def __init__(self, permissions=None, store=None, emitter=None): self.secret_attributes = ['password'] self.permissions = permissions or Permissions( path='fixtures/permissions.yaml') self.store = store or Users() self.emitter = emitter self.replay_stamp = None self.page_size = 10 self.record_maximum_size = 100000 self.routes = [] self._add_url_rule('/login', 'login', self.login, methods=['POST']) self._add_url_rule('/signin', 'signin', self.signin, methods=['POST']) self._add_url_rule('/check', 'check', self.check_bearer, methods=['GET', 'POST']) self._add_url_rule('/renew', 'renew', self.renew_bearer, methods=['GET', 'POST']) self._add_url_rule('/users', 'index', self.index) self._add_url_rule('/users/page/<token>', 'page', self.page) self._add_url_rule('/register', 'post', self.post, methods=['POST']) self._add_url_rule('/users/<id>', 'get', self.get) self._add_url_rule('/users/<id>', 'put', self.put, methods=['PUT']) self._add_url_rule('/users/<id>', 'delete', self.delete, methods=['DELETE'])
def get_permissions(cls, reference): perm = Permissions(0) perm.set_mode('u', 'r', True) perm.set_mode('u', 'w', True) perm.set_mode('g', 'r', True) perm.set_mode('o', 'r', True) return perm
def get_permissions(cls, reference): path = unicode(reference.path) try: mode = stat(path)[0] except UnicodeEncodeError: mode = stat(path.encode('utf-8'))[0] return Permissions(mode)
def __init__(self, permissions=None, users=None, channels=None, state_file=None): self.permissions = permissions or Permissions( path='fixtures/permissions.yaml') self.users = users self.channels = channels self.state_file = state_file or 'fixtures/state.yaml' if state_file: try: with open(state_file, 'r') as stream: logger.info(f"loading '{state_file}'...") self.import_content(stream) except FileNotFoundError: logger.warning(f"can not load '{state_file}'") self.routes = [] self._add_url_rule('/ping', 'ping', self.ping, methods=['GET', 'POST']) self._add_url_rule('/snapshot', 'snapshot', self.snapshot, methods=['GET', 'POST']) self._add_url_rule('/restore', 'restore', self.restore, methods=['POST'])
def test_load_file(): store = Permissions() store.load(open('fixtures/permissions.yaml', 'r')) assert store.authorize('access-content', 'x', 'universe') is False assert store.authorize('access-content', 'x', 'community') is False assert store.authorize('access-content', 'x', 'board') is False assert store.authorize('access-content', 'leader', 'universe') is True assert store.authorize('access-content', 'leader', 'community') is True assert store.authorize('access-content', 'leader', 'board') is True assert store.authorize('manage-content', 'member', 'universe') is False assert store.authorize('manage-content', 'member', 'community') is False assert store.authorize('manage-content', 'member', 'board') is False assert store.authorize('manage-content', 'leader', 'universe') is True assert store.authorize('manage-content', 'leader', 'community') is True assert store.authorize('manage-content', 'leader', 'board') is True assert store.authorize('manage-identities', 'leader', 'member') is False assert store.authorize('manage-identities', 'leader', 'leader') is False assert store.authorize('manage-identities', 'leader', 'support') is False assert store.authorize('manage-identities', 'leader', 'robot') is False assert store.authorize('manage-identities', 'support', 'member') is True assert store.authorize('manage-identities', 'support', 'leader') is True assert store.authorize('manage-identities', 'support', 'support') is False assert store.authorize('manage-identities', 'support', 'robot') is True assert store.authorize('manage-identities', 'leader', 'update-any-to-registered') is True assert store.authorize('manage-identities', 'leader', 'update-any-to-leader') is True assert store.authorize('manage-identities', 'leader', 'update-any-to-support') is False assert store.authorize('manage-identities', 'leader', 'update-any- to-robot') is False
