示例#1
0
    def test_check_token(self):
        result = appier.check_token(None, "admin", tokens_m={"*": True})
        self.assertEqual(result, True)

        result = appier.check_token(None, "admin", tokens_m={})
        self.assertEqual(result, False)

        result = appier.check_token(None, "admin", tokens_m={"admin": True})
        self.assertEqual(result, True)

        result = appier.check_token(None,
                                    "admin.read",
                                    tokens_m={"admin": {
                                        "read": True
                                    }})
        self.assertEqual(result, True)

        result = appier.check_token(None,
                                    "admin",
                                    tokens_m={"admin": {
                                        "read": True
                                    }})
        self.assertEqual(result, False)

        result = appier.check_token(None,
                                    "admin.read",
                                    tokens_m={"admin": {
                                        "*": True
                                    }})
        self.assertEqual(result, True)

        result = appier.check_token(None, None, tokens_m={})
        self.assertEqual(result, True)
示例#2
0
文件: util.py 项目: marcosptf/fedora
    def test_check_token(self):
        result = appier.check_token(None, "admin", tokens_m = {"*" : True})
        self.assertEqual(result, True)

        result = appier.check_token(None, "admin", tokens_m = {})
        self.assertEqual(result, False)

        result = appier.check_token(None, "admin", tokens_m = {"admin" : True})
        self.assertEqual(result, True)

        result = appier.check_token(None, "admin.read", tokens_m = {
            "admin" : {
                "read" : True
            }
        })
        self.assertEqual(result, True)

        result = appier.check_token(None, "admin", tokens_m = {
            "admin" : {
                "read" : True
            }
        })
        self.assertEqual(result, False)

        result = appier.check_token(None, "admin.read", tokens_m = {
            "admin" : {
                "*" : True
            }
        })
        self.assertEqual(result, True)

        result = appier.check_token(None, None, tokens_m = {})
        self.assertEqual(result, True)
示例#3
0
    def _filter_scope_g(cls, scope, account = None, owner = None):
        """
        Filters the provided sequence of tokens for the scope, so
        that only the ones allowed for the requested account are used.

        This avoid security issues like someone requesting values
        for a token that is for which the user is not allowed.

        :type scope: List
        :param scope: The list of tokens to be filtered.
        :type account: Account
        :param account: The account that is going to be used for the
        filtering of the values, in case none is provided the current
        account in session is used.
        :rtype: List
        :return: The resulting filtering list containing only the
        tokens for which the provided account is capable.
        """

        # defaults the provided owner value to the global registered
        # app to be used if required for account defaulting
        owner = owner or appier.get_app()

        # builds the list that is going to be used to store the
        # result of the scope filtering (ACL verification)
        result = []

        # retrieves the complete set of tokens from the account
        # and then converts them into the map version of them
        account = account or owner.admin_part.account_c.from_session()
        tokens = account.tokens()
        tokens_m = appier.to_tokens_m(tokens)

        # iterates over each token of the scope to validate it
        # according to the ACL of the associated account
        for token in scope:
            valid = appier.check_token(None, token, tokens_m = tokens_m)
            if not valid: continue
            result.append(token)

        # returns the final result that contains only the scope
        # tokens for which the account is entitle to register
        return result
    def _filter_scope_g(cls, scope, account = None, owner = None):
        """
        Filters the provided sequence of tokens for the scope, so
        that only the ones allowed for the requested account are used.

        This avoid security issues like someone requesting values
        for a token that is for which the user is not allowed.

        :type scope: List
        :param scope: The list of tokens to be filtered.
        :type account: Account
        :param account: The account that is going to be used for the
        filtering of the values, in case none is provided the current
        account in session is used.
        :rtype: List
        :return: The resulting filtering list containing only the
        tokens for which the provided account is capable.
        """

        # defaults the provided owner value to the global registered
        # app to be used if required for account defaulting
        owner = owner or appier.get_app()

        # builds the list that is going to be used to store the
        # result of the scope filtering (ACL verification)
        result = []

        # retrieves the complete set of tokens from the account
        # and then converts them into the map version of them
        account = account or owner.admin_part.account_c.from_session()
        tokens = account.tokens()
        tokens_m = appier.to_tokens_m(tokens)

        # iterates over each token of the scope to validate it
        # according to the ACL of the associated account
        for token in scope:
            valid = appier.check_token(None, token, tokens_m = tokens_m)
            if not valid: continue
            result.append(token)

        # returns the final result that contains only the scope
        # tokens for which the account is entitle to register
        return result