def __get_validate_data(self, dtoken, duser): """return ValidateData object for a token/user pair""" token = auth.Token(dtoken.expires, dtoken.token_id, dtoken.tenant_id) ts = [] if dtoken.tenant_id: droleRefs = db_api.role_ref_get_all_tenant_roles(duser.id, dtoken.tenant_id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) droleRefs = db_api.role_ref_get_all_global_roles(duser.id) for droleRef in droleRefs: ts.append(roles.RoleRef(droleRef.id, droleRef.role_id, droleRef.tenant_id)) user = auth.User(duser.id, duser.tenant_id, None, roles.RoleRefs(ts, [])) return auth.ValidateData(token, user)
def __validate_token(self, token_id, admin=True): if not token_id: raise fault.UnauthorizedFault("Missing token") (token, user) = self.__get_dauth_data(token_id) if not token: raise fault.ItemNotFoundFault("Bad token, please reauthenticate") if token.expires < datetime.now(): raise fault.ForbiddenFault("Token expired, please renew") if not user.enabled: raise fault.UserDisabledFault("The user %s has been disabled!" % user.id) if admin: roleRefs = db_api.role_ref_get_all_global_roles(user.id) for roleRef in roleRefs: if roleRef.role_id == "Admin" and roleRef.tenant_id is None: return (token, user) raise fault.UnauthorizedFault("You are not authorized " "to make this call") return (token, user)