def roles_for(role_manager, obj): allowed = [] for g in effective_principals(interaction): for role, setting in role_manager.getRolesForPrincipal(g.id): if setting.getName() == 'Allow': allowed.append(role) return allowed
def _print_user(self, user): groups = user.groups self.write('user: %s\n' 'groups: %s\n' 'effective_principals: %s\n' % (user.id, ' '.join(map(str, groups)), ' '.join( map(lambda p: p.id, effective_principals(user)))))
def _print_user(self, user): groups = user.groups self.write('user: %s\n' 'groups: %s\n' 'effective_principals: %s\n' % (user.id, ' '.join(map(str, groups)), ' '.join(map(lambda p: p.id, effective_principals(user)))))
def arguments(self): p = VirtualConsoleArgumentParser() principals = map(lambda p: p.id, effective_principals(self.user)) if 'admins' in principals: p.add_argument('-u', '--user', help='Check user by name (admins only)') return p
def _require_admins_only_action(self, cmd, args): principals = map(lambda p: p.id, effective_principals(cmd.user)) if 'admins' not in principals: cmd.write('Permission denied: admins not in effective permissions: %s\n' % ', '.join(principals)) return return f(self, cmd, args)
def _require_admins_or_same_user(self, args): principals = map(lambda p: p.id, effective_principals(self.user)) if args.u not in (None, self.user.id) and 'admins' not in principals: self.write('Permission denied: admins not in effective permissions: %s\n' % ', '.join(principals)) return return f(self, args)
def _require_admins_only_action(self, cmd, args): principals = map(lambda p: p.id, effective_principals(cmd.user)) if 'admins' not in principals: cmd.write( 'Permission denied: admins not in effective permissions: %s\n' % ', '.join(principals)) return return f(self, cmd, args)
def _require_admins_or_same_user(self, args): principals = map(lambda p: p.id, effective_principals(self.user)) if args.u not in (None, self.user.id) and 'admins' not in principals: self.write( 'Permission denied: admins not in effective permissions: %s\n' % ', '.join(principals)) return return f(self, args)
def get(self, key, default=None): val = super(AuditingPermissionDictionary, self).get(key, self.marker) if val is self.marker: if key not in _available_by_default: checker_locals = inspect.getouterframes(inspect.currentframe())[1][0].f_locals checker = checker_locals['self'] principals = effective_principals(checker.interaction) seen_key = (key, ','.join(i.id for i in principals), type(checker_locals['obj']).__name__) if seen_key not in self.seen: log.warning("Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s" % seen_key) self.seen[seen_key] = True return CheckerPublic return val
def get(self, key, default=None): val = super(AuditingPermissionDictionary, self).get(key, self.marker) if val is self.marker: if key not in _available_by_default: checker_locals = inspect.getouterframes( inspect.currentframe())[1][0].f_locals checker = checker_locals['self'] principals = effective_principals(checker.interaction) seen_key = (key, ','.join(i.id for i in principals), type(checker_locals['obj']).__name__) if seen_key not in self.seen: log.warning( "Audit: permissive mode; granting attribute=%s, principals=(%s), obj=%s" % seen_key) self.seen[seen_key] = True return CheckerPublic return val
def execute(self, args): principals = map(lambda p: p.id, effective_principals(self.user)) if 'admins' in principals and getattr(args, 'user', None): auth = getUtility(IAuthentication, context=None) user = auth.getPrincipal(args.user) if not user: self.write('User not found: %s\n' % args.user) else: self._print_user(user) return interaction = self.protocol.interaction if not interaction: return self.write('user: oms.anonymous\n') for participation in interaction.participations: user = participation.principal self._print_user(user)