def test_to_tokens_m(self):
result = appier.to_tokens_m(["admin"])
self.assertEqual(result, {"admin" : True})
result = appier.to_tokens_m(["admin", "admin.read"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"read" : True
}
})
result = appier.to_tokens_m(["admin.read", "admin"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"read" : True
}
})
result = appier.to_tokens_m(["admin", "admin.*"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"*" : True
}
})
def test_to_tokens_m(self):
result = appier.to_tokens_m(["admin"])
self.assertEqual(result, {"admin" : True})
result = appier.to_tokens_m(["admin", "admin.read"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"read" : True
}
})
result = appier.to_tokens_m(["admin.read", "admin"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"read" : True
}
})
result = appier.to_tokens_m(["admin", "admin.*"])
self.assertEqual(result, {
"admin" : {
"_" : True,
"*" : True
}
})
def _filter_scope_g(cls, scope, account = None, owner = None):
"""
Filters the provided sequence of tokens for the scope, so
that only the ones allowed for the requested account are used.
This avoid security issues like someone requesting values
for a token that is for which the user is not allowed.
:type scope: List
:param scope: The list of tokens to be filtered.
:type account: Account
:param account: The account that is going to be used for the
filtering of the values, in case none is provided the current
account in session is used.
:rtype: List
:return: The resulting filtering list containing only the
tokens for which the provided account is capable.
"""
# defaults the provided owner value to the global registered
# app to be used if required for account defaulting
owner = owner or appier.get_app()
# builds the list that is going to be used to store the
# result of the scope filtering (ACL verification)
result = []
# retrieves the complete set of tokens from the account
# and then converts them into the map version of them
account = account or owner.admin_part.account_c.from_session()
tokens = account.tokens()
tokens_m = appier.to_tokens_m(tokens)
# iterates over each token of the scope to validate it
# according to the ACL of the associated account
for token in scope:
valid = appier.check_token(None, token, tokens_m = tokens_m)
if not valid: continue
result.append(token)
# returns the final result that contains only the scope
# tokens for which the account is entitle to register
return result
def _filter_scope_g(cls, scope, account = None, owner = None):
"""
Filters the provided sequence of tokens for the scope, so
that only the ones allowed for the requested account are used.
This avoid security issues like someone requesting values
for a token that is for which the user is not allowed.
:type scope: List
:param scope: The list of tokens to be filtered.
:type account: Account
:param account: The account that is going to be used for the
filtering of the values, in case none is provided the current
account in session is used.
:rtype: List
:return: The resulting filtering list containing only the
tokens for which the provided account is capable.
"""
# defaults the provided owner value to the global registered
# app to be used if required for account defaulting
owner = owner or appier.get_app()
# builds the list that is going to be used to store the
# result of the scope filtering (ACL verification)
result = []
# retrieves the complete set of tokens from the account
# and then converts them into the map version of them
account = account or owner.admin_part.account_c.from_session()
tokens = account.tokens()
tokens_m = appier.to_tokens_m(tokens)
# iterates over each token of the scope to validate it
# according to the ACL of the associated account
for token in scope:
valid = appier.check_token(None, token, tokens_m = tokens_m)
if not valid: continue
result.append(token)
# returns the final result that contains only the scope
# tokens for which the account is entitle to register
return result