def test_invite_user_prepares_context_and_delegates_to_group_member_create(self, group_member_create): context = {"group_id": 42} group_member_create_context = context group_member_create_context["id"] = context["group_id"] new_authz.is_authorized_boolean("user_invite", context) group_member_create.assert_called(group_member_create_context, None)
def test_invite_user_prepares_context_and_delegates_to_group_member_create(self, group_member_create): context = {'group_id': 42} group_member_create_context = context group_member_create_context['id'] = context['group_id'] new_authz.is_authorized_boolean('user_invite', context) group_member_create.assert_called(group_member_create_context, None)
def package_relationship_create(context, data_dict): user = context['user'] id = data_dict['subject'] id2 = data_dict['object'] # If we can update each package we can see the relationships authorized1 = new_authz.is_authorized_boolean( 'package_update', context, {'id': id}) authorized2 = new_authz.is_authorized_boolean( 'package_update', context, {'id': id2}) if not authorized1 and authorized2: return {'success': False, 'msg': _('User %s not authorized to edit these packages') % user} else: return {'success': True}
def package_relationships_list(context, data_dict): user = context.get("user") id = data_dict["id"] id2 = data_dict.get("id2") # If we can see each package we can see the relationships authorized1 = new_authz.is_authorized_boolean("package_show", context, {"id": id}) if id2: authorized2 = new_authz.is_authorized_boolean("package_show", context, {"id": id2}) else: authorized2 = True if not (authorized1 and authorized2): return {"success": False, "msg": _("User %s not authorized to read these packages") % user} else: return {"success": True}
def package_relationships_list(context, data_dict): user = context.get('user') id = data_dict['id'] id2 = data_dict.get('id2') # If we can see each package we can see the relationships authorized1 = new_authz.is_authorized_boolean( 'package_show', context, {'id': id}) if id2: authorized2 = new_authz.is_authorized_boolean( 'package_show', context, {'id': id2}) else: authorized2 = True if not (authorized1 and authorized2): return {'success': False, 'msg': _('User %s not authorized to read these packages') % user} else: return {'success': True}
def package_relationship_delete(context, data_dict): user = context['user'] relationship = context['relationship'] # If you can create this relationship the you can also delete it authorized = new_authz.is_authorized_boolean('package_relationship_create', context, data_dict) if not authorized: return {'success': False, 'msg': _('User %s not authorized to delete relationship %s') % (user ,relationship.id)} else: return {'success': True}
def package_change_state(context, data_dict): user = context['user'] package = get_package_object(context, data_dict) # use the logic for package_update authorized = new_authz.is_authorized_boolean('package_update', context, data_dict) if not authorized: return {'success': False, 'msg': _('User %s not authorized to change state of package %s') % (str(user),package.id)} else: return {'success': True}
def group_change_state(context, data_dict): user = context['user'] group = get_group_object(context, data_dict) # use logic for group_update authorized = new_authz.is_authorized_boolean('group_update', context, data_dict) if not authorized: return {'success': False, 'msg': _('User %s not authorized to change state of group %s') % (str(user),group.id)} else: return {'success': True}
def test_auth_deleted_users_are_always_unauthorized(self): always_success = lambda x,y: {'success': True} new_authz._AuthFunctions._build() new_authz._AuthFunctions._functions['always_success'] = always_success # We can't reuse the username with the other tests because we can't # rebuild_db(), because in the setup_class we get the sysadmin. If we # rebuild the DB, we would delete the sysadmin as well. username = '******' self.create_user(username) user = model.User.get(username) user.delete() assert not new_authz.is_authorized_boolean('always_success', {'user': username}) del new_authz._AuthFunctions._functions['always_success']
def package_relationship_delete(context, data_dict): user = context["user"] relationship = context["relationship"] # If you can create this relationship the you can also delete it authorized = new_authz.is_authorized_boolean("package_relationship_create", context, data_dict) if not authorized: return { "success": False, "msg": _("User %s not authorized to delete relationship %s") % (user, relationship.id), } else: return {"success": True}
def package_change_state(context, data_dict): user = context["user"] package = get_package_object(context, data_dict) # use the logic for package_update authorized = new_authz.is_authorized_boolean("package_update", context, data_dict) if not authorized: return { "success": False, "msg": _("User %s not authorized to change state of package %s") % (str(user), package.id), } else: return {"success": True}
def group_change_state(context, data_dict): user = context["user"] group = get_group_object(context, data_dict) # use logic for group_update authorized = new_authz.is_authorized_boolean("group_update", context, data_dict) if not authorized: return { "success": False, "msg": _("User %s not authorized to change state of group %s") % (str(user), group.id), } else: return {"success": True}
def test_auth_deleted_users_are_always_unauthorized(self): always_success = lambda x, y: {"success": True} new_authz._AuthFunctions._build() new_authz._AuthFunctions._functions["always_success"] = always_success # We can't reuse the username with the other tests because we can't # rebuild_db(), because in the setup_class we get the sysadmin. If we # rebuild the DB, we would delete the sysadmin as well. username = "******" self.create_user(username) user = model.User.get(username) user.delete() assert not new_authz.is_authorized_boolean("always_success", {"user": username}) del new_authz._AuthFunctions._functions["always_success"]
def _get_relationships_Packages(pkg_ids): query = model.Session.query(model.Package)\ .filter(model.Package.id.in_(pkg_ids))\ .filter(model.Package.state == u'active') pkg_list = query.all() ret = [] context = {'model': model, 'session': model.Session, 'user': c.user or c.author} for pkg in pkg_list: # Filtrar os packages privados sem acesso de edicao: if (not pkg.private): ret.append(model_dictize.package_dictize(pkg,context)) else: if new_authz.is_authorized_boolean('package_update', context, { 'id' : pkg.id}): ret.append(model_dictize.package_dictize(pkg,context)) return ret
def group_change_state(context, data_dict): user = context['user'] group = logic_auth.get_group_object(context, data_dict) # use logic for group_update authorized = new_authz.is_authorized_boolean('group_update', context, data_dict) if not authorized: return { 'success': False, 'msg': _('User %s not authorized to change state of group %s') % (str(user), group.id) } else: return {'success': True}
def package_change_state(context, data_dict): user = context['user'] package = logic_auth.get_package_object(context, data_dict) # use the logic for package_update authorized = new_authz.is_authorized_boolean('package_update', context, data_dict) if not authorized: return { 'success': False, 'msg': _('User %s not authorized to change state of package %s') % (str(user), package.id) } else: return {'success': True}
def authorize(method, bucket, key, user, ofs): """ Check authz for the user with a given bucket/key combo within a particular ofs implementation. """ if not method in ['POST', 'GET', 'PUT', 'DELETE']: abort(400) if method != 'GET': # do not allow overwriting if ofs.exists(bucket, key): abort(409) # now check user stuff context = {'user': c.user, 'model': model} is_authorized = new_authz.is_authorized_boolean( 'file_upload', context, {}) if not is_authorized: h.flash_error('Not authorized to upload files.') abort(401)
def authorize(method, bucket, key, user, ofs): """ Check authz for the user with a given bucket/key combo within a particular ofs implementation. """ if not method in ['POST', 'GET', 'PUT', 'DELETE']: abort(400) if method != 'GET': # do not allow overwriting if ofs.exists(bucket, key): abort(409) # now check user stuff context = {'user': c.user, 'model': model} is_authorized = new_authz.is_authorized_boolean('file_upload', context, {}) if not is_authorized: h.flash_error('Not authorized to upload files.') abort(401)