def test_has_perm(self, mock_get_perms, mock_get_key): mock_get_key.return_value = "fake key" mock_get_perms.return_value = ["myperm:*:*"] mock_request = mm() mock_request.path = "/some/path" view_helpers.ensure_has_permission( permissions=["myperm:*:*"], application="app", app_name="app-name", request=mock_request, logger=mm(), request_metric=mm(), exception_metric=mm(), )
def ensure_rbac_write(): return view_helpers.ensure_has_permission( permissions=["drift:*:*", "drift:baselines:write"], application="drift", app_name="system-baseline", request=request, logger=current_app.logger, request_metric=metrics.rbac_requests, exception_metric=metrics.rbac_exceptions, )
def test_has_perm(self, mock_get_perms, mock_get_key): mock_get_key.return_value = ( "eyJpZGVudGl0eSI6IHsiYWNjb3VudF9udW1iZXIiOiAiMTIxMjcyOSIsICJ0eXBlIjogI" "lN5c3RlbSIsICJhdXRoX3R5cGUiOiAiY2xhc3NpYy1wcm94eSIsICJzeXN0ZW0iOiB7Im" "NuIjogIjIyY2Q4ZTM5LTEzYmItNGQwMi04MzE2LTg0Yjg1MGRjNTEzNiIsICJjZXJ0X3R" "5cGUiOiAic3lzdGVtIn0sICJpbnRlcm5hbCI6IHsib3JnX2lkIjogIjAwMDAwMSJ9fX0K" ) mock_get_perms.return_value = ["myperm:*:*"] mock_request = mm() mock_request.path = "/some/path" view_helpers.ensure_has_permission( permissions=["myperm:*:*"], application="app", app_name="app-name", request=mock_request, logger=mm(), request_metric=mm(), exception_metric=mm(), )
def ensure_rbac(): return view_helpers.ensure_has_permission( permissions=["drift:*:*", "drift:comparisons:read"], application="drift", app_name="drift", request=request, logger=current_app.logger, request_metric=metrics.rbac_requests, exception_metric=metrics.rbac_exceptions, )
def ensure_rbac(): return view_helpers.ensure_has_permission( permissions=["drift:*:*", "drift:baselines:read"], application="drift", app_name="historical-system-profiles", request=request, logger=current_app.logger, request_metric=metrics.rbac_requests, exception_metric=metrics.rbac_exceptions, )
def ensure_rbac_hsps_read(): # permissions consist of a list of "or" permissions where any will work, # and each sublist is a set of "and" permissions that all must be true. # For example: # permissions=[["drift:*:*"], ["drift:notifications:read", "drift:baselines:read"]] # If we just have *:*, it works, but if not, we need both notifications:read and # baselines:read in order to allow access. return view_helpers.ensure_has_permission( permissions=[["drift:*:*"], ["drift:historical-system-profiles:read"]], application="drift", app_name="historical-system-profiles", request=request, logger=current_app.logger, request_metric=metrics.rbac_requests, exception_metric=metrics.rbac_exceptions, )