def export_headers(sync_raw_response, current_request): """Convert Sync headers to Kinto compatible ones.""" response_headers = sync_raw_response.headers syncto_response = current_request.response headers = syncto_response.headers if 'X-Last-Modified' in response_headers: last_modified = float(response_headers['X-Last-Modified']) headers['ETag'] = '"%s"' % int(last_modified * 1000) syncto_response.last_modified = last_modified if 'X-Weave-Next-Offset' in response_headers: params = current_request.GET.copy() params['_token'] = str(response_headers['X-Weave-Next-Offset']) service = utils.current_service(current_request) next_page_url = current_request.route_url(service.name, _query=params, **current_request.matchdict) headers['Next-Page'] = next_page_url if 'X-Weave-Records' in response_headers: headers['Total-Records'] = str(response_headers['X-Weave-Records']) if 'X-Weave-Quota-Remaining' in response_headers: headers['Quota-Remaining'] = str( response_headers['X-Weave-Quota-Remaining']) if 'X-Weave-Alert' in response_headers: headers['Alert'] = str( response_headers['X-Weave-Alert']) if 'X-Weave-Backoff' in response_headers: headers['Backoff'] = str( response_headers['X-Weave-Backoff'])
def export_headers(sync_raw_response, current_request): """Convert Sync headers to Kinto compatible ones.""" response_headers = sync_raw_response.headers syncto_response = current_request.response headers = syncto_response.headers headers['Cache-Control'] = 'no-cache' if 'X-Last-Modified' in response_headers: last_modified = float(response_headers['X-Last-Modified']) headers['ETag'] = '"%s"' % int(last_modified * 1000) syncto_response.last_modified = last_modified if 'X-Weave-Next-Offset' in response_headers: params = current_request.GET.copy() params['_token'] = str(response_headers['X-Weave-Next-Offset']) service = utils.current_service(current_request) next_page_url = current_request.route_url(service.name, _query=params, **current_request.matchdict) headers['Next-Page'] = next_page_url if 'X-Weave-Records' in response_headers: headers['Total-Records'] = str(response_headers['X-Weave-Records']) if 'X-Weave-Quota-Remaining' in response_headers: headers['Quota-Remaining'] = str( response_headers['X-Weave-Quota-Remaining']) if 'X-Weave-Alert' in response_headers: headers['Alert'] = str(response_headers['X-Weave-Alert']) if 'X-Weave-Backoff' in response_headers: headers['Backoff'] = str(response_headers['X-Weave-Backoff'])
def _record_uri_from_collection(self, record_id): # Since the current request is on a collection, the record URI must # be found out by inspecting the collection service and its sibling # record service. service = current_service(self.request) record_service = service.name.replace('-collection', '-record') matchdict = self.request.matchdict.copy() matchdict['id'] = record_id record_uri = self.request.route_path(record_service, **matchdict) return record_uri
def __init__(self, request): # Make it available for the authorization policy. self.prefixed_userid = getattr(request, "prefixed_userid", None) self._check_permission = request.registry.permission.check_permission # Partial collections of ProtectedResource: self.shared_ids = [] # Store service, resource, record and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.on_collection = getattr(service, "type", None) == "collection" self.permission_object_id = self.get_permission_object_id(request) # Decide what the required unbound permission is depending on the # method that's being requested. if request.method.lower() == "put": # In the case of a "PUT", check if the targetted record already # exists, return "write" if it does, "create" otherwise. # If the view exists, use its collection to catch an # eventual NotFound. resource = service.resource(request=request, context=self) try: record = resource.collection.get_record(resource.record_id) self.current_record = record except storage_exceptions.RecordNotFoundError: self.permission_object_id = service.collection_path.format( **request.matchdict) self.required_permission = "create" else: self.required_permission = "write" else: method = request.method.lower() self.required_permission = self.method_permissions.get(method) self.resource_name = service.viewset.get_name(service.resource) if self.on_collection: object_id_match = self.get_permission_object_id(request, '*') self.get_shared_ids = functools.partial( request.registry.permission.principals_accessible_objects, object_id_match=object_id_match) settings = request.registry.settings setting = '%s_%s_principals' % (self.resource_name, self.required_permission) self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, request): # Make it available for the authorization policy. self.prefixed_userid = getattr(request, "prefixed_userid", None) # Store service, resource, record and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if not is_on_resource: object_id = None permission = None resource_name = None check_permission = None else: object_id = get_object_id(request.path) # Decide what the required unbound permission is depending on the # method that's being requested. if request.method.lower() == "put": # In the case of a "PUT", check if the targetted record already # exists, return "write" if it does, "create" otherwise. # If the view exists, call it with the request and catch an # eventual NotFound. resource = service.resource(request=request, context=self) try: resource.collection.get_record(resource.record_id) except storage_exceptions.RecordNotFoundError: object_id = service.collection_path.format( **request.matchdict) permission = "create" else: permission = "write" else: method = request.method.lower() permission = self.method_permissions.get(method) resource_name = service.viewset.get_name(service.resource) check_permission = functools.partial( request.registry.permission.check_permission, object_id) settings = request.registry.settings settings_key = 'cliquet.%s_%s_principals' % (resource_name, permission) self.allowed_principals = aslist(settings.get(settings_key, '')) self.object_id = object_id self.required_permission = permission self.resource_name = resource_name self.check_permission = check_permission
