def get_virtual_flag_from_url(request): """ import inspect print 'caller 1:', inspect.stack()[1] print 'caller 2:', inspect.stack()[2] print 'caller 3:', inspect.stack()[3] print 'caller 4:', inspect.stack()[4] print 'caller 5:', inspect.stack()[5] print 'caller 6:', inspect.stack()[6] print 'caller 7:', inspect.stack()[7] print 'caller 8:', inspect.stack()[8] print 'caller 9:', inspect.stack()[9] print 'caller 10:', inspect.stack()[10] print 'caller 11:', inspect.stack()[11] print 'caller 12:', inspect.stack()[12] """ ## retrieve the value of the virtual flag virtual = str(request.GET.get('virtual')) if virtual is None: raise ImmediateHttpResponse(response = http.HttpBadRequest(content='No "virtual" flag in request url')) try: virtual = str2bool(virtual) except ValueError: raise ImmediateHttpResponse(response = http.HttpBadRequest(content='"virtual" flag could not be parsed to a boolean')) return virtual
def is_authorized(self, request, object=None): from client.api import FeatureResource from coresql.models import Environment, Area from coresql.utils import str2bool if request.method.upper() == "GET": if hasattr(request, 'user') and not request.user.is_anonymous(): env_obj = None area_obj = None ''' try first to obtain info from the feature_obj itself if this is a detail request ''' feature_res_uri = request.path try: feature_obj = FeatureResource().get_via_uri(feature_res_uri, request=request) env_obj = feature_obj.environment area_obj = feature_obj.area except Exception: env_obj = None area_obj = None #print "FeatureAuthorization environment: ", env_obj #print "FeatureAuthorization area: ", area_obj if env_obj is None and area_obj is None: ''' if not, try to retrieve environment and area objects from request filters ''' if 'environment' in request.GET: try: env_obj = Environment.objects.get(pk=request.GET['environment']) except: env_obj = None if 'area' in request.GET: try: area_obj = Area.objects.get(pk=request.GET['area']) except: area_obj = None ''' We check if there is a virtual access flag set in the request. If the flag is not set, the default behavior is to assume physical check-in ''' if 'virtual' in request.GET: try: virtual = str2bool(request.GET['virtual']) if virtual and (area_obj or env_obj): ''' if the virtual flag is set to TRUE, then allow access, otherwise, check that the user is actually checked-in where he says he is ''' return True except ValueError: return False user_profile = request.user.get_profile() ## will be an instance of UserProfile => available context return is_checked_in(user_profile, env_obj, area_obj) return False
def is_authorized(self, request, object=None): from client.api import FeatureResource from coresql.models import Environment, Area from coresql.utils import str2bool if request.method.upper() == "GET": if hasattr(request, 'user') and not request.user.is_anonymous(): env_obj = None area_obj = None ''' try first to obtain info from the feature_obj itself if this is a detail request ''' feature_res_uri = request.path try: feature_obj = FeatureResource().get_via_uri( feature_res_uri, request=request) env_obj = feature_obj.environment area_obj = feature_obj.area except Exception: env_obj = None area_obj = None #print "FeatureAuthorization environment: ", env_obj #print "FeatureAuthorization area: ", area_obj if env_obj is None and area_obj is None: ''' if not, try to retrieve environment and area objects from request filters ''' if 'environment' in request.GET: try: env_obj = Environment.objects.get( pk=request.GET['environment']) except: env_obj = None if 'area' in request.GET: try: area_obj = Area.objects.get(pk=request.GET['area']) except: area_obj = None ''' We check if there is a virtual access flag set in the request. If the flag is not set, the default behavior is to assume physical check-in ''' if 'virtual' in request.GET: try: virtual = str2bool(request.GET['virtual']) if virtual and (area_obj or env_obj): ''' if the virtual flag is set to TRUE, then allow access, otherwise, check that the user is actually checked-in where he says he is ''' return True except ValueError: return False user_profile = request.user.get_profile( ) ## will be an instance of UserProfile => available context return is_checked_in(user_profile, env_obj, area_obj) return False
def get_virtual_flag_from_url(request): ## retrieve the value of the virtual flag virtual = str(request.GET.get('virtual')) if virtual is None: raise ImmediateHttpResponse(response = http.HttpBadRequest(content='No "virtual" flag in request url')) try: virtual = str2bool(virtual) except ValueError: raise ImmediateHttpResponse(response = http.HttpBadRequest(content='"virtual" flag could not be parsed to a boolean')) return virtual
