def sensitive_domain(domain): """ Checks if user has the admin role, the domain does not match sensitive domains and whitelisted domain patterns. :param domain: domain name (str) :return: """ if SensitiveDomainPermission().can(): # User has permission, no need to check anything return whitelist = current_app.config.get("LEMUR_WHITELISTED_DOMAINS", []) if whitelist and not any( re.match(pattern, domain) for pattern in whitelist): raise ValidationError( "Domain {0} does not match whitelisted domain patterns. " "Contact an administrator to issue the certificate.".format( domain)) # Avoid circular import. from lemur.domains import service as domain_service if any(d.sensitive for d in domain_service.get_by_name(domain)): raise ValidationError( "Domain {0} has been marked as sensitive. " "Contact an administrator to issue the certificate.".format( domain))
def check_sensitive_domains(domains): """ Determines if any certificates in the given certificate are marked as sensitive :param domains: :return: """ for domain in domains: domain_objs = domain_service.get_by_name(domain) for d in domain_objs: if d.sensitive: raise ValueError("The domain {0} has been marked as sensitive. Contact an administrator to " "issue this certificate".format(d.name))
def sensitive_domain(domain): """ Determines if domain has been marked as sensitive. :param domain: :return: """ domains = domain_service.get_by_name(domain) for domain in domains: # we only care about non-admins if not SensitiveDomainPermission().can(): if domain.sensitive: raise ValidationError( 'Domain {0} has been marked as sensitive, contact and administrator \ to issue the certificate.'.format(domain))
def check_sensitive_domains(domains): """ Determines if any certificates in the given certificate are marked as sensitive :param domains: :return: """ for domain in domains: domain_objs = domain_service.get_by_name(domain) for d in domain_objs: if d.sensitive: raise ValueError( "The domain {0} has been marked as sensitive. Contact an administrator to " "issue this certificate".format(d.name))
def sensitive_domain(domain): """ Determines if domain has been marked as sensitive. :param domain: :return: """ restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS'] domains = domain_service.get_by_name(domain) for domain in domains: # we only care about non-admins if not SensitiveDomainPermission().can(): if domain.sensitive or any([re.match(pattern, domain.name) for pattern in restricted_domains]): raise ValidationError( 'Domain {0} has been marked as sensitive, contact and administrator \ to issue the certificate.'.format(domain))
def sensitive_domain(domain): """ Determines if domain has been marked as sensitive. :param domain: :return: """ restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS'] domains = domain_service.get_by_name(domain) for domain in domains: # we only care about non-admins if not SensitiveDomainPermission().can(): if domain.sensitive or any([ re.match(pattern, domain.name) for pattern in restricted_domains ]): raise ValidationError( 'Domain {0} has been marked as sensitive, contact and administrator \ to issue the certificate.'.format(domain))
def sensitive_domain(domain): """ Checks if user has the admin role, the domain does not match sensitive domains and whitelisted domain patterns. :param domain: domain name (str) :return: """ if SensitiveDomainPermission().can(): # User has permission, no need to check anything return whitelist = current_app.config.get('LEMUR_WHITELISTED_DOMAINS', []) if whitelist and not any(re.match(pattern, domain) for pattern in whitelist): raise ValidationError('Domain {0} does not match whitelisted domain patterns. ' 'Contact an administrator to issue the certificate.'.format(domain)) if any(d.sensitive for d in domain_service.get_by_name(domain)): raise ValidationError('Domain {0} has been marked as sensitive. ' 'Contact an administrator to issue the certificate.'.format(domain))