def _next_page_url(self, sorting, limit, last_record): """Build the Next-Page header from where we stopped.""" token = self._build_pagination_token(sorting, last_record) params = self.request.GET.copy() params['_limit'] = limit params['_token'] = token service = current_service(self.request) next_page_url = self.request.route_url(service.name, _query=params, **self.request.matchdict) return next_page_url
def __init__(self, request): # Make it available for the authorization policy. self.get_prefixed_userid = functools.partial(prefixed_userid, request) self._check_permission = request.registry.permission.check_permission # Partial collections of ShareableResource: self.shared_ids = [] # Store service, resource, record and required permission. service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if is_on_resource: self.on_collection = getattr(service, "type", None) == "collection" self.permission_object_id = self.get_permission_object_id(request) # Decide what the required unbound permission is depending on the # method that's being requested. if request.method.lower() == "put": # In the case of a "PUT", check if the targetted record already # exists, return "write" if it does, "create" otherwise. # If the view exists, use its collection to catch an # eventual NotFound. resource = service.resource(request=request, context=self) try: record = resource.model.get_record(resource.record_id) self.current_record = record except storage_exceptions.RecordNotFoundError: self.permission_object_id = service.collection_path.format( **request.matchdict) self.required_permission = "create" else: self.required_permission = "write" else: method = request.method.lower() self.required_permission = self.method_permissions.get(method) self.resource_name = request.current_resource_name if self.on_collection: object_id_match = self.get_permission_object_id(request, '*') self.get_shared_ids = functools.partial( request.registry.permission.principals_accessible_objects, object_id_match=object_id_match) settings = request.registry.settings setting = '%s_%s_principals' % (self.resource_name, self.required_permission) self.allowed_principals = aslist(settings.get(setting, ''))
def __init__(self, action, resource, request): self.request = request service = current_service(request) resource_name = service.viewset.get_name(resource.__class__) self.payload = {'timestamp': resource.timestamp, 'action': action, 'uri': strip_uri_prefix(request.path), 'user_id': request.prefixed_userid, 'resource_name': resource_name} matchdict = dict(request.matchdict) if 'id' in request.matchdict: matchdict[resource_name + '_id'] = matchdict.pop('id') self.payload.update(**matchdict)
def __init__(self, request): service = utils.current_service(request) is_on_resource = (service is not None and hasattr(service, 'viewset') and hasattr(service, 'resource')) if not is_on_resource: object_id = None permission = None resource_name = None check_permission = None else: object_id = get_object_id(request.path) # Decide what the required unbound permission is depending on the # method that's being requested. if request.method.lower() == "put": # In the case of a "PUT", check if the targetted record already # exists, return "write" if it does, "create" otherwise. # If the view exists, call it with the request and catch an # eventual NotFound. resource = service.resource(request) try: resource.collection.get_record(resource.record_id) except storage_exceptions.RecordNotFoundError: object_id = service.collection_path.format( **request.matchdict) permission = "create" else: permission = "write" else: permission = self.method_permissions[request.method.lower()] resource_name = service.viewset.get_name(service.resource) check_permission = functools.partial( request.registry.permission.check_permission, object_id) self.object_id = object_id self.required_permission = permission self.resource_name = resource_name self.check_permission = check_permission
def get_permission_object_id(self, request, record_id=None): record_uri = request.path if self.on_collection and record_id is not None: # With the current request on a collection, the record URI must # be found out by inspecting the collection service and its sibling # record service. service = utils.current_service(request) # XXX: Why not use service.path.format(id=) ? record_service = service.name.replace('-collection', '-record') matchdict = request.matchdict.copy() matchdict['id'] = record_id record_uri = request.route_path(record_service, **matchdict) if record_id == '*': record_uri = record_uri.replace('%2A', '*') return utils.strip_uri_prefix(record_uri)
def collection_post(self): """Override the collection POST endpoint to store the permissions specified for the newly created record. """ result = super(ProtectedResource, self).collection_post() record_id = result['data'][self.collection.id_field] # Since the current request is on a collection, the record URI must # be found out by inspecting the collection service and its sibling # record service. service = current_service(self.request) record_service = service.name.replace('-collection', '-record') matchdict = self.request.matchdict.copy() matchdict['id'] = record_id record_uri = self.request.route_path(record_service, **matchdict) object_id = authorization.get_object_id(record_uri) result['permissions'] = self._store_permissions(object_id=object_id) return result
def test_current_service_returns_the_service_for_existing_patterns(self): request = DummyRequest() request.matched_route.pattern = '/buckets' request.registry.cornice_services = {'/buckets': mock.sentinel.service} self.assertEqual(current_service(request), mock.sentinel.service)
def test_current_service_returns_none_for_unexisting_patterns(self): request = DummyRequest() request.matched_route.pattern = '/unexisting' request.registry.cornice_services = {} self.assertEqual(current_service(request), None)