def test_check_token(self):
result = appier.check_token(None, "admin", tokens_m={"*": True})
self.assertEqual(result, True)
result = appier.check_token(None, "admin", tokens_m={})
self.assertEqual(result, False)
result = appier.check_token(None, "admin", tokens_m={"admin": True})
self.assertEqual(result, True)
result = appier.check_token(None,
"admin.read",
tokens_m={"admin": {
"read": True
}})
self.assertEqual(result, True)
result = appier.check_token(None,
"admin",
tokens_m={"admin": {
"read": True
}})
self.assertEqual(result, False)
result = appier.check_token(None,
"admin.read",
tokens_m={"admin": {
"*": True
}})
self.assertEqual(result, True)
result = appier.check_token(None, None, tokens_m={})
self.assertEqual(result, True)
def test_check_token(self):
result = appier.check_token(None, "admin", tokens_m = {"*" : True})
self.assertEqual(result, True)
result = appier.check_token(None, "admin", tokens_m = {})
self.assertEqual(result, False)
result = appier.check_token(None, "admin", tokens_m = {"admin" : True})
self.assertEqual(result, True)
result = appier.check_token(None, "admin.read", tokens_m = {
"admin" : {
"read" : True
}
})
self.assertEqual(result, True)
result = appier.check_token(None, "admin", tokens_m = {
"admin" : {
"read" : True
}
})
self.assertEqual(result, False)
result = appier.check_token(None, "admin.read", tokens_m = {
"admin" : {
"*" : True
}
})
self.assertEqual(result, True)
result = appier.check_token(None, None, tokens_m = {})
self.assertEqual(result, True)
def _filter_scope_g(cls, scope, account = None, owner = None):
"""
Filters the provided sequence of tokens for the scope, so
that only the ones allowed for the requested account are used.
This avoid security issues like someone requesting values
for a token that is for which the user is not allowed.
:type scope: List
:param scope: The list of tokens to be filtered.
:type account: Account
:param account: The account that is going to be used for the
filtering of the values, in case none is provided the current
account in session is used.
:rtype: List
:return: The resulting filtering list containing only the
tokens for which the provided account is capable.
"""
# defaults the provided owner value to the global registered
# app to be used if required for account defaulting
owner = owner or appier.get_app()
# builds the list that is going to be used to store the
# result of the scope filtering (ACL verification)
result = []
# retrieves the complete set of tokens from the account
# and then converts them into the map version of them
account = account or owner.admin_part.account_c.from_session()
tokens = account.tokens()
tokens_m = appier.to_tokens_m(tokens)
# iterates over each token of the scope to validate it
# according to the ACL of the associated account
for token in scope:
valid = appier.check_token(None, token, tokens_m = tokens_m)
if not valid: continue
result.append(token)
# returns the final result that contains only the scope
# tokens for which the account is entitle to register
return result
def _filter_scope_g(cls, scope, account = None, owner = None):
"""
Filters the provided sequence of tokens for the scope, so
that only the ones allowed for the requested account are used.
This avoid security issues like someone requesting values
for a token that is for which the user is not allowed.
:type scope: List
:param scope: The list of tokens to be filtered.
:type account: Account
:param account: The account that is going to be used for the
filtering of the values, in case none is provided the current
account in session is used.
:rtype: List
:return: The resulting filtering list containing only the
tokens for which the provided account is capable.
"""
# defaults the provided owner value to the global registered
# app to be used if required for account defaulting
owner = owner or appier.get_app()
# builds the list that is going to be used to store the
# result of the scope filtering (ACL verification)
result = []
# retrieves the complete set of tokens from the account
# and then converts them into the map version of them
account = account or owner.admin_part.account_c.from_session()
tokens = account.tokens()
tokens_m = appier.to_tokens_m(tokens)
# iterates over each token of the scope to validate it
# according to the ACL of the associated account
for token in scope:
valid = appier.check_token(None, token, tokens_m = tokens_m)
if not valid: continue
result.append(token)
# returns the final result that contains only the scope
# tokens for which the account is entitle to register
return result