def get_virtual_flag_from_url(request): ## retrieve the value of the virtual flag virtual = str(request.GET.get('virtual')) if virtual is None: raise ImmediateHttpResponse(response=http.HttpBadRequest( content='No "virtual" flag in request url')) try: virtual = str2bool(virtual) except ValueError: raise ImmediateHttpResponse(response=http.HttpBadRequest( content='"virtual" flag could not be parsed to a boolean')) return virtual
def is_authorized(self, request, object=None): from client.api import EnvironmentResource, AreaResource, AnnotationResource from coresql.models import Environment, Area from coresql.utils import str2bool if hasattr(request, 'user') and not request.user.is_anonymous(): env_obj = None area_obj = None if request.method.upper() == "GET": if 'environment' in request.GET: try: env_obj = Environment.objects.get( pk=request.GET['environment']) except: env_obj = None if 'area' in request.GET: try: area_obj = Area.objects.get(pk=request.GET['area']) except: area_obj = None ''' For GET requests we check if there is a virtual access flag set in the request. If the flag is not set, the default behavior is to assume physical check-in ''' if 'virtual' in request.GET: try: virtual = str2bool(request.GET['virtual']) if virtual and (area_obj or env_obj): ''' if the virtual flag is set to TRUE, then allow access, otherwise, check that the user is actually checked-in where he says he is ''' return True except ValueError: return False elif request.method.upper() == "POST": ''' for the rest of the methods check that the requesting user is actually checked in ''' serdes = Serializer() deserialized = None try: deserialized = serdes.deserialize(request.raw_post_data, format=request.META.get( 'CONTENT_TYPE', 'application/json')) except Exception: return False if deserialized is None: return False if 'environment' in deserialized: try: #env_pk = int(deserialized['env']) env_obj = EnvironmentResource().get_via_uri( deserialized['environment'], request=request) except: env_obj = None if 'area' in deserialized: try: #area_pk = int(deserialized['area']) area_obj = AreaResource().get_via_uri( deserialized['area'], request=request) except: area_obj = None elif request.method.upper() in ["DELETE", "PUT"]: ann_res_uri = request.path try: ann_obj = AnnotationResource().get_via_uri(ann_res_uri, request=request) env_obj = ann_obj.environment area_obj = ann_obj.area #print "[authorization] env_obj: ", env_obj #print "[authorization] area_obj: ", area_obj except Exception: #print "[authorization] exception in getting annotation resource for deletion: ", ex env_obj = None area_obj = None user_profile = request.user.get_profile( ) ## will be an instance of UserProfile => available context return is_checked_in(user_profile, env_obj, area_obj) return False
def is_authorized(self, request, object=None): from client.api import EnvironmentResource, AreaResource, AnnotationResource from coresql.models import Environment, Area from coresql.utils import str2bool if hasattr(request, 'user') and not request.user.is_anonymous(): env_obj = None area_obj = None if request.method.upper() == "GET": if 'environment' in request.GET: try: env_obj = Environment.objects.get(pk=request.GET['environment']) except: env_obj = None if 'area' in request.GET: try: area_obj = Area.objects.get(pk=request.GET['area']) except: area_obj = None ''' For GET requests we check if there is a virtual access flag set in the request. If the flag is not set, the default behavior is to assume physical check-in ''' if 'virtual' in request.GET: try: virtual = str2bool(request.GET['virtual']) if virtual and (area_obj or env_obj): ''' if the virtual flag is set to TRUE, then allow access, otherwise, check that the user is actually checked-in where he says he is ''' return True except ValueError: return False elif request.method.upper() == "POST": ''' for the rest of the methods check that the requesting user is actually checked in ''' serdes = Serializer() deserialized = None try: deserialized = serdes.deserialize(request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json')) except Exception: return False if deserialized is None: return False if 'environment' in deserialized: try: #env_pk = int(deserialized['env']) env_obj = EnvironmentResource().get_via_uri(deserialized['environment'], request=request) except: env_obj = None if 'area' in deserialized: try: #area_pk = int(deserialized['area']) area_obj = AreaResource().get_via_uri(deserialized['area'], request=request) except: area_obj = None elif request.method.upper() in ["DELETE", "PUT"]: ann_res_uri = request.path try: ann_obj = AnnotationResource().get_via_uri(ann_res_uri, request=request) env_obj = ann_obj.environment area_obj = ann_obj.area #print "[authorization] env_obj: ", env_obj #print "[authorization] area_obj: ", area_obj except Exception: #print "[authorization] exception in getting annotation resource for deletion: ", ex env_obj = None area_obj = None user_profile = request.user.get_profile() ## will be an instance of UserProfile => available context return is_checked_in(user_profile, env_obj, area_obj) return False