示例#1
0
 def roles_for(role_manager, obj):
     allowed = []
     for g in effective_principals(interaction):
         for role, setting in role_manager.getRolesForPrincipal(g.id):
             if setting.getName() == 'Allow':
                 allowed.append(role)
     return allowed
示例#2
0
 def _print_user(self, user):
     groups = user.groups
     self.write('user: %s\n'
                'groups: %s\n'
                'effective_principals: %s\n' %
                (user.id, ' '.join(map(str, groups)), ' '.join(
                    map(lambda p: p.id, effective_principals(user)))))
示例#3
0
 def roles_for(role_manager, obj):
     allowed = []
     for g in effective_principals(interaction):
         for role, setting in role_manager.getRolesForPrincipal(g.id):
             if setting.getName() == 'Allow':
                 allowed.append(role)
     return allowed
示例#4
0
 def _print_user(self, user):
     groups = user.groups
     self.write('user: %s\n'
                'groups: %s\n'
                'effective_principals: %s\n' %
                (user.id,
                 ' '.join(map(str, groups)),
                 ' '.join(map(lambda p: p.id, effective_principals(user)))))
示例#5
0
 def arguments(self):
     p = VirtualConsoleArgumentParser()
     principals = map(lambda p: p.id, effective_principals(self.user))
     if 'admins' in principals:
         p.add_argument('-u',
                        '--user',
                        help='Check user by name (admins only)')
     return p
示例#6
0
    def _require_admins_only_action(self, cmd, args):
        principals = map(lambda p: p.id, effective_principals(cmd.user))

        if 'admins' not in principals:
            cmd.write('Permission denied: admins not in effective permissions: %s\n'
                       % ', '.join(principals))
            return

        return f(self, cmd, args)
示例#7
0
    def _require_admins_or_same_user(self, args):
        principals = map(lambda p: p.id, effective_principals(self.user))

        if args.u not in (None, self.user.id) and 'admins' not in principals:
            self.write('Permission denied: admins not in effective permissions: %s\n'
                       % ', '.join(principals))
            return

        return f(self, args)
示例#8
0
    def _require_admins_only_action(self, cmd, args):
        principals = map(lambda p: p.id, effective_principals(cmd.user))

        if 'admins' not in principals:
            cmd.write(
                'Permission denied: admins not in effective permissions: %s\n'
                % ', '.join(principals))
            return

        return f(self, cmd, args)
示例#9
0
    def _require_admins_or_same_user(self, args):
        principals = map(lambda p: p.id, effective_principals(self.user))

        if args.u not in (None, self.user.id) and 'admins' not in principals:
            self.write(
                'Permission denied: admins not in effective permissions: %s\n'
                % ', '.join(principals))
            return

        return f(self, args)
示例#10
0
 def get(self, key, default=None):
     val = super(AuditingPermissionDictionary, self).get(key, self.marker)
     if val is self.marker:
         if key not in _available_by_default:
             checker_locals = inspect.getouterframes(inspect.currentframe())[1][0].f_locals
             checker = checker_locals['self']
             principals = effective_principals(checker.interaction)
             seen_key = (key, ','.join(i.id for i in principals), type(checker_locals['obj']).__name__)
             if seen_key not in self.seen:
                 log.warning("Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s" %
                             seen_key)
                 self.seen[seen_key] = True
         return CheckerPublic
     return val
示例#11
0
 def get(self, key, default=None):
     val = super(AuditingPermissionDictionary, self).get(key, self.marker)
     if val is self.marker:
         if key not in _available_by_default:
             checker_locals = inspect.getouterframes(
                 inspect.currentframe())[1][0].f_locals
             checker = checker_locals['self']
             principals = effective_principals(checker.interaction)
             seen_key = (key, ','.join(i.id for i in principals),
                         type(checker_locals['obj']).__name__)
             if seen_key not in self.seen:
                 log.warning(
                     "Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s"
                     % seen_key)
                 self.seen[seen_key] = True
         return CheckerPublic
     return val
示例#12
0
    def execute(self, args):
        principals = map(lambda p: p.id, effective_principals(self.user))

        if 'admins' in principals and getattr(args, 'user', None):
            auth = getUtility(IAuthentication, context=None)
            user = auth.getPrincipal(args.user)
            if not user:
                self.write('User not found: %s\n' % args.user)
            else:
                self._print_user(user)
            return

        interaction = self.protocol.interaction

        if not interaction:
            return self.write('user: oms.anonymous\n')

        for participation in interaction.participations:
            user = participation.principal
            self._print_user(user)
示例#13
0
    def execute(self, args):
        principals = map(lambda p: p.id, effective_principals(self.user))

        if 'admins' in principals and getattr(args, 'user', None):
            auth = getUtility(IAuthentication, context=None)
            user = auth.getPrincipal(args.user)
            if not user:
                self.write('User not found: %s\n' % args.user)
            else:
                self._print_user(user)
            return

        interaction = self.protocol.interaction

        if not interaction:
            return self.write('user: oms.anonymous\n')

        for participation in interaction.participations:
            user = participation.principal
            self._print_user(user)
示例#14
0
 def arguments(self):
     p = VirtualConsoleArgumentParser()
     principals = map(lambda p: p.id, effective_principals(self.user))
     if 'admins' in principals:
         p.add_argument('-u', '--user', help='Check user by name (admins only)')
     return p