def inner():
if bottle.request.user is None:
return HttpResponseSender.send_error(UnauthorizedException(
None,
'NOT_SIGNED',
'User must be signed in to perform this operation'
).with_status(401))
else:
user_id = dict(bottle.request.query.decode()).get(id_param)
if bottle.request.user_id != user_id:
return HttpResponseSender.send_error(UnauthorizedException(
None,
'FORBIDDEN',
'Only data owner can perform this operation'
).with_status(403))
def inner():
if bottle.request.user is None:
return HttpResponseSender.send_error(UnauthorizedException(
None,
'NOT_SIGNED',
'User must be signed in to perform this operation '
).with_status(401))
def inner(req=None, res=None, next=None, ):
if req.params.get('user') is None:
HttpResponseSender.send_error(UnauthorizedException(
None,
'NOT_SIGNED',
'User must be signed in to perform this operation'
).with_status(401))
else:
user_id = req.route.params[id_param]
if req.params.get('user_id') != user_id:
HttpResponseSender.send_error(UnauthorizedException(
None,
'FORBIDDEN',
'Only data owner can perform this operation'
).with_status(403))
else:
next()
def inner(req, res, next):
if req.user is None:
HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_SIGNED',
'User must be signed in to perform this operation ').
with_status(401))
else:
next()
def inner():
user = bottle.request.user
if user is None:
return HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_SIGNED',
'User must be signed in to perform this operation').
with_status(401))
else:
authorized = False
for role in roles:
authorized = authorized or role in user.roles
if not authorized:
return HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_IN_ROLE',
'User must be ' + ' or '.join(roles) +
' to perform this operation').with_details(
'roles', roles).with_status(403))
def inner(req, res, next):
if req.user is None:
HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_SIGNED',
'User must be signed in to perform this operation').
with_status(401))
else:
user_id = req.route.params[id_param] or req.param(id_param)
if req.user is not None:
roles = req.user.roles
else:
roles = None
admin = 'admin' in roles
if req.user_id != user_id and not admin:
HttpResponseSender.send_error(
UnauthorizedException(
None, 'FORBIDDEN',
'Only data owner can perform this operation').
with_status(403))
else:
next()
def inner(req, res, next):
user = req.params.get('user')
if user is None:
HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_SIGNED',
'User must be signed in to perform this operation').
with_status(401))
else:
authorized = False
for role in roles:
authorized = authorized or role in user.get('roles')
if not authorized:
HttpResponseSender.send_error(
UnauthorizedException(
None, 'NOT_IN_ROLE',
'User must be ' + ' or '.join(roles) +
' to perform this operation').with_details(
'roles', roles).with_status(403))
else:
next()
def _send_unauthorized(self, req, message):
correlation_id = self._get_correlation_id(req)
error = UnauthorizedException(correlation_id, 'UNAUTHORIZED', message)
self._send_error(error)
def _send_unauthorized(self, message: str) -> str:
correlation_id = self._get_correlation_id()
error = UnauthorizedException(correlation_id, 'UNAUTHORIZED', message)
return self._send_error(error)