def __init__(self, request):
# Store some shortcuts.
permission = request.registry.permission
self._check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request)
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_collection = getattr(service, "type", None) == "collection"
# Try to fetch the target object. Its existence will affect permissions checking.
if not self.on_collection and request.method.lower() in ("put", "delete", "patch"):
resource = service.resource(request=request, context=self)
try:
# Save a reference, to avoid refetching from storage in resource.
self.current_record = resource.model.get_record(resource.record_id)
except storage_exceptions.RecordNotFoundError:
pass
self.permission_object_id, self.required_permission = (
self._find_required_permission(request, service))
# To obtain shared records on a collection endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, '*')
self._settings = request.registry.settings
def __init__(self, request):
# Make it available for the authorization policy.
self.get_prefixed_userid = functools.partial(prefixed_userid, request)
# Store some shortcuts.
permission = request.registry.permission
self.check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and hasattr(service, 'viewset')
and hasattr(service, 'resource'))
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id, self.required_permission = (
self._find_required_permission(request, service))
# To obtain shared records on a collection endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, '*')
# Check if principals are allowed explicitly from settings.
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request):
# Make it available for the authorization policy.
self.get_prefixed_userid = functools.partial(prefixed_userid, request)
# Store some shortcuts.
permission = request.registry.permission
self.check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id, self.required_permission = (
self._find_required_permission(request, service))
# To obtain shared records on a collection endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, '*')
# Check if principals are allowed explicitly from settings.
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request):
# Store some shortcuts.
permission = request.registry.permission
self._check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
self.get_prefixed_principals = functools.partial(utils.prefixed_principals, request)
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_collection = getattr(service, 'type', None) == 'collection'
# Try to fetch the target object. Its existence will affect permissions checking.
if not self.on_collection and request.method.lower() in ('put', 'delete', 'patch'):
resource = service.resource(request=request, context=self)
try:
# Save a reference, to avoid refetching from storage in resource.
self.current_record = resource.model.get_record(resource.record_id)
except storage_exceptions.RecordNotFoundError:
pass
self.permission_object_id, self.required_permission = (
self._find_required_permission(request, service))
# To obtain shared records on a collection endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, '*')
self._settings = request.registry.settings
def __init__(self, request):
# Make it available for the authorization policy.
self.get_prefixed_userid = functools.partial(prefixed_userid, request)
self._check_permission = request.registry.permission.check_permission
# Partial collections of ShareableResource:
self.shared_ids = None
# Store service, resource, record and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if is_on_resource:
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id = self.get_permission_object_id(request)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, use its collection to catch an
# eventual NotFound.
resource = service.resource(request=request, context=self)
try:
record = resource.model.get_record(resource.record_id)
self.current_record = record
except storage_exceptions.RecordNotFoundError:
self.permission_object_id = service.collection_path.format(
**request.matchdict)
self.required_permission = "create"
else:
self.required_permission = "write"
else:
method = request.method.lower()
self.required_permission = self.method_permissions.get(method)
self.resource_name = request.current_resource_name
if self.on_collection:
object_id_match = self.get_permission_object_id(request, '*')
self.get_shared_ids = functools.partial(
request.registry.permission.get_accessible_objects,
object_id_match=object_id_match)
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request):
# Make it available for the authorization policy.
self.get_prefixed_userid = functools.partial(prefixed_userid, request)
self._check_permission = request.registry.permission.check_permission
# Partial collections of ShareableResource:
self.shared_ids = None
# Store service, resource, record and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and hasattr(service, 'viewset')
and hasattr(service, 'resource'))
if is_on_resource:
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id = self.get_permission_object_id(request)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, use its collection to catch an
# eventual NotFound.
resource = service.resource(request=request, context=self)
try:
record = resource.model.get_record(resource.record_id)
self.current_record = record
except storage_exceptions.RecordNotFoundError:
self.permission_object_id = service.collection_path.format(
**request.matchdict)
self.required_permission = "create"
else:
self.required_permission = "write"
else:
method = request.method.lower()
self.required_permission = self.method_permissions.get(method)
self.resource_name = request.current_resource_name
if self.on_collection:
object_id_match = self.get_permission_object_id(request, '*')
self.get_shared_ids = functools.partial(
request.registry.permission.get_accessible_objects,
object_id_match=object_id_match)
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request):
# Store some shortcuts.
permission = request.registry.permission
self._check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
self.get_prefixed_principals = functools.partial(
utils.prefixed_principals, request)
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and hasattr(service, "viewset")
and hasattr(service, "resource"))
self._resource = None
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_plural_endpoint = getattr(service, "type",
None) == "plural"
# Check if this request targets an individual object.
# Its existence will affect permissions checking (cf `_find_required_permission()`).
# There are cases where the permission is not directly related to the HTTP method,
# For example:
# - with POST on plural endpoint, with an id supplied
# - with PUT on an object, which can either be creation or update
is_write_on_object = not self.on_plural_endpoint and request.method.lower(
) in (
"put",
"delete",
"patch",
)
is_post_on_plural = self.on_plural_endpoint and request.method.lower(
) == "post"
if is_write_on_object or is_post_on_plural:
# We instantiate the resource to determine the object targeted by the request.
self._resource = resource = service.resource(request=request,
context=self)
if resource.object_id is not None: # Skip POST on plural without id.
try:
# Save a reference, to avoid refetching from storage in resource.
self.current_object = resource.model.get_object(
resource.object_id)
except storage_exceptions.ObjectNotFoundError:
pass
self.permission_object_id, self.required_permission = self._find_required_permission(
request, service)
# To obtain shared objects on a plural endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, "*")
self._settings = request.registry.settings
def __init__(self, request):
# Store some shortcuts.
permission = request.registry.permission
self._check_permission = permission.check_permission
self._get_accessible_objects = permission.get_accessible_objects
self.get_prefixed_principals = functools.partial(
utils.prefixed_principals, request)
# Store current resource and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and hasattr(service, 'viewset')
and hasattr(service, 'resource'))
if is_on_resource:
self.resource_name = request.current_resource_name
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id, self.required_permission = (
self._find_required_permission(request, service))
# To obtain shared records on a collection endpoint, use a match:
self._object_id_match = self.get_permission_object_id(request, '*')
self._settings = request.registry.settings
def test_current_service_returns_none_for_unexisting_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/unexisting'
request.registry.cornice_services = {}
self.assertEqual(current_service(request), None)
def test_current_service_returns_the_service_for_existing_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/buckets'
request.registry.cornice_services = {'/buckets': mock.sentinel.service}
self.assertEqual(current_service(request), mock.sentinel.service)
def test_current_service_returns_none_for_unexisting_patterns(self):
request = DummyRequest()
request.matched_route.pattern = "/unexisting"
request.registry.cornice_services = {}
self.assertEqual(current_service(request), None)
def test_current_service_returns_the_service_for_existing_patterns(self):
request = DummyRequest()
request.matched_route.pattern = "/buckets"
request.registry.cornice_services = {"/buckets": mock.sentinel.service}
self.assertEqual(current_service(request), mock.sentinel.service)
