def check_access(self, query, action=RESOURCE_READ):
if action == RESOURCE_EDIT and self.resource_name in PROTECTED:
log.debug("PROTECTED RESOURCE")
abort(403)
if action == RESOURCE_EDIT and not identity.not_anonymous():
log.debug("EDIT denied because annonymous")
abort(401)
if query is None:
return None
if isinstance(query, sqlalchemy.orm.Query): #pylint: disable=no-member
query = document_permission(query, action=action)
log.debug("PERMISSION:query %s", str(query))
else:
# Previously loaded resource .. recreate query but with
# permission check
log.debug("PERMISSION: loaded object %s %s",
(query.xmltag, query.__class__), query.id)
query = resource_load((query.xmltag, query.__class__),
ident=query.id)
query = document_permission(query, action=action)
resource = self.force_dbload(query)
if resource is None:
log.warn("Permission check failure %s = %s", str(query),
str(resource))
if identity.not_anonymous():
abort(403)
else:
abort(401)
#log.debug ("PERMISSION: user %s : %s" % (user_id, resource))
return resource
def check_access(self, uniq):
resource = data_service.resource_load(uniq=uniq)
if resource is None:
if identity.not_anonymous():
abort(403)
else:
abort(401)
return resource
def cache_save(self, url, user_id=None, response=None, **kw):
args = ["%s=%s" % (k, v) for k, v in sorted(kw.items())]
full_url = "%s?%s" % (url, "&".join(args))
log.debug("CACHE SAVE url %s", full_url)
if user_id is None and identity.not_anonymous():
user_id = identity.get_user_id()
self.server_cache.save(full_url, {'Content-Type': 'text/xml'},
response, user_id)
def cache_check(self, url, user_id=None, **kw):
args = ["%s=%s" % (k, v) for k, v in sorted(kw.items())]
full_url = "%s?%s" % (url, "&".join(args))
if user_id is None and identity.not_anonymous():
user_id = identity.get_user_id()
log.debug("CACHE CHECK url %s", full_url)
header, response = self.server_cache.fetch(full_url, user_id)
return response
def check_access(self, uniq):
resource = data_service.resource_load(uniq=uniq)
if resource is None:
if identity.not_anonymous():
abort(responses.FORBIDDEN)
else:
abort(responses.UNAUTHORIZED)
return resource
def login_app(self):
"""Allow json/xml logins.. core functionality in bq/core/lib/app_auth.py
This is to a place holder
"""
if identity.not_anonymous():
response.body = "{'status':'OK'}"
return
response.status = 401
response.body = "{'status':'FAIL'}"
def check_access(self, ident, action):
from bq.data_service.controllers.resource_query import resource_permission
query = DBSession.query(Taggable).filter_by(resource_uniq=ident)
resource = resource_permission(query, action=action).first()
if resource is None:
if identity.not_anonymous():
abort(403)
else:
abort(401)
return resource
def check_access(query, action=RESOURCE_READ):
if action == RESOURCE_EDIT and not identity.not_anonymous():
log.debug("EDIT denied because annonymous")
abort(401)
if query is None:
return None
if isinstance(query, Query):
query = resource_permission(query, action=action)
else:
# Previously loaded resource .. recreate query but with
# permission check
#query = resource_load (self.resource_type, query.id)
query = resource_load((query.xmltag, query.__class__), query.id)
query = resource_permission(query, action=action)
resource = force_dbload(query)
if resource is None:
log.debug("Permission check failure %s", str(query))
if identity.not_anonymous():
abort(403)
else:
abort(401)
#log.debug ("PERMISSION: user %s : %s" % (user_id, resource))
return resource
def session(self):
sess = etree.Element('session',
uri=posixpath.join(self.uri, "session"))
if identity.not_anonymous():
#vk = tgidentity.current.visit_link.visit_key
#log.debug ("session_timout for visit %s" % str(vk))
#visit = Visit.lookup_visit (vk)
#expire = (visit.expiry - datetime.now()).seconds
#KGKif 'mex_auth' not in session:
#KGKlog.warn ("INVALID Session or session deleted: forcing logout on client")
#KGK return etree.tostring (sess)
#KGK #redirect ('/auth_service/logout_handler')
timeout = int(session.get('timeout', 0))
length = int(session.get('length', 0))
expires = session.get('expires', datetime(2100, 1, 1))
current_user = identity.get_user()
if current_user:
# Pylint misses type of current_user
# pylint: disable=no-member
etree.SubElement(sess,
'tag',
name='user',
value=data_service.uri() + current_user.uri)
etree.SubElement(sess,
'tag',
name='group',
value=",".join([
g.group_name
for g in current_user.get_groups()
]))
# https://stackoverflow.com/questions/19654578/python-utc-datetime-objects-iso-format-doesnt-include-z-zulu-or-zero-offset
etree.SubElement(sess,
'tag',
name='expires',
value=expires.isoformat() + 'Z')
etree.SubElement(sess, 'tag', name='timeout', value=str(timeout))
etree.SubElement(sess, 'tag', name='length', value=str(length))
return etree.tostring(sess)
def cache_invalidate_resource(self, resource, user_id=None):
if user_id is None and identity.not_anonymous():
user_id = identity.get_user_id()
self.server_cache.invalidate_resource(resource, user_id)
try:
token = self.srv.request('formats', ProcessToken(), None)
except ImageServiceException, e:
abort(e.code, e.message)
tg.response.headers['Content-Type'] = token.contentType
cache_control(token.cacheInfo)
return token.data
def check_access(self, ident, view=None):
#resource = data_service.resource_load (uniq = ident, view=view)
try:
resource = self.srv.cache.get_resource(ident)
except ImageServiceException, e:
abort(e.code, e.message)
if resource is None:
if identity.not_anonymous():
abort(403)
else:
abort(401)
return resource
# try to find user name in the map otherwise will query the database
def get_user_name(self, uri):
if uri in self.user_map:
return self.user_map[uri]
owner = data_service.get_resource(uri)
self.user_map[uri] = owner.get('name')
return owner.get('name')
@expose()
def image(self, *path, **kw):