def check_permissions(self, userl, fail=False, view_kwargs={}): ret = self._call_override("check_permissions", userl, view_kwargs=view_kwargs) if fail and not ret: raise usergroup.PermissionDeniedError(None, env.request.web.path) return ret
def _updateMessages(self, action, criteria): if not env.request.parameters["selection"]: return if not env.request.user.has("IDMEF_ALTER"): raise usergroup.PermissionDeniedError(["IDMEF_ALTER"], self.current_view) action( functools.reduce(lambda x, y: x | y, env.request.parameters["selection"])) del env.request.parameters["selection"]
def check_permissions(self, user, _view_descriptor=None, fail=False, view_kwargs={}): view = _view_descriptor or self ret = check_permissions( user, (view.view_users, view.view_users_permissions), (view.view_groups, view.view_groups_permissions), view.view_permissions) if fail and not ret: raise usergroup.PermissionDeniedError(None, env.request.web.path) return ret
def get_view_by_path(self, path, method=None, check_permissions=True): try: rule, view_kwargs = self.url_adapter.match(path, method=method, return_rule=True) except werkzeug.exceptions.MethodNotAllowed: raise InvalidMethodError( N_("Method '%(method)s' is not allowed for view '%(view)s'", { "method": method, "view": path })) except werkzeug.exceptions.NotFound: raise InvalidViewError(N_("View '%s' does not exist", path)) if check_permissions and not rule._prewikka_view.check_permissions( env.request.user, view_kwargs=view_kwargs): raise usergroup.PermissionDeniedError( rule._prewikka_view.view_permissions, path) return rule._prewikka_view, view_kwargs
def loadView(self, request, userl): view = view_kwargs = view_layout = None try: endpoint, view_kwargs = env.request.url_adapter.match( request.path, method=request.method) view = self._views_endpoint[endpoint] except werkzeug.exceptions.MethodNotAllowed: raise InvalidMethodError( N_("Method '%(method)s' is not allowed for view '%(view)s'", { "method": request.method, "view": request.path })) except werkzeug.exceptions.NotFound: raise InvalidViewError(N_("View '%s' does not exist", request.path)) if view: view_layout = view.view_layout if not request.is_xhr and not request.is_stream and view_layout and "_download" not in request.arguments: view = self._views.get(view_layout.lower()) elif view_kwargs: env.request.view_kwargs = view_kwargs if not view: raise InvalidViewError(N_("View '%s' does not exist", request.path)) if not view.check_permissions(userl): raise usergroup.PermissionDeniedError(view.view_permissions, request.path) env.request.view = view return view