def get_interaction(self, request, principal='oms.anonymous'): # TODO: we can quickly disable rest auth # if get_config().getboolean('auth', 'enable_anonymous'): # return None if request.method == 'OPTIONS': principal = 'oms.rest_options' return new_interaction(principal)
def get_interaction(self, request, token): # TODO: we can quickly disable rest auth # if get_config().getboolean('auth', 'enable_anonymous'): # return None from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility authenticator = getUtility(IHttpRestAuthenticationUtility) # XXX: Maybe inject the anonymous detection logic into authenticator? try: principal = authenticator.get_principal(token) except: # Avoid that changes in format of security token will require every user # to flush the cookies principal = 'oms.anonymous' # XXX: Should the token get renewed here? if principal != 'oms.anonymous': authenticator.renew_token(request, token) # XXX: What's the purpose of a special principle for OPTIONS method? if request.method == 'OPTIONS': principal = 'oms.rest_options' return new_interaction(principal)
def get_interaction(self, request, token): # TODO: we can quickly disable rest auth # if get_config().getboolean('auth', 'enable_anonymous'): # return None from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility authenticator = getUtility(IHttpRestAuthenticationUtility) # XXX: Maybe inject the anonymous detection logic into authenticator? try: principal = authenticator.get_principal(token) except: # Avoid that changes in format of security token will require every user # to flush the cookies principal = 'oms.anonymous' # XXX: Should the token get renewed here? if principal != 'oms.anonymous': authenticator.renew_token(request, token) # XXX: What's the purpose of a special principle for OPTIONS method? if request.method == 'OPTIONS': principal = 'oms.rest_options' return new_interaction(principal)
def __init__(self, interaction=None): self.terminal = self self.protocol = self self.path = [''] self.use_security_proxy = False if interaction is None: auth = getUtility(IAuthentication) self.interaction = new_interaction(auth.getPrincipal('root')) else: self.interaction = interaction
def preload_acl_line(path, permspec, filename='-', lineno='-'): obj = traverse1(path[1:]) if obj is None: log.warning('No such object: \'%s\'; file: \'%s\' line: %s', path, filename, lineno) return if obj.__transient__: log.warning( "Transient object %s always inherits permissions from its parent", path) return if permspec in ('inherit', 'noinherit'): obj.inherit_permissions = (permspec == 'inherit') return auth = getUtility(IAuthentication, context=None) interaction = new_interaction(auth.getPrincipal('root')) with interaction: prinrole = IPrincipalRoleManager(obj) action_map = { 'allow': prinrole.assignRoleToPrincipal, 'deny': prinrole.removeRoleFromPrincipal, 'unset': prinrole.unsetRoleForPrincipal } parsedspec = permspec.strip().split(':', 3) if len(parsedspec) < 4: log.error( 'Format error: not all fields are specified: \'%s\' on line %s', filename, lineno) return permtype, kind, principal, perms = parsedspec if not perms: log.warning( 'No permissions specified for object: \'%s\'; file: \'%s\' line: %s', path, filename, lineno) return for perm in perms.strip().split(','): if perm not in Role.nick_to_role: raise NoSuchPermission(perm) role = Role.nick_to_role[perm].id log.info('%s \'%s\' on %s (%s) to \'%s\'', permtype, perm, path, obj, principal) action_map[permtype](role, principal)
def preload_acl_line(path, permspec, filename='-', lineno='-'): obj = traverse1(path[1:]) if obj is None: log.warning('No such object: \'%s\'; file: \'%s\' line: %s', path, filename, lineno) return if obj.__transient__: log.warning("Transient object %s always inherits permissions from its parent", path) return if permspec in ('inherit', 'noinherit'): obj.inherit_permissions = (permspec == 'inherit') return auth = getUtility(IAuthentication, context=None) interaction = new_interaction(auth.getPrincipal('root')) with interaction: prinrole = IPrincipalRoleManager(obj) action_map = {'allow': prinrole.assignRoleToPrincipal, 'deny': prinrole.removeRoleFromPrincipal, 'unset': prinrole.unsetRoleForPrincipal} parsedspec = permspec.strip().split(':', 3) if len(parsedspec) < 4: log.error('Format error: not all fields are specified: \'%s\' on line %s', filename, lineno) return permtype, kind, principal, perms = parsedspec if not perms: log.warning('No permissions specified for object: \'%s\'; file: \'%s\' line: %s', path, filename, lineno) return for perm in perms.strip().split(','): if perm not in Role.nick_to_role: raise NoSuchPermission(perm) role = Role.nick_to_role[perm].id log.info('%s \'%s\' on %s (%s) to \'%s\'', permtype, perm, path, obj, principal) action_map[permtype](role, principal)
def sudo(obj): """ System utility to elevate privileges to certain object accesses """ obj = getObject(obj) if type(obj) is Proxy else obj return checker.proxy_factory(obj, new_interaction('root'))
def __enter__(self): _checker = getChecker(self._obj) self.previous_interaction = _checker.interaction _checker.interaction = new_interaction('root') return self._obj
def sudo(obj): """ System utility to elevate privileges to certain object accesses """ obj = getObject(obj) if type(obj) is Proxy else obj return checker.proxy_factory(obj, new_interaction('root'))
def __enter__(self): _checker = getChecker(self._obj) self.previous_interaction = _checker.interaction _checker.interaction = new_interaction('root') return self._obj