def check_permission(self, action, username=None, resource=None, perm=None): """Return True if permission to perform action for the given resource is allowed.""" if username is None: username = '******' if resource: if resource.realm is None: resource = None elif resource.neighborhood is not None: try: compmgr = manager_for_neighborhood(self.env, resource.neighborhood) except ResourceNotFound: # FIXME: raise ? return False else: return PermissionSystem(compmgr).check_permission( action, username, resource, perm) for policy in self.policies: decision = policy.check_permission(action, username, resource, perm) if decision is not None: if decision is False: self.log.debug("%s denies %s performing %s on %r", policy.__class__.__name__, username, action, resource) return decision self.log.debug("No policy allowed %s performing %s on %r", username, action, resource) return False
def check_permission(self, action, username=None, resource=None, perm=None): """Return True if permission to perform action for the given resource is allowed.""" if username is None: username = '******' if resource: if resource.realm is None: resource = None elif resource.neighborhood is not None: try: compmgr = manager_for_neighborhood(self.env, resource.neighborhood) except ResourceNotFound: #FIXME: raise ? return False else: return PermissionSystem(compmgr).check_permission( action, username, resource, perm) for policy in self.policies: decision = policy.check_permission(action, username, resource, perm) if decision is not None: if not decision: self.log.debug("%s denies %s performing %s on %r", policy.__class__.__name__, username, action, resource) return decision self.log.debug("No policy allowed %s performing %s on %r", username, action, resource) return False
def __init__(self, env, username=None, resource=None, cache=None, groups=None): if resource and resource.neighborhood is not None: env = manager_for_neighborhood(env, resource.neighborhood) resource = Neighborhood(None, None).child(resource) self.env = env self.username = username or 'anonymous' self._resource = resource if cache is None: cache = {} self._cache = cache
def _has_permission(self, action, resource): key = (self.username, hash(resource), action) cached = self._cache.get(key) if cached: cache_decision, cache_resource = cached if resource == cache_resource: return cache_decision perm = self permsys = PermissionSystem(self.env) if resource is not self._resource: if resource.neighborhood is not None: perm = PermissionCache(self.env, self.username, resource, {}) permsys = PermissionSystem( manager_for_neighborhood(self.env, resource.neighborhood)) else: perm = PermissionCache(self.env, self.username, resource, self._cache) decision = permsys.check_permission(action, perm.username, resource, perm) self._cache[key] = (decision, resource) return decision
def _has_permission(self, action, resource): key = (self.username, hash(resource), action) cached = self._cache.get(key) if cached: cache_decision, cache_resource = cached if resource == cache_resource: return cache_decision perm = self permsys = PermissionSystem(self.env) if resource is not self._resource: if resource.neighborhood is not None: perm = PermissionCache(self.env, self.username, resource, {}) permsys = PermissionSystem(manager_for_neighborhood( self.env, resource.neighborhood)) else: perm = PermissionCache(self.env, self.username, resource, self._cache) decision = permsys.check_permission(action, perm.username, resource, perm) self._cache[key] = (decision, resource) return decision