def _valid_bag(self, environ, space, container_name):
"""
Return True if the requested entity is part of the current
space's recipe or an ADMIN BAG. Otherwise return False
indicating that privileges will be dropped.
"""
store = environ['tiddlyweb.store']
recipe_name = determine_space_recipe(environ, space.name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return True
if container_name in ADMIN_BAGS:
return True
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return True
return False
def _valid_bag(self, environ, space, container_name):
"""
Return True if the requested entity is part of the current
space's recipe or an ADMIN BAG. Otherwise return False
indicating that privileges will be dropped.
"""
store = environ['tiddlyweb.store']
recipe_name = determine_space_recipe(environ, space.name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return True
if container_name in ADMIN_BAGS:
return True
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return True
return False
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(
bag) or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def test_bag_is_associate():
assert Space.bag_is_associate('cat_archive')
assert not Space.bag_is_associate('cat_poo')
assert not Space.bag_is_associate('_archive')
def test_bag_is_associate():
assert Space.bag_is_associate('cat_archive')
assert not Space.bag_is_associate('cat_poo')
assert not Space.bag_is_associate('_archive')