def _CheckAccess(self, username, subject_id, approval_type):
"""Checks access to a given subject by a given user."""
utils.AssertType(subject_id, unicode)
cache_key = (username, subject_id, approval_type)
try:
self.acl_cache.Get(cache_key)
stats.STATS.IncrementCounter("approval_searches", fields=["-", "cache"])
return True
except KeyError:
stats.STATS.IncrementCounter("approval_searches", fields=["-", "reldb"])
approvals = data_store.REL_DB.ReadApprovalRequests(
username, approval_type, subject_id=subject_id, include_expired=False)
errors = []
for approval in approvals:
try:
approval_checks.CheckApprovalRequest(approval)
self.acl_cache.Put(cache_key, True)
return
except access_control.UnauthorizedAccess as e:
errors.append(e)
subject = approval_checks.BuildLegacySubject(subject_id, approval_type)
if not errors:
raise access_control.UnauthorizedAccess(
"No approval found.", subject=subject)
else:
raise access_control.UnauthorizedAccess(
" ".join(utils.SmartStr(e) for e in errors), subject=subject)
def _CheckAccess(self, username, subject_id, approval_type):
"""Checks access to a given subject by a given user."""
precondition.AssertType(subject_id, Text)
cache_key = (username, subject_id, approval_type)
try:
self.acl_cache.Get(cache_key)
APPROVAL_SEARCHES.Increment(fields=["-", "cache"])
return True
except KeyError:
APPROVAL_SEARCHES.Increment(fields=["-", "reldb"])
approvals = data_store.REL_DB.ReadApprovalRequests(
username,
approval_type,
subject_id=subject_id,
include_expired=False)
errors = []
for approval in approvals:
try:
approval_checks.CheckApprovalRequest(approval)
self.acl_cache.Put(cache_key, True)
return
except access_control.UnauthorizedAccess as e:
errors.append(e)
subject = approval_checks.BuildLegacySubject(subject_id, approval_type)
if not errors:
raise access_control.UnauthorizedAccess("No approval found.",
subject=subject)
else:
raise access_control.UnauthorizedAccess(" ".join(
str(e) for e in errors),
subject=subject)