def test_grant_all(): scopes = ['alpha', 'beta', 'gamma'] items = [ dict(topic='with_list', personas=['a', 'b', 'c']), dict(topic='with_item', persona='a'), ] permissions = Permissions(authorized_scopes=scopes) for scope in scopes: # nothing is authorized assert permissions.authorize(scope, 'a', 'with_list') is False assert permissions.authorize(scope, 'b', 'with_list') is False assert permissions.authorize(scope, 'c', 'with_list') is False assert permissions.authorize(scope, 'x', 'with_list') is False assert permissions.authorize(scope, 'a', 'with_item') is False assert permissions.authorize(scope, 'x', 'with_item') is False for scope in scopes: # set permissions permissions.grant_all(scope, items) for scope in scopes: # some actions are authorized assert permissions.authorize(scope, 'a', 'with_list') is True assert permissions.authorize(scope, 'b', 'with_list') is True assert permissions.authorize(scope, 'c', 'with_list') is True assert permissions.authorize(scope, 'x', 'with_list') is False assert permissions.authorize(scope, 'a', 'with_item') is True assert permissions.authorize(scope, 'x', 'with_item') is False with py_raises(ValueError) as error: permissions.grant_all(scope='*alien*', items=items)
def _internal_init(self): """Internal: Initialize all class members to their default value""" if not os.path.exists(self.profile): os.makedirs(self.profile) # Preferences files written to self.written_prefs = set() # Our magic markers nonce = '%s %s' % (str(time.time()), uuid.uuid4()) self.delimeters = ('#MozRunner Prefs Start %s' % nonce, '#MozRunner Prefs End %s' % nonce) # If sub-classes want to set default preferences if hasattr(self.__class__, 'preferences'): self.set_preferences(self.__class__.preferences) # Set additional preferences self.set_preferences(self._preferences) self.permissions = Permissions(self.profile, self._locations) prefs_js, user_js = self.permissions.network_prefs(self._proxy) self.set_preferences(prefs_js, 'prefs.js') self.set_preferences(user_js) # handle add-on installation self.addon_manager = AddonManager(self.profile, restore=self.restore) self.addon_manager.install_addons(self._addons, self._addon_manifests) # handle webapps self.webapps = WebappCollection(profile=self.profile, apps=self._apps) self.webapps.update_manifests()
def __init__( self, profile=None, # Path to the profile addons=None, # String of one or list of addons to install addon_manifests=None, # Manifest for addons, see http://ahal.ca/blog/2011/bulk-installing-fx-addons/ preferences=None, # Dictionary or class of preferences locations=None, # locations to proxy proxy=None, # setup a proxy - dict of server-loc,server-port,ssl-port restore=True # If true remove all installed addons preferences when cleaning up ): # if true, remove installed addons/prefs afterwards self.restore = restore # prefs files written to self.written_prefs = set() # our magic markers nonce = '%s %s' % (str(time.time()), uuid.uuid4()) self.delimeters = ('#MozRunner Prefs Start %s' % nonce, '#MozRunner Prefs End %s' % nonce) # Handle profile creation self.create_new = not profile if profile: # Ensure we have a full path to the profile self.profile = os.path.abspath(os.path.expanduser(profile)) if not os.path.exists(self.profile): os.makedirs(self.profile) else: self.profile = self.create_new_profile() # set preferences if hasattr(self.__class__, 'preferences'): # class preferences self.set_preferences(self.__class__.preferences) self._preferences = preferences if preferences: # supplied preferences if isinstance(preferences, dict): # unordered preferences = preferences.items() # sanity check assert not [i for i in preferences if len(i) != 2] else: preferences = [] self.set_preferences(preferences) # set permissions self._locations = locations # store this for reconstruction self._proxy = proxy self.permissions = Permissions(self.profile, locations) prefs_js, user_js = self.permissions.network_prefs(proxy) self.set_preferences(prefs_js, 'prefs.js') self.set_preferences(user_js) # handle addon installation self.addon_manager = AddonManager(self.profile) self.addon_manager.install_addons(addons, addon_manifests)
def test_authorized_scopes(): permissions = Permissions() for scope in permissions.authorized_scopes: permissions.grant(scope, 'persona', 'topic') assert permissions.authorize(scope, 'persona', 'topic') is True assert permissions.authorize('*unknown*', 'persona', 'topic') is False assert permissions.authorize(scope, '*unknown*', 'topic') is False assert permissions.authorize(scope, 'persona', '*unknown*') is False
