def wrapped(context=None, data_dict=None, **kw): if kw: log.critical('%s was passed extra keywords %r' % (_action.__name__, kw)) context = _prepopulate_context(context) # Auth Auditing # store this action name in the auth audit so we can see if # check access was called on the function we store the id of # the action incase the action is wrapped inside an action # of the same name. this happens in the datastore context.setdefault('__auth_audit', []) context['__auth_audit'].append((action_name, id(_action))) # check_access(action_name, context, data_dict=None) result = _action(context, data_dict, **kw) try: audit = context['__auth_audit'][-1] if audit[0] == action_name and audit[1] == id(_action): if action_name not in new_authz.auth_functions_list(): log.debug('No auth function for %s' % action_name) elif not getattr(_action, 'auth_audit_exempt', False): raise Exception( 'Action function {0} did not call its auth function' .format(action_name)) # remove from audit stack context['__auth_audit'].pop() except IndexError: pass return result
def wrapped(context=None, data_dict=None, **kw): if kw: log.critical('%s was passed extra keywords %r' % (_action.__name__, kw)) context = _prepopulate_context(context) # Auth Auditing - checks that the action function did call # check_access (unless there is no accompanying auth function). # We push the action name and id onto the __auth_audit stack # before calling the action, and check_access removes it. # (We need the id of the action in case the action is wrapped # inside an action of the same name, which happens in the # datastore) context.setdefault('__auth_audit', []) context['__auth_audit'].append((action_name, id(_action))) # check_access(action_name, context, data_dict=None) result = _action(context, data_dict, **kw) try: audit = context['__auth_audit'][-1] if audit[0] == action_name and audit[1] == id(_action): if action_name not in new_authz.auth_functions_list(): log.debug('No auth function for %s' % action_name) elif not getattr(_action, 'auth_audit_exempt', False): raise Exception( 'Action function {0} did not call its auth function' .format(action_name)) # remove from audit stack context['__auth_audit'].pop() except IndexError: pass return result
def wrapped(context=None, data_dict=None, **kw): if kw: log.critical('%s was pass extra keywords %r' % (_action.__name__, kw)) if context is None: context = {} context.setdefault('model', model) context.setdefault('session', model.Session) try: context.setdefault('user', c.user or c.author) except TypeError: # c not registered pass # Auth Auditing # store this action name in the auth audit so we can see if # check access was called on the function we store the id of # the action incase the action is wrapped inside an action # of the same name. this happens in the datastore context.setdefault('__auth_audit', []) context['__auth_audit'].append((action_name, id(_action))) # check_access(action_name, context, data_dict=None) result = _action(context, data_dict, **kw) try: audit = context['__auth_audit'][-1] if audit[0] == action_name and audit[1] == id(_action): if action_name not in new_authz.auth_functions_list(): log.debug('No auth function for %s' % action_name) elif not getattr(_action, 'auth_audit_exempt', False): raise Exception('Action Auth Audit: %s' % action_name) # remove from audit stack context['__auth_audit'].pop() except IndexError: pass return result