def protected_grantUri(self, uri, uid): """Returns a key for the capability ('ruleset.uri', uri). This can be used to delegate control of a particular URI's ruleset- an administrator would call this function to retrieve a key for a particular URI, then hand that to someone else who would only have the ability to edit that URI. """ return Security.User(int(uid)).grant(('ruleset.uri', str(uri)))
def rpcWrapper(*args): import Security result = defer.Deferred() # First argument is the key try: key = args[0] args = args[1:] except IndexError: raise TypeError( "This is a protected function, the first argument must be a capability key" ) # Look up the capabilities list caps = getattr(interface, "caps_%s" % path[-1], None) if not caps: caps = self.makeDefaultCaps(path) if callable(caps): caps = caps(path, *args) # A callback invoked when our key is successfully validated def keyValidated(unimportant): d = defer.maybeDeferred(f, *args) d.addBoth(Security.logProtectedCall, path, args, user) d.chainDeferred(result) def keyError(failure): Security.logProtectedCall(failure, path, args, user, allowed=False) result.errback(failure) # Check the capabilities asynchronously (requires a database query) user = Security.User(key=str(key)) d = user.require(*caps) d.addCallback(keyValidated) d.addErrback(keyError) return result