def on_server_sync(self, msg): self.max_bandwidth = msg.max_bandwidth self.welcome_text = msg.welcome_text if msg.permissions: if not self.permissions: self.permissions = Permissions(msg.permissions) else: self.permissions.update(msg.permissions) self.bot.connected()
def test_grant_and_authorize(): permissions = Permissions(authorized_scopes=['scope']) assert permissions.count() == 0 assert permissions.authorize( scope='scope', persona='persona', topic='topic') is False permissions.grant(scope='scope', persona='persona', topic='topic') assert permissions.count() == 1 assert permissions.authorize( scope='scope', persona='persona', topic='topic') is True assert permissions.authorize( scope='*unknown*', persona='persona', topic='topic') is False assert permissions.authorize( scope='scope', persona='*unknown*', topic='topic') is False assert permissions.authorize( scope='scope', persona='persona', topic='*unknown*') is False
def _internal_init(self): """Internal: Initialize all class members to their default value""" if not os.path.exists(self.profile): os.makedirs(self.profile) # Preferences files written to self.written_prefs = set() # Our magic markers nonce = '%s %s' % (str(time.time()), uuid.uuid4()) self.delimeters = ('#MozRunner Prefs Start %s' % nonce, '#MozRunner Prefs End %s' % nonce) # If sub-classes want to set default preferences if hasattr(self.__class__, 'preferences'): self.set_preferences(self.__class__.preferences) # Set additional preferences self.set_preferences(self._preferences) self.permissions = Permissions(self.profile, self._locations) prefs_js, user_js = self.permissions.network_prefs(self._proxy) if self._whitelistpaths: # On macOS we don't want to support a generalized read whitelist, # and the macOS sandbox policy language doesn't have support for # lists, so we handle these specially. if platform.system() == "Darwin": assert len(self._whitelistpaths) <= 2 if len(self._whitelistpaths) == 2: prefs_js.append( ("security.sandbox.content.mac.testing_read_path2", self._whitelistpaths[1])) prefs_js.append( ("security.sandbox.content.mac.testing_read_path1", self._whitelistpaths[0])) else: prefs_js.append( ("security.sandbox.content.read_path_whitelist", ",".join(self._whitelistpaths))) self.set_preferences(prefs_js, 'prefs.js') self.set_preferences(user_js) # handle add-on installation self.addon_manager = AddonManager(self.profile, restore=self.restore) self.addon_manager.install_addons(self._addons, self._addon_manifests)
def __init__(self, name='', permissions=None, store=None, emitter=None): self.name = name or 'universe' self.prefix = '' if name == 'universe' else name self.permissions = permissions or Permissions( path='fixtures/permissions.yaml') self.store = store or Records() self.emitter = emitter self.replay_stamp = None self.record_maximum_size = 1000000 self.page_size = 10 self.routes = [] self._add_url_rule('/', 'index', self.index) self._add_url_rule('/page/<token>', 'page', self.page) self._add_url_rule('/', 'post', self.post, methods=['POST']) self._add_url_rule('/<id>', 'get', self.get) self._add_url_rule('/<id>', 'put', self.put, methods=['PUT']) self._add_url_rule('/<id>', 'delete', self.delete, methods=['DELETE'])
def __init__(self, config_file): self.config_file = config_file self.config = json.load(open(self.config_file)) self.me = self.config["me"] self.net = self.config["network"] self.module_manager = ModuleManager(self) self.hook_manager = HookManager(self) self.perms = Permissions(self) self.connection = IRCConnection(self.net["address"], self.net["port"], self.net["ssl"], self.config["proxies"].get(self.net.get("proxy", "none"), None), self.net.get("flood_interval", 0.0)) self.running = True self.state = {} # Dict used to hold stuff like last line received and last message etc... self.db = Database("etc/buhirc.db") self.db.connect() logging.basicConfig(level=getattr(logging, self.config["misc"]["loglevel"]), format='[%(asctime)s] %(levelname)s: %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p') self.requests_session = requests.session() if self.config["misc"].get("http_proxy", "none") != "none": proxy = self.config["proxies"].get(self.config["misc"]["http_proxy"], "none") if proxy != "none": self.requests_session.proxies = {"http": proxy, "https": proxy} self.flood_verbs = [x.lower() for x in self.net.get("flood_verbs", [])] self.help = {}
