Python Claim.has_organization_access示例

编程语言: Python

命名空间/包名称: auth_middleware.claim

类/类型: Claim

方法/功能: has_organization_access

hotexamples.com的示例: 2

Python Claim.has_organization_access - 已找到2个示例。这些是从开源项目中提取的最受好评的auth_middleware.claim.Claim.has_organization_access现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

from_claim_type(14)

has_organization_access(2)

from_token(1)

get_role(1)

has_dataset_access(1)

示例#1

显示文件

文件： auth.py 项目： clohr/model-service

def validate_claim(
    token_info: Claim,
    dataset_id: DatasetId,
    permissions: List[DatasetPermission],
    organization_id: Optional[OrganizationId] = None,
) -> AuthContext:

    # API v1 does not specify an organization. Additionally, for v1 API
    # compatability, we assume the organization of context is the head
    # organization in the given JWT claim:
    if organization_id is None:
        if token_info.head_organization_node_id is None:
            raise OAuthProblem("Missing organization node id")
        organization_int_id: OrganizationId = OrganizationId(
            token_info.head_organization_id.id
        )
    else:
        organization_int_id = OrganizationId(organization_id)

    dataset_int_id = dataset_id

    if token_info.is_user_claim:
        if token_info.content.node_id is None:
            raise OAuthProblem("Missing user node ID")
        user_node_id = UserNodeId(token_info.content.node_id)
    else:
        user_node_id = SERVICE_USER_NODE_ID

    auth_organization_id = RoleOrganizationId(organization_int_id)
    auth_dataset_id = RoleDatasetId(dataset_int_id)

    if not token_info.has_organization_access(auth_organization_id):
        raise Forbidden

    for permission in permissions:
        if not token_info.has_dataset_access(auth_dataset_id, permission):
            raise Forbidden

    # (invariant):
    # These roles should never be None and are assumed to be valid given the
    # checks above.
    organization_role = token_info.get_role(auth_organization_id)
    dataset_role = token_info.get_role(auth_dataset_id)

    def get_locked():
        for role in token_info.content.roles:
            # we do not pass through the locked field for a wildcard role,
            # since by definition the wildcard means we don't know individual datasets are locked or not
            if role.id == auth_dataset_id and isinstance(role, DatasetRole):
                return role.locked
        return None

    return AuthContext(
        organization_id=organization_int_id,
        dataset_id=dataset_id,
        user_node_id=user_node_id,
        organization_node_id=organization_role.node_id,
        dataset_node_id=dataset_role.node_id,
        locked=get_locked(),
    )

示例#2

显示文件

文件： search.py 项目： Pennsieve/model-service

def authorize_search(organization_id: int, trace_id: TraceId,
                     token_info: Claim):

    if not token_info.is_user_claim:
        raise OAuthProblem("Requires a user claim")

    if not token_info.has_organization_access(
            RoleOrganizationId(organization_id)):
        raise Forbidden

    user_id = UserId(token_info.content.node_id)

    datasets = PennsieveApiClient.get().get_datasets(
        headers=dict(**auth_header(), **with_trace_id_header(trace_id)))

    return SearchDatabase(
        db=current_app.config["db"],
        organization_id=organization_id,
        user_id=user_id,
        datasets=datasets,
    )