def _allowed(self, request, datum): policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") if policy_check and self.policy_rules: target = self.get_policy_target(request, datum) return (policy_check(self.policy_rules, request, target) and self.allowed(request, datum)) return self.allowed(request, datum)
def check(actions, request, target=None): """Wrapper of the configurable policy method.""" policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") if policy_check: return policy_check(actions, request, target) return True
def _has_permission(self, policy): has_permission = True # policy_check = getattr(settings, "POLICY_CHECK_FUNCTION", None) policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") if policy_check: has_permission = policy_check(policy, self.request) return has_permission
def policy_check(policy_rules, request): _policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") if _policy_check and policy_rules: for rule in policy_rules: rule_param = rule if not any(isinstance(r, (list, tuple)) for r in rule): rule_param = (rule, ) if _policy_check(rule_param, request): return True return False return True
def allowed(self, request): """Determines whether or not the tab is displayed. Tab instances can override this method to specify conditions under which this tab should not be shown at all by returning ``False``. """ if not self.policy_rules: return True policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") if policy_check: return policy_check(self.policy_rules, request) return True
class Admin(horizon.Dashboard): name = _("Admin") slug = "admin" if utils_settings.import_setting("POLICY_CHECK_FUNCTION"): policy_rules = ( ('identity', 'admin_required'), ('image', 'context_is_admin'), ('volume', 'context_is_admin'), ('compute', 'context_is_admin'), ('network', 'context_is_admin'), ) else: permissions = (tuple(utils.get_admin_permissions()), )
def _can_access(self, request): policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION")#导入权限检查函数 # this check is an OR check rather than an AND check that is the # default in the policy engine, so calling each rule individually在策略引擎中默认,所以单独调用每个规则 if policy_check and self.policy_rules: for rule in self.policy_rules: rule_param = rule if not any(isinstance(r, (list, tuple)) for r in rule):#从rule取出所有的元素r,然后判断是不是一个列表或者元组,any为真的情况为非空 rule_param = (rule,) if policy_check(rule_param, request): return True#若存在权限,则返回true return False # default to allowed return True#默认返回true
def _can_access(self, request): policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") # this check is an OR check rather than an AND check that is the # default in the policy engine, so calling each rule individually if policy_check and self.policy_rules: for rule in self.policy_rules: rule_param = rule if not any(isinstance(r, (list, tuple)) for r in rule): rule_param = (rule, ) if policy_check(rule_param, request): return True return False # default to allowed return True
def _can_access(self, request): policy_check = utils_settings.import_setting("POLICY_CHECK_FUNCTION") # this check is an OR check rather than an AND check that is the # default in the policy engine, so calling each rule individually if policy_check and self.policy_rules: for rule in self.policy_rules: rule_param = rule if not any(isinstance(r, (list, tuple)) for r in rule): rule_param = (rule,) if policy_check(rule_param, request): return True return False # default to allowed return True