def Layout(self, request, response):
"""Checks the level of access the user has to this client."""
self.subject = request.REQ.get("subject", "")
self.silent = request.REQ.get("silent", "")
token = request.token
# When silent=True, we don't show ACLDialog in case of failure.
# This is useful when we just want to make an access check and set
# the correct reason (if found) without asking for a missing approval.
if self.silent:
self.layout_template = self.silent_template
self.refresh_after_form_submit = True
subject_urn = rdfvalue.RDFURN(self.subject)
namespace, _ = subject_urn.Split(2)
if self.CheckObjectAccess(subject_urn, token):
return self.CallJavascript(
response,
"CheckAccess.AccessOk",
reason=self.reason,
silent=self.silent)
self.cc_address = config_lib.CONFIG["Email.approval_optional_cc_address"]
recent_reasons_list = api_user.ApiListClientApprovalsHandler().Handle(
api_user.ApiListClientApprovalsArgs(count=5), token=request.token)
self.recent_reasons = [x.reason for x in recent_reasons_list.items]
if namespace == "hunts":
self.approval_renderer = "HuntApprovalRequestRenderer"
self.refresh_after_form_submit = False
elif namespace == "cron":
self.approval_renderer = "CronJobApprovalRequestRenderer"
self.refresh_after_form_submit = False
elif aff4_grr.VFSGRRClient.CLIENT_ID_RE.match(namespace):
self.approval_renderer = "ClientApprovalRequestRenderer"
self.show_keepalive_option = True
else:
raise RuntimeError(
"Unexpected namespace for access check: %s (subject=%s)." %
(namespace, self.subject))
response = super(CheckAccess, self).Layout(request, response)
if not self.silent:
return self.CallJavascript(
response,
"CheckAccess.Layout",
subject=self.subject,
refresh_after_form_submit=self.refresh_after_form_submit,
approval_renderer=self.approval_renderer)
else:
return response
def ListClientApprovals(self, args, token=None):
return api_user.ApiListClientApprovalsHandler()
def setUp(self):
super(ApiListClientApprovalsHandlerTest, self).setUp()
self.handler = user_plugin.ApiListClientApprovalsHandler()
self.client_ids = self.SetupClients(self.CLIENT_COUNT)
def ListClientApprovals(self, requestor=None):
requestor = requestor or self.token.username
handler = api_user.ApiListClientApprovalsHandler()
return handler.Handle(
api_user.ApiListClientApprovalsArgs(),
token=access_control.ACLToken(username=requestor)).items
