def has_access(region, api, abort, user):
"""
Check the Authorization of the current user for this region and this API.
If abort is True, the request is aborted with the appropriate HTTP code.
Warning: Please this function is cached therefore it should not be
dependent of the request context, so keep it as a pure function.
"""
if current_app.config.get('PUBLIC', False):
#if jormungandr is on public mode we skip the authentification process
return True
if not user:
#no user --> no need to continue, we can abort, a user is mandatory even for free region
abort_request(user=user)
model_instance = Instance.get_by_name(region)
if not model_instance:
if abort:
raise RegionNotFound(region)
return False
if (model_instance.is_free
and user.have_access_to_free_instances) or user.has_access(
model_instance.id, api):
return True
else:
if abort:
abort_request(user=user)
else:
return False
def has_access(region, api, abort, user):
"""
Check the Authorization of the current user for this region and this API.
If abort is True, the request is aborted with the appropriate HTTP code.
Warning: Please this function is cached therefore it should not be
dependent of the request context, so keep it as a pure function.
"""
# if jormungandr is on public mode or database is not accessible, we skip the authentication process
logging.getLogger(__name__).debug('User "has_access" to region/api not cached')
if current_app.config.get('PUBLIC', False) or (not can_connect_to_database()):
return True
if not user:
# no user --> no need to continue, we can abort, a user is mandatory even for free region
# To manage database error of the following type we should fetch one more time from database
# Can connect to database but at least one table/attribute is not accessible due to transaction problem
if can_read_user():
context = 'User is undefined, but table users is accessible in database'
abort_request(user=user, context=context)
else:
return True
try:
model_instance = Instance.get_by_name(region)
except Exception as e:
logging.getLogger(__name__).error('No access to table Instance (error: {})'.format(e))
g.can_connect_to_database = False
return True
if not model_instance:
if abort:
raise RegionNotFound(region)
return False
if (model_instance.is_free and user.have_access_to_free_instances) or user.has_access(
model_instance.id, api
):
return True
else:
if abort:
context = 'User has no permission to access this api {} or instance {}'.format(
api, model_instance.id
)
abort_request(user=user, context=context)
else:
return False
def authenticate(region, api, abort=False):
"""
Check the Authorization of the current user for this region and this API.
If abort is True, the request is aborted with the appropriate HTTP code.
"""
if 'PUBLIC' in current_app.config \
and current_app.config['PUBLIC']:
#if jormungandr is on public mode we skip the authentification process
return True
#Hack to allow user not logged in...
token = get_token()
if not token:
instance = Instance.get_by_name(region)
if abort:
if instance and instance.is_free:
return True
else:
abort_request()
else:
return False if not instance else instance.first().is_free
user = get_user()
if user:
if user.has_access(region, api):
return True
else:
if abort:
abort_request()
else:
return False
else:
if abort:
abort_request()
else:
return False