def RequestAndGrantClientApproval(client_id,
token=None,
approver="approver",
reason="testing"):
token = token or GetToken()
ApprovalRequest(client_id, token=token, approver=approver, reason=reason)
user = aff4.FACTORY.Create("aff4:/users/%s" % approver,
users.GRRUser,
token=token.SetUID())
user.Flush()
approver_token = access_control.ACLToken(username=approver)
security.ClientApprovalGrantor(reason=reason,
delegate=token.username,
subject_urn=rdf_client.ClientURN(client_id),
token=approver_token).Grant()
def ApprovalGrant(token=None):
"""Iterate through requested access approving or not."""
user = getpass.getuser()
notifications = GetNotifications(user=user, token=token)
requests = [n for n in notifications if n.type == "GrantAccess"]
for request in requests:
_, client_id, user, reason = rdfvalue.RDFURN(request.subject).Split()
reason = utils.DecodeReasonString(reason)
print(request)
print("Reason: %s" % reason)
if input("Do you approve this request? [y/N] ").lower() == "y":
security.ClientApprovalGrantor(
subject_urn=client_id, reason=reason, delegate=user,
token=token).Grant()
# TODO(user): Remove the notification.
else:
print("skipping request")
print("Approval sent")