') abort(403)
def user_preprocessor_update_many(search_params=None, **kw): """Create an User specific PATCH_MANY and PATCH_SINGLE preprocessor. Accepts two arguments: `search_params`, which is a dictionary containing the search parameters for the request, and `data`, which is a dictionary representing the fields to change on the matching instances and the values to which they will be set. """ logger.info('`user_preprocessor_update_many` used for endpoint') if request.args.get('access_token', '') or \ request.headers.get('Authorization'): authorization = verify_authorization() if check_roles('generic', authorization.roles): logger.warning('User %d %s access failed User ' 'UPDATE_MANY' % (authorization.id, 'generic')) logger.warning('generic role unauthorized to access ' 'User UPDATE_MANY') abort(401) else: logger.info('User %d accessed User UPDATE_MANY ' 'with no role' % (authorization.id)) abort(403) else: logger.info('Anonymous user attempted to access User' 'UPDATE_MANY') abort(403)
def verify_roles(user_object, role_required): """Verify the user has a required system role. :param object user_object: The user object to check for roles :param string role_required: The role that is required to access resource """ if not check_roles(role_required, user_object.roles): logger.warning('User %d attempted to access a protected resource ' 'without the appropriate %s role' % (user_object.id, role_required)) abort(403)
def verify_authorization(oauth_request, **kw): """Verify user has appropriate clearances to access data. :param object oauth_request: User object submitted through OAuth handlers :return object user: Return the user object or abort """ if oauth_request.user: logger.info('User %d requesting system authorization' % oauth_request.user.id) if not oauth_request.user.active: logger.warning('User %d is inactive and is requesting access to' 'system resources.' % (oauth_request.user.id)) abort(401) return oauth_request.user # # @todo add ip address, access token used, and any other information that # would be used in blocking or singling out offending user accounts # logger.warning('An invalid access_token was submitted') abort(403)