def post_update(self, request, x):
cred = CredentialBackend()
if cred.get_permission(self.access, "WriteDatabase", self.name):
body = json.load(request.content)
last_revision = body["last_revision"]
data = body["data"]
if self.revision > last_revision:
self.info("Client tried to push from out of date clone.")
return {
"error": "Cannot update. Master has changed. %s > %s" % (self.revision, last_revision),
"saved": 0,
"reason": "outofdate",
}
else:
quota = cred.get_permission(self.access, "DatabaseQuota", self.name)
try:
self.storage.set_data(data, quota=quota)
except QuotaExceeded:
return {"error": "quota exceeded", "reason": "quota"}
else:
self.info("Client sent %s updates." % (len(data),))
return {"saved": len(data), "revision": self.storage.get_meta("revision")}
request.setResponseCode(500)
return {"authorized": False, "permission": "WriteDatabase"}
def render_GET(self, request):
cred = CredentialBackend()
if self.resourceId and self.permission:
have = cred.get_permission(self.access, self.permission, self.resourceId)
return {
"permission": self.permission,
"resource": self.resourceType + "-" + self.resourceId,
"access": self.access,
"active": have,
}
elif self.token:
return {
"permissions": [
{"resource": resource, "permission": permission, "value": value}
for (resource, permission, value) in cred.list_permissions(self.token)
]
}
def render_POST(self, request):
cred = CredentialBackend()
body = json.load(request.content)
db = self.hub.get_hub_database()
# Post to /a/
# Create a token
if not self.token:
access = body.get("access")
secret = body.get("secret")
if not access:
if secret:
return {"error": "Can only specify secret with token"}
access = random_token()
secret = random_token()
try:
cred.create_pair(access, secret)
existing = False
except ValueError:
existing = True
change = cred.get_permission(self.access, "SetSecret", access)
same = access == self.access
if not (change or same):
return {"error": "Access token already exists"}
else:
signal.cred_create.send(access, secret, existing)
get_perm = partial(cred.get_permission, self.access)
set_perm = partial(cred.set_permission, self.access)
dbname = None
logging.info("Creating new credentials %s/****" % (access,))
set_perm("SetSecret", access, "Yes")
if get_perm("CreateGuest"):
if body.get("type") == "guest":
# Set up the new guest
dbname = get_perm("GuestDatabasePrefix") + access
quota = get_perm("GuestDatabaseQuota")
logging.info("Setting up guest credentials %s:" "dbname=%s quota=%s" % (access, dbname, quota))
set_new_perm = partial(cred.set_permission, access)
set_new_perm("CreateDatabase", dbname, "Yes")
set_new_perm("ReadDatabase", dbname, "Yes")
set_new_perm("WriteDatabase", dbname, "Yes")
set_new_perm("DatabaseQuota", dbname, quota)
signal.cred_guest_setup(access, dbname=dbname, setupby=self.access)
return {"success": {"access": access, "secret": secret, "dbname": dbname}}
# Post to /a/TOKEN
# Add permission
else:
permission = body["permission"]
resource = body["resource"]
value = body["value"]
if value is None:
return {"error": "Permission must have a value"}
god = cred.get_permission(self.access, "*", "*") == "*"
perm = cred.get_permission(self.access, permission, resource)
if perm is None and not god:
return {"error": "Must have a permission to grant it."}
else:
cred.set_permission(self.token, permission, resource, value)
return {
"success": {"access": self.token, "permission": permission, "resource": resource, "value": value}
}