async def process(self, req: Request['FastExecute_POST.Arguments'], user: User) -> None: action = req.args.action if action is Actions.CANCEL: page = cast('FastExecute_POST', self.page) raise Redirect(req.args.refererURL or page.getParentURL(req.args)) if action is Actions.EXECUTE: checkPrivilege(user, 'j/c', 'create jobs') # Create jobs. jobIds = [] userName = user.name for configId in sorted(req.args.confirmedId): # TODO: Configs that have disappeared or become invalid are # silently ignored. Since this is a rare situation, # it is a minor problem, but still bad behaviour. try: config = self.configDB[configId] except KeyError: pass else: if config.hasValidInputs(): jobDB = self.jobDB for job in config.createJobs(userName): jobDB.add(job) jobIds.append(job.getId()) raise Redirect(createJobsURL(jobIds)) assert False, action
def checkAccess(self, user: User) -> None: # TODO: This is a hint that access control might belong in Processor. databases = GetFactoryInfo_GET.Processor.databases # Check that user has 'list' privileges for all databases. # For the singleton project DB, check the 'access' privilege instead. for db in databases: priv = f'{db.privilegeObject}/l' checkPrivilege(user, 'p/a' if priv == 'p/l' else priv)
def checkAccess(self) -> None: user = self.user if user.hasPrivilege('tr/*'): return else: checkPrivilege( user, 'j/l', 'You do not have the necessary permissions to list jobs')
def checkAccess(self) -> None: user = self.user if user.hasPrivilege('tr/*'): run = _runForRunnerUser(self.resourceDB, user) if self.run.getId() != run.getId(): raise AccessDenied('Task Runner is running a different task') else: checkPrivilege( user, 't/a', 'You do not have the necessary permissions to access tasks')
def checkAccess(self) -> None: user = self.user if user.hasPrivilege('tr/*'): job = _runForRunnerUser(self.resourceDB, user).getJob() if self.job.getId() != job.getId(): raise AccessDenied('Task Runner is running a different job') else: # TODO: Our privilege system is too fine grained. checkPrivilege( user, 'j/a', 'You do not have the necessary permissions to access jobs') checkPrivilege( user, 't/l', 'You do not have the necessary permissions to list tasks')
async def process(self, req: Request['DelFinishedSchedules_POST.Arguments'], user: User) -> None: action = req.args.action if action is Actions.CANCEL: page = cast(DelFinishedSchedules_POST, self.page) raise Redirect(page.getParentURL(req.args)) elif action is Actions.DELETE: checkPrivilege(user, 's/d', 'delete all finished schedules') scheduleDB = self.scheduleDB finishedSchedules = [ schedule for schedule in scheduleDB if schedule.isDone() ] for schedule in finishedSchedules: scheduleDB.remove(schedule) else: assert False, action
async def process(self, req: Request['GetTagged_GET.Arguments'], user: User) -> None: # Determine subject and access rights. try: db = self.subjectToDB(req.args.subject) except KeyError: raise InvalidRequest( f'Invalid subject type "{req.args.subject}"') checkPrivilege(user, db.privilegeObject + '/l', f'list {db.description}s') # Determine keys and values. keys = req.args.key values = req.args.value tagCache = db.tagCache if tagCache is not None: # Restrict keys to those that actually exist. if keys: keys = keys & set(tagCache.getKeys()) else: keys = set(tagCache.getKeys()) # Filter records. matches = [] for record in db.values(): tags = record.tags for key in keys: if tags.hasTagKey(key): recordId = record.getId() if values: for value in values: if tags.hasTagValue(key, value): matches.append((recordId, key, value)) else: for value in tags.getTagValues(key): matches.append((recordId, key, value)) # pylint: disable=attribute-defined-outside-init self.matches = matches
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'td/l', 'list task definitions') checkPrivilege(user, 'td/a', 'access task definitions')
def checkAccess(self, user: User) -> None: # Error messages might leak info about schedule, so make sure at least # read-only access is allowed. # The processor will do additional checks. checkPrivilege(user, 's/a')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'u/m', 'control user accounts')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 't/m', 'set alert status')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'tr/*', 'sync a Task Runner')
def checkAccess(self, user: User) -> None: # Error messages might leak info about job/task existence, so make sure # at least read-only access is allowed. # The processor will do additional checks. checkPrivilege(user, 'j/l') checkPrivilege(user, 't/l')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'p/m', 'change project settings')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'j/a', 'view the task list')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'r/a', 'reserve resources')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'tr/*', 'set tasks results')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'j/l', 'view the report list')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 't/a', 'view task reports')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'u/c', 'add new users')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'u/mo', 'change your password')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'r/l')
def checkAccess(self, user: User) -> None: checkPrivilege(user, 'r/m', 'control resources')