def export_headers(sync_raw_response, current_request):
"""Convert Sync headers to Kinto compatible ones."""
response_headers = sync_raw_response.headers
syncto_response = current_request.response
headers = syncto_response.headers
if 'X-Last-Modified' in response_headers:
last_modified = float(response_headers['X-Last-Modified'])
headers['ETag'] = '"%s"' % int(last_modified * 1000)
syncto_response.last_modified = last_modified
if 'X-Weave-Next-Offset' in response_headers:
params = current_request.GET.copy()
params['_token'] = str(response_headers['X-Weave-Next-Offset'])
service = utils.current_service(current_request)
next_page_url = current_request.route_url(service.name, _query=params,
**current_request.matchdict)
headers['Next-Page'] = next_page_url
if 'X-Weave-Records' in response_headers:
headers['Total-Records'] = str(response_headers['X-Weave-Records'])
if 'X-Weave-Quota-Remaining' in response_headers:
headers['Quota-Remaining'] = str(
response_headers['X-Weave-Quota-Remaining'])
if 'X-Weave-Alert' in response_headers:
headers['Alert'] = str(
response_headers['X-Weave-Alert'])
if 'X-Weave-Backoff' in response_headers:
headers['Backoff'] = str(
response_headers['X-Weave-Backoff'])
def export_headers(sync_raw_response, current_request):
"""Convert Sync headers to Kinto compatible ones."""
response_headers = sync_raw_response.headers
syncto_response = current_request.response
headers = syncto_response.headers
headers['Cache-Control'] = 'no-cache'
if 'X-Last-Modified' in response_headers:
last_modified = float(response_headers['X-Last-Modified'])
headers['ETag'] = '"%s"' % int(last_modified * 1000)
syncto_response.last_modified = last_modified
if 'X-Weave-Next-Offset' in response_headers:
params = current_request.GET.copy()
params['_token'] = str(response_headers['X-Weave-Next-Offset'])
service = utils.current_service(current_request)
next_page_url = current_request.route_url(service.name,
_query=params,
**current_request.matchdict)
headers['Next-Page'] = next_page_url
if 'X-Weave-Records' in response_headers:
headers['Total-Records'] = str(response_headers['X-Weave-Records'])
if 'X-Weave-Quota-Remaining' in response_headers:
headers['Quota-Remaining'] = str(
response_headers['X-Weave-Quota-Remaining'])
if 'X-Weave-Alert' in response_headers:
headers['Alert'] = str(response_headers['X-Weave-Alert'])
if 'X-Weave-Backoff' in response_headers:
headers['Backoff'] = str(response_headers['X-Weave-Backoff'])
def _record_uri_from_collection(self, record_id):
# Since the current request is on a collection, the record URI must
# be found out by inspecting the collection service and its sibling
# record service.
service = current_service(self.request)
record_service = service.name.replace('-collection', '-record')
matchdict = self.request.matchdict.copy()
matchdict['id'] = record_id
record_uri = self.request.route_path(record_service, **matchdict)
return record_uri
def __init__(self, request):
# Make it available for the authorization policy.
self.prefixed_userid = getattr(request, "prefixed_userid", None)
self._check_permission = request.registry.permission.check_permission
# Partial collections of ProtectedResource:
self.shared_ids = []
# Store service, resource, record and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if is_on_resource:
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id = self.get_permission_object_id(request)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, use its collection to catch an
# eventual NotFound.
resource = service.resource(request=request, context=self)
try:
record = resource.collection.get_record(resource.record_id)
self.current_record = record
except storage_exceptions.RecordNotFoundError:
self.permission_object_id = service.collection_path.format(
**request.matchdict)
self.required_permission = "create"
else:
self.required_permission = "write"
else:
method = request.method.lower()
self.required_permission = self.method_permissions.get(method)
self.resource_name = service.viewset.get_name(service.resource)
if self.on_collection:
object_id_match = self.get_permission_object_id(request, '*')
self.get_shared_ids = functools.partial(
request.registry.permission.principals_accessible_objects,
object_id_match=object_id_match)
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request):
# Make it available for the authorization policy.
self.prefixed_userid = getattr(request, "prefixed_userid", None)
# Store service, resource, record and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if not is_on_resource:
object_id = None
permission = None
resource_name = None
check_permission = None
else:
object_id = get_object_id(request.path)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, call it with the request and catch an
# eventual NotFound.
resource = service.resource(request=request, context=self)
try:
resource.collection.get_record(resource.record_id)
except storage_exceptions.RecordNotFoundError:
object_id = service.collection_path.format(
**request.matchdict)
permission = "create"
else:
permission = "write"
else:
method = request.method.lower()
permission = self.method_permissions.get(method)
resource_name = service.viewset.get_name(service.resource)
check_permission = functools.partial(
request.registry.permission.check_permission,
object_id)
settings = request.registry.settings
settings_key = 'cliquet.%s_%s_principals' % (resource_name, permission)
self.allowed_principals = aslist(settings.get(settings_key, ''))
self.object_id = object_id
self.required_permission = permission
self.resource_name = resource_name
self.check_permission = check_permission
def _next_page_url(self, sorting, limit, last_record):
"""Build the Next-Page header from where we stopped."""
