def __reginit__(self): self.authenticated = False self.authorized = False self.clientdb = ClientDB() self.acldb = ACLDB() # this one is to do operation on sites from the console # or the command line self._sitedb = SiteDB() self.tags = ACLTags()
def rq_reload_acl_rules(self, id, *args): u""" Reloads system ACLs database to cache """ ACLDB().reload_rules() return _(u"ACL Rules reloaded.")
def authorize(self, user_site, client, need_login=False): if not isinstance(user_site, SiteInfo): if not self.exists(user_site): return False user, site = self.split_user_site(user_site) siteinfo = SiteInfo(user, site) else: siteinfo = user_site if not siteinfo.loaded: return False if not ACLDB().check(acl='authorize', client=client.get_tags(), site=siteinfo.get_tags()): return False self.siteinfo = siteinfo if need_login and siteinfo.login is None: self.select_login() return True
def authenticate(self, username, auth_tokens, **tokens): """ Authenticate the client connecting as C{username} with C{**tokens}. If authentication is successful, set the attribute C{clientinfo} as an instance of L{ClientInfo}. This only controls the connection from the client to the proxy. @param username: the username @type username: str @param **tokens: the authentication tokens (password, key, ...) @type **tokens: dict @return: True if authenticated, False otherwise. @rtype: bool """ clientinfo = ClientInfo(username, **tokens) if not ACLDB().check(acl='authenticate', client=clientinfo.get_tags()): return False if clientinfo.authenticate(**auth_tokens): self.clientinfo = clientinfo return True else: return False
class Backend(Registry): _class_id = 'Backend' def __reginit__(self): self.authenticated = False self.authorized = False self.clientdb = ClientDB() self.acldb = ACLDB() # this one is to do operation on sites from the console # or the command line self._sitedb = SiteDB() self.tags = ACLTags() def authenticate(self, username, auth_tokens, **tokens): if self.clientdb.authenticate(username, auth_tokens, **tokens): self.authenticated = True else: self.authenticated = False return self.authenticated def authorize(self, user_site, need_login=False): sitedb = SiteDB() if sitedb.authorize(user_site, self.clientdb, need_login): self.authorized = True self.sitedb = sitedb else: self.authorized = False return self.authorized def is_admin(self): return self.acldb.check(acl='admin', client=self.clientdb.get_tags()) def get_client(self, username=None, **kw): return self.clientdb.get_user_info(username=username, **kw) def get_client_tags(self): return self.clientdb.get_tags() def get_site_tags(self): return self.sitedb.get_tags() def get_site(self, user_site=None): return SiteDB().get_site(user_site) def list_site_users(self, **tokens): sitedb = SiteDB() return sitedb.list_site_users(**tokens) def list_allowed_sites(self): sites = self.list_site_users() allowed_sites = [] for site in sites: if self.authorize(site): allowed_sites.append(site) return allowed_sites def list_clients(self, **kw): return self.clientdb.list_clients(**kw) def add_client(self, username, **tokens): return ClientDB().add_client(username, **tokens) def add_client_pubkey(self, username, pubkey, number): if username: client = ClientDB() else: client = self.clientdb return client.add_pubkey(username, pubkey, number) def del_client(self, username, **tokens): return ClientDB().del_client(username, **tokens) def tag_client(self, username, **tokens): return ClientDB().tag_client(username, **tokens) def client_exists(self, username, **tokens): return ClientDB().exists(username, **tokens) def add_site(self, sitename, **tokens): return self._sitedb.add_site(sitename, **tokens) def del_site(self, sitename, **tokens): return self._sitedb.del_site(sitename, **tokens) def tag_site(self, sitename, **tokens): return self._sitedb.tag_site(sitename, **tokens) def site_exists(self, sitename, **tokens): return self._sitedb.exists(sitename, **tokens) def list_aclrules(self, name=None): return self.acldb.list_rules(name) def add_aclrule(self, name, rule, index=None): return self.acldb.add_rule(name, rule, index) def set_aclrule(self, name, rule, index): return self.acldb.set_rule(name, rule, index) def del_aclrule(self, name, index): return self.acldb.del_rule(name, index)
def func_reload_acl_rules(self, *args): ACLDB().reload_rules() return True
def func_check_acl(self, _chan, *args, **kw): if not len(args): return False namespaces = self.namespaces[_chan] return ACLDB().check(acl=args[0], **namespaces)