def obj_delete(self, request, **kwargs): obj = self.get_by_resource_or_404(request, **kwargs) if not (AppOwnerAuthorization().is_authorized(request, object=obj.addon) or OwnerAuthorization().is_authorized(request, object=obj) or PermissionAuthorization('Users', 'Edit').is_authorized(request) or PermissionAuthorization('Addons', 'Edit').is_authorized(request)): raise ImmediateHttpResponse(response=http.HttpForbidden()) log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk)) return super(RatingResource, self).obj_delete(request, **kwargs)
class TestPermissionAuthorization(OwnerAuthorization): def setUp(self): super(TestPermissionAuthorization, self).setUp() self.auth = PermissionAuthorization("Drinkers", "Beer") self.app = app_factory() def test_has_role(self): self.grant_permission(self.profile, "Drinkers:Beer") ok_(self.auth.is_authorized(self.request(self.profile), self.app)) def test_not_has_role(self): self.grant_permission(self.profile, "Drinkers:Scotch") ok_(not self.auth.is_authorized(self.request(self.profile), self.app))
class TestPermissionAuthorization(OwnerAuthorization): def setUp(self): super(TestPermissionAuthorization, self).setUp() self.auth = PermissionAuthorization('Drinkers', 'Beer') self.app = app_factory() def test_has_role(self): self.grant_permission(self.profile, 'Drinkers:Beer') ok_(self.auth.is_authorized(self.request(self.profile), self.app)) def test_not_has_role(self): self.grant_permission(self.profile, 'Drinkers:Scotch') ok_(not self.auth.is_authorized(self.request(self.profile), self.app))
def obj_delete(self, request, **kwargs): obj = self.get_by_resource_or_404(request, **kwargs) if not (AppOwnerAuthorization().is_authorized(request, object=obj.addon) or OwnerAuthorization().is_authorized(request, object=obj) or PermissionAuthorization('Users', 'Edit').is_authorized(request) or PermissionAuthorization('Addons', 'Edit').is_authorized(request)): raise http_error( http.HttpForbidden, 'You do not have permission to delete this review.') log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk)) return super(RatingResource, self).obj_delete(request, **kwargs)
class Meta(SearchResource.Meta): resource_name = 'search' authorization = PermissionAuthorization('Apps', 'Review') fields = [ 'device_types', 'id', 'is_escalated', 'is_packaged', 'latest_version', 'name', 'premium_type', 'price', 'slug', 'status' ]
class Meta: queryset = MonolithRecord.objects.all() allowed_methods = ['get', 'delete'] resource_name = 'data' filtering = {'recorded': ['exact', 'lt', 'lte', 'gt', 'gte'], 'key': ['exact', 'startswith'], 'id': ['lte', 'gte']} authorization = PermissionAuthorization('Monolith', 'API') authentication = OAuthAuthentication()
class Meta(MarketplaceResource.Meta): authentication = OptionalOAuthAuthentication() authorization = AnonymousReadOnlyAuthorization( authorizer=PermissionAuthorization('ProductIcon', 'Create')) detail_allowed_methods = ['get'] fields = ['ext_url', 'ext_size', 'size'] filtering = { 'ext_url': 'exact', 'ext_size': 'exact', 'size': 'exact', } list_allowed_methods = ['get', 'post'] queryset = ProductIcon.objects.filter() resource_name = 'product/icon' validation = CleanedDataFormValidation(form_class=ProductIconForm)
def setUp(self): super(TestPermissionAuthorization, self).setUp() self.auth = PermissionAuthorization('Drinkers', 'Beer') self.app = app_factory()
class Meta: authentication = OAuthAuthentication() authorization = PermissionAuthorization('Transaction', 'NotifyFailure') detail_allowed_methods = ['patch'] queryset = Contribution.objects.filter(uuid__isnull=False) resource_name = 'failure'
def setUp(self): super(TestPermissionAuthorization, self).setUp() self.auth = PermissionAuthorization("Drinkers", "Beer") self.app = app_factory()
class Meta(MarketplaceResource.Meta): authentication = OAuthAuthentication() authorization = PermissionAuthorization('Apps', 'Review') list_allowed_methods = ['get'] resource_name = 'reviewing'