def package_relationship_create(context, data_dict): user = context['user'] id = data_dict['subject'] id2 = data_dict['object'] # If we can update each package we can see the relationships authorized1 = authz.is_authorized_boolean( 'package_update', context, {'id': id}) authorized2 = authz.is_authorized_boolean( 'package_update', context, {'id': id2}) if not (authorized1 and authorized2): return {'success': False, 'msg': _('User %s not authorized to edit these packages') % user} else: return {'success': True}
def package_relationships_list(context, data_dict): user = context.get("user") id = data_dict["id"] id2 = data_dict.get("id2") # If we can see each package we can see the relationships authorized1 = authz.is_authorized_boolean("package_show", context, {"id": id}) if id2: authorized2 = authz.is_authorized_boolean("package_show", context, {"id": id2}) else: authorized2 = True if not (authorized1 and authorized2): return {"success": False, "msg": _("User %s not authorized to read these packages") % user} else: return {"success": True}
def package_relationship_delete(context, data_dict): user = context['user'] relationship = context['relationship'] # If you can create this relationship the you can also delete it authorized = authz.is_authorized_boolean('package_relationship_create', context, data_dict) if not authorized: return {'success': False, 'msg': _('User %s not authorized to delete relationship %s') % (user ,relationship.id)} else: return {'success': True}
def package_relationship_create(context, data_dict): user = context['user'] id = data_dict['subject'] id2 = data_dict['object'] # If we can update each package we can see the relationships authorized1 = authz.is_authorized_boolean('package_update', context, {'id': id}) authorized2 = authz.is_authorized_boolean('package_update', context, {'id': id2}) if not (authorized1 and authorized2): return { 'success': False, 'msg': _('User %s not authorized to edit these packages') % user } else: return {'success': True}
def package_relationships_list(context, data_dict): user = context.get('user') id = data_dict['id'] id2 = data_dict.get('id2') # If we can see each package we can see the relationships authorized1 = authz.is_authorized_boolean( 'package_show', context, {'id': id}) if id2: authorized2 = authz.is_authorized_boolean( 'package_show', context, {'id': id2}) else: authorized2 = True if not (authorized1 and authorized2): return {'success': False, 'msg': _('User %s not authorized to read these packages') % user} else: return {'success': True}
def test_auth_deleted_users_are_always_unauthorized(): always_success = lambda x, y: {"success": True} authz._AuthFunctions._build() authz._AuthFunctions._functions["always_success"] = always_success username = "******" user_obj = factories.User() username = user_obj["name"] user = model.User.get(username) user.delete() assert not authz.is_authorized_boolean("always_success", {"user": username}) del authz._AuthFunctions._functions["always_success"]
def test_auth_deleted_users_are_always_unauthorized(self): always_success = lambda x,y: {'success': True} authz._AuthFunctions._build() authz._AuthFunctions._functions['always_success'] = always_success # We can't reuse the username with the other tests because we can't # rebuild_db(), because in the setup_class we get the sysadmin. If we # rebuild the DB, we would delete the sysadmin as well. username = '******' self.create_user(username) user = model.User.get(username) user.delete() assert not authz.is_authorized_boolean('always_success', {'user': username}) del authz._AuthFunctions._functions['always_success']
def package_relationship_delete(context, data_dict): user = context["user"] relationship = context["relationship"] # If you can create this relationship the you can also delete it authorized = authz.is_authorized_boolean("package_relationship_create", context, data_dict) if not authorized: return { "success": False, "msg": _("User %s not authorized to delete relationship %s") % (user, relationship.id), } else: return {"success": True}
def setup_template_variables(self, context, data_dict): # resource_view_dict = data_dict.get('resource_view') resource_dict = data_dict.get('resource') # start_edit_mode = 'true' if self.__is_allowed_to_edit(resource_dict) and \ # not self.__is_hxl_preview_config_saved(resource_view_dict) else 'false' has_modify_permission = authz.is_authorized_boolean('package_update', context, {'id': resource_dict.get('package_id')}) return { 'hxl_preview_full_url': get.hxl_preview_iframe_url_show({ 'has_modify_permission': has_modify_permission }, data_dict) }
def test_auth_deleted_users_are_always_unauthorized(self): def always_success(x, y): return {"success": True} authz._AuthFunctions._build() authz._AuthFunctions._functions["always_success"] = always_success username = "******" user = factories.User() username = user["name"] user = model.User.get(username) user.delete() assert not authz.is_authorized_boolean( "always_success", {"user": username} ) del authz._AuthFunctions._functions["always_success"]
def group_change_state(context, data_dict): user = context['user'] group = logic_auth.get_group_object(context, data_dict) # use logic for group_update authorized = authz.is_authorized_boolean('group_update', context, data_dict) if not authorized: return { 'success': False, 'msg': _('User %s not authorized to change state of group %s') % (str(user), group.id) } else: return {'success': True}
def package_change_state(context, data_dict): user = context['user'] package = logic_auth.get_package_object(context, data_dict) # use the logic for package_update authorized = authz.is_authorized_boolean('package_update', context, data_dict) if not authorized: return { 'success': False, 'msg': _('User %s not authorized to change state of package %s') % (str(user), package.id) } else: return {'success': True}
def package_relationship_delete(context, data_dict): user = context.get('user') relationship = context['relationship'] # If you can create this relationship the you can also delete it authorized = authz.is_authorized_boolean('package_relationship_create', context, data_dict) if not authorized: return { 'success': False, 'msg': _(f'User {user} not authorized to delete relationship {relationship.id}' ) } else: return {'success': True}