def inner(): if bottle.request.user is None: return HttpResponseSender.send_error(UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation' ).with_status(401)) else: user_id = dict(bottle.request.query.decode()).get(id_param) if bottle.request.user_id != user_id: return HttpResponseSender.send_error(UnauthorizedException( None, 'FORBIDDEN', 'Only data owner can perform this operation' ).with_status(403))
def inner(): if bottle.request.user is None: return HttpResponseSender.send_error(UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation ' ).with_status(401))
def inner(req=None, res=None, next=None, ): if req.params.get('user') is None: HttpResponseSender.send_error(UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation' ).with_status(401)) else: user_id = req.route.params[id_param] if req.params.get('user_id') != user_id: HttpResponseSender.send_error(UnauthorizedException( None, 'FORBIDDEN', 'Only data owner can perform this operation' ).with_status(403)) else: next()
def inner(req, res, next): if req.user is None: HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation '). with_status(401)) else: next()
def inner(): user = bottle.request.user if user is None: return HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation'). with_status(401)) else: authorized = False for role in roles: authorized = authorized or role in user.roles if not authorized: return HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_IN_ROLE', 'User must be ' + ' or '.join(roles) + ' to perform this operation').with_details( 'roles', roles).with_status(403))
def inner(req, res, next): if req.user is None: HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation'). with_status(401)) else: user_id = req.route.params[id_param] or req.param(id_param) if req.user is not None: roles = req.user.roles else: roles = None admin = 'admin' in roles if req.user_id != user_id and not admin: HttpResponseSender.send_error( UnauthorizedException( None, 'FORBIDDEN', 'Only data owner can perform this operation'). with_status(403)) else: next()
def inner(req, res, next): user = req.params.get('user') if user is None: HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_SIGNED', 'User must be signed in to perform this operation'). with_status(401)) else: authorized = False for role in roles: authorized = authorized or role in user.get('roles') if not authorized: HttpResponseSender.send_error( UnauthorizedException( None, 'NOT_IN_ROLE', 'User must be ' + ' or '.join(roles) + ' to perform this operation').with_details( 'roles', roles).with_status(403)) else: next()
def _send_unauthorized(self, req, message): correlation_id = self._get_correlation_id(req) error = UnauthorizedException(correlation_id, 'UNAUTHORIZED', message) self._send_error(error)
def _send_unauthorized(self, message: str) -> str: correlation_id = self._get_correlation_id() error = UnauthorizedException(correlation_id, 'UNAUTHORIZED', message) return self._send_error(error)