def permits(self, context, principals, permission): if not permission or permission == NO_PERMISSION_REQUIRED: return True if permission == NOT_ALLOWED: return ACLDenied('<NOT ALLOWED permission>', None, permission, principals, context) if SUPERUSER_URI in principals or \ auth_service.get_effective_userid() == SUPERUSER_URI: return ACLAllowed('Superuser', None, permission, principals, context) return super(PtahAuthorizationPolicy, self).permits(context, principals, permission)
def permits(self, context, principals, permission): if not permission or permission == NO_PERMISSION_REQUIRED: return True if permission == NOT_ALLOWED: return ACLDenied( '<NOT ALLOWED permission>', None, permission, principals, context) if SUPERUSER_URI in principals or \ auth_service.get_effective_userid() == SUPERUSER_URI: return ACLAllowed( 'Superuser', None, permission, principals, context) return super(PtahAuthorizationPolicy, self).permits( context, principals, permission)
def check_permission(permission, context, request=None, throw=False): """ Check `permission` withing `context`. :param permission: Permission :type permission: (Permission or sting) :param context: Context object :param throw: Throw HTTPForbidden exception. """ if not permission or permission == NO_PERMISSION_REQUIRED: return True if permission == NOT_ALLOWED: if throw: raise HTTPForbidden() return False userid = auth_service.get_effective_userid() if userid == SUPERUSER_URI: return True AUTHZ = get_current_registry().getUtility(IAuthorizationPolicy) principals = [Everyone.id] if userid is not None: principals.extend((Authenticated.id, userid)) roles = get_local_roles(userid, context=context) if roles: principals.extend(roles) res = AUTHZ.permits(context, principals, permission) if isinstance(res, ACLDenied): if throw: raise HTTPForbidden(res) return False return True