def __get_validate_data(self, dtoken, duser):
"""return ValidateData object for a token/user pair"""
token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id)
ts = []
if dtoken.tenant_id:
droleRefs = db_api.role_ref_get_all_tenant_roles(duser.id,
dtoken.tenant_id)
for droleRef in droleRefs:
ts.append(roles.RoleRef(droleRef.id, droleRef.role_id,
droleRef.tenant_id))
droleRefs = db_api.role_ref_get_all_global_roles(duser.id)
for droleRef in droleRefs:
ts.append(roles.RoleRef(droleRef.id, droleRef.role_id,
droleRef.tenant_id))
user = auth.User(duser.id, duser.tenant_id, None, roles.RoleRefs(ts,
[]))
return auth.ValidateData(token, user)
def __validate_token(self, token_id, admin=True):
if not token_id:
raise fault.UnauthorizedFault("Missing token")
(token, user) = self.__get_dauth_data(token_id)
if not token:
raise fault.ItemNotFoundFault("Bad token, please reauthenticate")
if token.expires < datetime.now():
raise fault.ForbiddenFault("Token expired, please renew")
if not user.enabled:
raise fault.UserDisabledFault("The user %s has been disabled!"
% user.id)
if admin:
roleRefs = db_api.role_ref_get_all_global_roles(user.id)
for roleRef in roleRefs:
if roleRef.role_id == "Admin" and roleRef.tenant_id is None:
return (token, user)
raise fault.UnauthorizedFault("You are not authorized "
"to make this call")
return (token, user)