token = self._build_pagination_token(sorting, last_record)
params = self.request.GET.copy()
params['_limit'] = limit
params['_token'] = token
service = current_service(self.request)
next_page_url = self.request.route_url(service.name, _query=params,
**self.request.matchdict)
return next_page_url
def __init__(self, request):
# Make it available for the authorization policy.
self.get_prefixed_userid = functools.partial(prefixed_userid, request)
self._check_permission = request.registry.permission.check_permission
# Partial collections of ShareableResource:
self.shared_ids = []
# Store service, resource, record and required permission.
service = utils.current_service(request)
is_on_resource = (service is not None and hasattr(service, 'viewset')
and hasattr(service, 'resource'))
if is_on_resource:
self.on_collection = getattr(service, "type", None) == "collection"
self.permission_object_id = self.get_permission_object_id(request)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, use its collection to catch an
# eventual NotFound.
resource = service.resource(request=request, context=self)
try:
record = resource.model.get_record(resource.record_id)
self.current_record = record
except storage_exceptions.RecordNotFoundError:
self.permission_object_id = service.collection_path.format(
**request.matchdict)
self.required_permission = "create"
else:
self.required_permission = "write"
else:
method = request.method.lower()
self.required_permission = self.method_permissions.get(method)
self.resource_name = request.current_resource_name
if self.on_collection:
object_id_match = self.get_permission_object_id(request, '*')
self.get_shared_ids = functools.partial(
request.registry.permission.principals_accessible_objects,
object_id_match=object_id_match)
settings = request.registry.settings
setting = '%s_%s_principals' % (self.resource_name,
self.required_permission)
self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, action, resource, request):
self.request = request
service = current_service(request)
resource_name = service.viewset.get_name(resource.__class__)
self.payload = {'timestamp': resource.timestamp,
'action': action,
'uri': strip_uri_prefix(request.path),
'user_id': request.prefixed_userid,
'resource_name': resource_name}
matchdict = dict(request.matchdict)
if 'id' in request.matchdict:
matchdict[resource_name + '_id'] = matchdict.pop('id')
self.payload.update(**matchdict)
def __init__(self, request):
service = utils.current_service(request)
is_on_resource = (service is not None and
hasattr(service, 'viewset') and
hasattr(service, 'resource'))
if not is_on_resource:
object_id = None
permission = None
resource_name = None
check_permission = None
else:
object_id = get_object_id(request.path)
# Decide what the required unbound permission is depending on the
# method that's being requested.
if request.method.lower() == "put":
# In the case of a "PUT", check if the targetted record already
# exists, return "write" if it does, "create" otherwise.
# If the view exists, call it with the request and catch an
# eventual NotFound.
resource = service.resource(request)
try:
resource.collection.get_record(resource.record_id)
except storage_exceptions.RecordNotFoundError:
object_id = service.collection_path.format(
**request.matchdict)
permission = "create"
else:
permission = "write"
else:
permission = self.method_permissions[request.method.lower()]
resource_name = service.viewset.get_name(service.resource)
check_permission = functools.partial(
request.registry.permission.check_permission,
object_id)
self.object_id = object_id
self.required_permission = permission
self.resource_name = resource_name
self.check_permission = check_permission
def get_permission_object_id(self, request, record_id=None):
record_uri = request.path
if self.on_collection and record_id is not None:
# With the current request on a collection, the record URI must
# be found out by inspecting the collection service and its sibling
# record service.
service = utils.current_service(request)
# XXX: Why not use service.path.format(id=) ?
record_service = service.name.replace('-collection', '-record')
matchdict = request.matchdict.copy()
matchdict['id'] = record_id
record_uri = request.route_path(record_service, **matchdict)
if record_id == '*':
record_uri = record_uri.replace('%2A', '*')
return utils.strip_uri_prefix(record_uri)
def collection_post(self):
"""Override the collection POST endpoint to store the permissions
specified for the newly created record.
"""
result = super(ProtectedResource, self).collection_post()
record_id = result['data'][self.collection.id_field]
# Since the current request is on a collection, the record URI must
# be found out by inspecting the collection service and its sibling
# record service.
service = current_service(self.request)
record_service = service.name.replace('-collection', '-record')
matchdict = self.request.matchdict.copy()
matchdict['id'] = record_id
record_uri = self.request.route_path(record_service, **matchdict)
object_id = authorization.get_object_id(record_uri)
result['permissions'] = self._store_permissions(object_id=object_id)
return result
def test_current_service_returns_the_service_for_existing_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/buckets'
request.registry.cornice_services = {'/buckets': mock.sentinel.service}
self.assertEqual(current_service(request), mock.sentinel.service)
def test_current_service_returns_none_for_unexisting_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/unexisting'
request.registry.cornice_services = {}
self.assertEqual(current_service(request), None)
def test_current_service_returns_none_for_unexisting_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/unexisting'
request.registry.cornice_services = {}
self.assertEqual(current_service(request), None)
def test_current_service_returns_the_service_for_existing_patterns(self):
request = DummyRequest()
request.matched_route.pattern = '/buckets'
request.registry.cornice_services = {'/buckets': mock.sentinel.service}
self.assertEqual(current_service(request), mock.sentinel.service)
