def protected_grantUri(self, uri, uid):
"""Returns a key for the capability ('ruleset.uri', uri).
This can be used to delegate control of a particular URI's ruleset-
an administrator would call this function to retrieve a key for a particular
URI, then hand that to someone else who would only have the ability
to edit that URI.
"""
return Security.User(int(uid)).grant(('ruleset.uri', str(uri)))
def rpcWrapper(*args):
import Security
result = defer.Deferred()
# First argument is the key
try:
key = args[0]
args = args[1:]
except IndexError:
raise TypeError(
"This is a protected function, the first argument must be a capability key"
)
# Look up the capabilities list
caps = getattr(interface, "caps_%s" % path[-1], None)
if not caps:
caps = self.makeDefaultCaps(path)
if callable(caps):
caps = caps(path, *args)
# A callback invoked when our key is successfully validated
def keyValidated(unimportant):
d = defer.maybeDeferred(f, *args)
d.addBoth(Security.logProtectedCall, path, args, user)
d.chainDeferred(result)
def keyError(failure):
Security.logProtectedCall(failure,
path,
args,
user,
allowed=False)
result.errback(failure)
# Check the capabilities asynchronously (requires a database query)
user = Security.User(key=str(key))
d = user.require(*caps)
d.addCallback(keyValidated)
d.addErrback(keyError)
return result