def get_user_permissions(self, user_id: int) -> Permissions: row = self._execute_get_query_for_1_row( queries.GET_USER_PERMISSIONS, {'user_id': user_id}, f'User id: {user_id} is not present in the permissions table') return Permissions(row["permissions"])
#!/usr/bin/env python import os from permissions import Permissions # import requests # noqa We are just importing this to prove the dependency installed correctly # Parse the permissions file lobPermissions = Permissions() lobPermissionData = lobPermissions.parseYML( "/github/workspace/" + os.environ['permissions_file_path']) # permissions = lobPermissions.parseYML('test.yml') # Parse the permissions file trimisPermission = Permissions() trimisPermissionData = trimisPermission.parseYML( "/github/workspace/" + os.environ['restrictions_file_path']) print(f"::set-output name=lob::{lobPermissionData}") print(f"::set-output name=trimis::{trimisPermissionData}") # if __name__ == "__main__": # main()
def test_init(): permissions = Permissions() assert permissions.count() == 0
def __init__(self, profile=None, addons=None, addon_manifests=None, apps=None, preferences=None, locations=None, proxy=None, restore=True): # if true, remove installed addons/prefs afterwards self.restore = restore # prefs files written to self.written_prefs = set() # our magic markers nonce = '%s %s' % (str(time.time()), uuid.uuid4()) self.delimeters = ('#MozRunner Prefs Start %s' % nonce, '#MozRunner Prefs End %s' % nonce) # Handle profile creation self.create_new = not profile if profile: # Ensure we have a full path to the profile self.profile = os.path.abspath(os.path.expanduser(profile)) if not os.path.exists(self.profile): os.makedirs(self.profile) else: self.profile = self.create_new_profile() # set preferences if hasattr(self.__class__, 'preferences'): # class preferences self.set_preferences(self.__class__.preferences) self._preferences = preferences if preferences: # supplied preferences if isinstance(preferences, dict): # unordered preferences = preferences.items() # sanity check assert not [i for i in preferences if len(i) != 2] else: preferences = [] self.set_preferences(preferences) # set permissions self._locations = locations # store this for reconstruction self._proxy = proxy self.permissions = Permissions(self.profile, locations) prefs_js, user_js = self.permissions.network_prefs(proxy) self.set_preferences(prefs_js, 'prefs.js') self.set_preferences(user_js) # handle addon installation self.addon_manager = AddonManager(self.profile, restore=self.restore) self.addon_manager.install_addons(addons, addon_manifests) # handle webapps self.webapps = WebappCollection(profile=self.profile, apps=apps) self.webapps.update_manifests()
def get_role_permissions(self, role_name: str) -> Permissions: row = self._execute_get_query_for_1_row(queries.GET_ROLE_PERMISSIONS, {'role_name': role_name}) return Permissions(row['role_permissions'])
from api_identities import Identities from api_maintenance import Maintenance from permissions import Permissions from customization import c11n from commands import Commands logging.basicConfig(format='%(levelname)s %(message)s', level=logging.DEBUG) logger = logging.getLogger(__name__) app = Flask(__name__) cors = CORS(app) # WIP: Dockerfile optimised https://blog.realkinetic.com/building-minimal-docker-containers-for-python-applications-37d0272c52f3 # WIP: deploy on AWS with zappa permissions = Permissions(path='fixtures/permissions.yaml') identities = Identities(permissions=permissions) identities.register_routes(app) channels = { k: Channel(name=k, permissions=permissions) for k in ['universe', 'community', 'board', 'item'] } for _, channel in channels.items(): channel.register_routes(app, wrapper=identities.inject_identity) maintenance = Maintenance(permissions=permissions, users=identities.store, channels=channels, state_file=c11n.state_file)