예제 #1
0
def clear_cache():
    """clear current interaction's IApplicationRequests' authorization caches.
    """
    for p in getInteraction().participations:
        if IApplicationRequest.providedBy(p):
            # LaunchpadBrowserRequest provides a ``clearSecurityPolicyCache``
            # method, but it is not in an interface, and not implemented by
            # all classes that implement IApplicationRequest.
            if LAUNCHPAD_SECURITY_POLICY_CACHE_KEY in p.annotations:
                del p.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY]
예제 #2
0
def clear_cache():
    """clear current interaction's IApplicationRequests' authorization caches.
    """
    for p in getInteraction().participations:
        if IApplicationRequest.providedBy(p):
            # LaunchpadBrowserRequest provides a ``clearSecurityPolicyCache``
            # method, but it is not in an interface, and not implemented by
            # all classes that implement IApplicationRequest.
            if LAUNCHPAD_SECURITY_POLICY_CACHE_KEY in p.annotations:
                del p.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY]
예제 #3
0
    def checkPermission(self, permission, object):
        """Check the permission, object, user against the launchpad
        authorization policy.

        If the object is a view, then consider the object to be the view's
        context.

        If we are running in read-only mode, all permission checks are
        failed except for launchpad.View requests, which are checked
        as normal. All other permissions are used to protect write
        operations.

        Workflow:
        - If the principal is not None and its access level is not what is
          required by the permission, deny.
        - If the object to authorize is private and the principal has no
          access to private objects, deny.
        - If we have zope.Public, allow.  (But we shouldn't ever get this.)
        - If we have launchpad.AnyPerson and the principal is an
          ILaunchpadPrincipal then allow.
        - If the object has an IAuthorization named adapter, named
          after the permission, use that to check the permission.
        - Otherwise, deny.
        """
        # If we have a view, get its context and use that to get an
        # authorization adapter.
        if IView.providedBy(object):
            objecttoauthorize = object.context
        else:
            objecttoauthorize = object
        if objecttoauthorize is None:
            # We will not be able to lookup an adapter for this, so we can
            # return False already.
            return False
        # Remove all proxies from object to authorize. The security proxy is
        # removed for obvious reasons but we also need to remove the location
        # proxy (which is used on apidoc.lp.dev) because otherwise we can't
        # create a weak reference to our object in our security policy cache.
        objecttoauthorize = removeAllProxies(objecttoauthorize)

        participations = [
            participation for participation in self.participations
            if participation.principal is not system_user]

        if len(participations) > 1:
            raise RuntimeError("More than one principal participating.")

        # The participation's cache of (object -> permission -> result), or
        # None if the participation does not support caching.
        participation_cache = None
        # A cache of (permission -> result) for objecttoauthorize, or None if
        # the participation does not support caching. This resides as a value
        # of participation_cache.
        object_cache = None

        if len(participations) == 0:
            principal = None
        else:
            participation = participations[0]
            if IApplicationRequest.providedBy(participation):
                participation_cache = participation.annotations.setdefault(
                    LAUNCHPAD_SECURITY_POLICY_CACHE_KEY,
                    weakref.WeakKeyDictionary())
                object_cache = participation_cache.setdefault(
                    objecttoauthorize, {})
                if permission in object_cache:
                    return object_cache[permission]
            principal = removeAllProxies(participation.principal)

        if (principal is not None and
            not isinstance(principal, UnauthenticatedPrincipal)):
            access_level = self._getPrincipalsAccessLevel(
                principal, objecttoauthorize)
            if not self._checkRequiredAccessLevel(
                access_level, permission, objecttoauthorize):
                return False
            if not self._checkPrivacy(access_level, objecttoauthorize):
                return False

        # The following two checks shouldn't be needed, strictly speaking,
        # because zope.Public is CheckerPublic, and the Zope security
        # machinery shortcuts this to always allow it. However, it is here as
        # a "belt and braces". It is also a bit of a lie: if the permission is
        # zope.Public, privacy and access levels (checked above) will be
        # irrelevant!
        if permission == 'zope.Public':
            return True
        if permission is CheckerPublic:
            return True

        if (permission == 'launchpad.AnyPerson' and
            ILaunchpadPrincipal.providedBy(principal)):
            return True

