示例#1
0
    def post_update(self, request, x):
        cred = CredentialBackend()
        if cred.get_permission(self.access, "WriteDatabase", self.name):
            body = json.load(request.content)
            last_revision = body["last_revision"]
            data = body["data"]

            if self.revision > last_revision:
                self.info("Client tried to push from out of date clone.")
                return {
                    "error": "Cannot update. Master has changed. %s > %s" % (self.revision, last_revision),
                    "saved": 0,
                    "reason": "outofdate",
                }

            else:
                quota = cred.get_permission(self.access, "DatabaseQuota", self.name)
                try:
                    self.storage.set_data(data, quota=quota)
                except QuotaExceeded:
                    return {"error": "quota exceeded", "reason": "quota"}
                else:
                    self.info("Client sent %s updates." % (len(data),))
                    return {"saved": len(data), "revision": self.storage.get_meta("revision")}
        request.setResponseCode(500)
        return {"authorized": False, "permission": "WriteDatabase"}
示例#2
0
 def render_GET(self, request):
     cred = CredentialBackend()
     if self.resourceId and self.permission:
         have = cred.get_permission(self.access, self.permission, self.resourceId)
         return {
             "permission": self.permission,
             "resource": self.resourceType + "-" + self.resourceId,
             "access": self.access,
             "active": have,
         }
     elif self.token:
         return {
             "permissions": [
                 {"resource": resource, "permission": permission, "value": value}
                 for (resource, permission, value) in cred.list_permissions(self.token)
             ]
         }
示例#3
0
    def render_POST(self, request):
        cred = CredentialBackend()
        body = json.load(request.content)
        db = self.hub.get_hub_database()
        # Post to /a/
        # Create a token
        if not self.token:
            access = body.get("access")
            secret = body.get("secret")
            if not access:
                if secret:
                    return {"error": "Can only specify secret with token"}
                access = random_token()
                secret = random_token()

            try:
                cred.create_pair(access, secret)
                existing = False
            except ValueError:
                existing = True

                change = cred.get_permission(self.access, "SetSecret", access)
                same = access == self.access
                if not (change or same):
                    return {"error": "Access token already exists"}
            else:
                signal.cred_create.send(access, secret, existing)

                get_perm = partial(cred.get_permission, self.access)
                set_perm = partial(cred.set_permission, self.access)

                dbname = None
                logging.info("Creating new credentials %s/****" % (access,))

                set_perm("SetSecret", access, "Yes")
                if get_perm("CreateGuest"):
                    if body.get("type") == "guest":
                        # Set up the new guest
                        dbname = get_perm("GuestDatabasePrefix") + access
                        quota = get_perm("GuestDatabaseQuota")

                        logging.info("Setting up guest credentials %s:" "dbname=%s quota=%s" % (access, dbname, quota))

                        set_new_perm = partial(cred.set_permission, access)
                        set_new_perm("CreateDatabase", dbname, "Yes")
                        set_new_perm("ReadDatabase", dbname, "Yes")
                        set_new_perm("WriteDatabase", dbname, "Yes")
                        set_new_perm("DatabaseQuota", dbname, quota)

                        signal.cred_guest_setup(access, dbname=dbname, setupby=self.access)

            return {"success": {"access": access, "secret": secret, "dbname": dbname}}
        # Post to /a/TOKEN
        # Add permission
        else:
            permission = body["permission"]
            resource = body["resource"]
            value = body["value"]

            if value is None:
                return {"error": "Permission must have a value"}

            god = cred.get_permission(self.access, "*", "*") == "*"
            perm = cred.get_permission(self.access, permission, resource)
            if perm is None and not god:
                return {"error": "Must have a permission to grant it."}
            else:
                cred.set_permission(self.token, permission, resource, value)
                return {
                    "success": {"access": self.token, "permission": permission, "resource": resource, "value": value}
                }