def has_object_permission(self, request, view, project): result = super(ProjectPermission, self).has_object_permission(request, view, project.organization) if not result: return result if project.teams.exists(): return any( has_team_permission(request, team, self.scope_map) for team in project.teams.all()) elif is_system_auth(request.auth): return True elif request.user.is_authenticated(): # this is only for team-less projects if is_active_superuser(request): return True try: role = OrganizationMember.objects.filter( organization=project.organization, user=request.user, ).values_list('role', flat=True).get() except OrganizationMember.DoesNotExist: # this should probably never happen? return False return roles.get(role).is_global elif hasattr(request.auth, 'project_id') and project.id == request.auth.project_id: return True return False
def from_auth(auth, organization): if is_system_auth(auth): return SystemAccess() if auth.organization_id == organization.id: return OrganizationGlobalAccess(auth.organization) else: return DEFAULT
def has_download_permission(request, project): if is_system_auth(request.auth) or is_active_superuser(request): return True if not request.user.is_authenticated(): return False organization = project.organization required_role = organization.get_option( "sentry:debug_files_role") or DEBUG_FILES_ROLE_DEFAULT if request.user.is_sentry_app: if roles.get(required_role).priority > roles.get("member").priority: return request.access.has_scope("project:write") else: return request.access.has_scope("project:read") try: current_role = (OrganizationMember.objects.filter( organization=organization, user=request.user).values_list("role", flat=True).get()) except OrganizationMember.DoesNotExist: return False return roles.get(current_role).priority >= roles.get( required_role).priority
def has_object_permission(self, request, view, project): result = super(EventAttachmentDetailsPermission, self).has_object_permission( request, view, project ) if not result: return result if is_system_auth(request.auth) or is_active_superuser(request): return True if not request.user.is_authenticated(): return False organization = project.organization required_role = ( organization.get_option("sentry:attachments_role") or ATTACHMENTS_ROLE_DEFAULT ) try: current_role = ( OrganizationMember.objects.filter(organization=organization, user=request.user) .values_list("role", flat=True) .get() ) except OrganizationMember.DoesNotExist: return False required_role = roles.get(required_role) current_role = roles.get(current_role) return current_role.priority >= required_role.priority
def from_auth(auth, organization): if is_system_auth(auth): return SystemAccess() if auth.organization_id == organization.id: return OrganizationGlobalAccess(auth.organization) else: return DEFAULT
def has_object_permission(self, request, view, project): result = super(ProjectPermission, self).has_object_permission(request, view, project.organization) if not result: return result if project.teams.exists(): return any( has_team_permission(request, team, self.scope_map) for team in project.teams.all() ) elif is_system_auth(request.auth): return True elif request.user.is_authenticated(): # this is only for team-less projects if is_active_superuser(request): return True try: role = OrganizationMember.objects.filter( organization=project.organization, user=request.user, ).values_list('role', flat=True).get() except OrganizationMember.DoesNotExist: # this should probably never happen? return False return roles.get(role).is_global elif hasattr(request.auth, 'project_id') and project.id == request.auth.project_id: return True return False
def from_auth(auth, organization: Organization) -> Access: if is_system_auth(auth): return SystemAccess() if auth.organization_id == organization.id: return OrganizationGlobalAccess(auth.organization, settings.SENTRY_SCOPES, sso_is_valid=True) else: return DEFAULT
def has_object_permission(self, request, view, user=None): if user is None: user = request.user if request.user == user: return True if is_system_auth(request.auth): return True if request.auth: return False if is_active_superuser(request): return True return False
def has_object_permission(self, request, view, user=None): if user is None: user = request.user if request.user == user: return True if is_system_auth(request.auth): return True if request.auth: return False if is_active_superuser(request): return True return False
def has_permission(self, request, view): return is_system_auth(request.auth)
def is_active_superuser(request): if is_system_auth(getattr(request, "auth", None)): return True su = getattr(request, "superuser", None) or Superuser(request) return su.is_active
def test_is_system_auth(self): token = SystemToken() assert is_system_auth(token) assert not is_system_auth({})
def has_permission(self, request, view): return is_system_auth(request.auth)
def is_active_superuser(request): if is_system_auth(getattr(request, 'auth', None)): return True su = getattr(request, 'superuser', None) or Superuser(request) return su.is_active