        # If there are delegated authorizations they must *all* be allowed
        # before permission to access objecttoauthorize is granted.
        result = all(
            iter_authorization(
                objecttoauthorize, permission, principal,
                participation_cache, breadth_first=True))

        # Cache the top-level result. Be warned that this result /may/ be
        # based on 10s or 100s of delegated authorization checks, and so even
        # small changes in the model data could invalidate this result.
        if object_cache is not None:
            object_cache[permission] = result

        return result
예제 #4
0
    def checkPermission(self, permission, object):
        """Check the permission, object, user against the launchpad
        authorization policy.

        If the object is a view, then consider the object to be the view's
        context.

        If we are running in read-only mode, all permission checks are
        failed except for launchpad.View requests, which are checked
        as normal. All other permissions are used to protect write
        operations.

        Workflow:
        - If the principal is not None and its access level is not what is
          required by the permission, deny.
        - If the object to authorize is private and the principal has no
          access to private objects, deny.
        - If we have zope.Public, allow.  (But we shouldn't ever get this.)
        - If we have launchpad.AnyPerson and the principal is an
          ILaunchpadPrincipal then allow.
        - If the object has an IAuthorization named adapter, named
          after the permission, use that to check the permission.
        - Otherwise, deny.
        """
        # If we have a view, get its context and use that to get an
        # authorization adapter.
        if IView.providedBy(object):
            objecttoauthorize = object.context
        else:
            objecttoauthorize = object
        if objecttoauthorize is None:
            # We will not be able to lookup an adapter for this, so we can
            # return False already.
            return False
        # Remove all proxies from object to authorize. The security proxy is
        # removed for obvious reasons but we also need to remove the location
        # proxy (which is used on apidoc.lp.dev) because otherwise we can't
        # create a weak reference to our object in our security policy cache.
        objecttoauthorize = removeAllProxies(objecttoauthorize)

        participations = [
            participation for participation in self.participations if participation.principal is not system_user
        ]

        if len(participations) > 1:
            raise RuntimeError("More than one principal participating.")

        # The participation's cache of (object -> permission -> result), or
        # None if the participation does not support caching.
        participation_cache = None
        # A cache of (permission -> result) for objecttoauthorize, or None if
        # the participation does not support caching. This resides as a value
        # of participation_cache.
        object_cache = None

        if len(participations) == 0:
            principal = None
        else:
            participation = participations[0]
            if IApplicationRequest.providedBy(participation):
                participation_cache = participation.annotations.setdefault(
                    LAUNCHPAD_SECURITY_POLICY_CACHE_KEY, weakref.WeakKeyDictionary()
                )
                object_cache = participation_cache.setdefault(objecttoauthorize, {})
                if permission in object_cache:
                    return object_cache[permission]
            principal = removeAllProxies(participation.principal)

        if principal is not None and not isinstance(principal, UnauthenticatedPrincipal):
            access_level = self._getPrincipalsAccessLevel(principal, objecttoauthorize)
            if not self._checkRequiredAccessLevel(access_level, permission, objecttoauthorize):
                return False
            if not self._checkPrivacy(access_level, objecttoauthorize):
                return False

        # The following two checks shouldn't be needed, strictly speaking,
        # because zope.Public is CheckerPublic, and the Zope security
        # machinery shortcuts this to always allow it. However, it is here as
        # a "belt and braces". It is also a bit of a lie: if the permission is
        # zope.Public, privacy and access levels (checked above) will be
        # irrelevant!
        if permission == "zope.Public":
            return True
        if permission is CheckerPublic:
            return True

        if permission == "launchpad.AnyPerson" and ILaunchpadPrincipal.providedBy(principal):
            return True

        # If there are delegated authorizations they must *all* be allowed
        # before permission to access objecttoauthorize is granted.
        result = all(
            iter_authorization(objecttoauthorize, permission, principal, participation_cache, breadth_first=True)
        )

        # Cache the top-level result. Be warned that this result /may/ be
        # based on 10s or 100s of delegated authorization checks, and so even
        # small changes in the model data could invalidate this result.
        if object_cache is not None:
            object_cache[permission] = result

        return result