示例#1
0
 def _items(self, request, do_authz=False):
     """Retrieves and formats a list of elements of the requested entity"""
     # NOTE(salvatore-orlando): The following ensures that fields which
     # are needed for authZ policy validation are not stripped away by the
     # plugin before returning.
     original_fields, fields_to_add = self._do_field_list(_fields(request))
     kwargs = {
         'filters': _filters(request, self._attr_info),
         'fields': original_fields
     }
     obj_getter = getattr(self._plugin, "get_%s" % self._collection)
     obj_list = obj_getter(request.context, **kwargs)
     # Check authz
     if do_authz:
         # FIXME(salvatore-orlando): obj_getter might return references to
         # other resources. Must check authZ on them too.
         # Omit items from list that should not be visible
         obj_list = [
             obj for obj in obj_list
             if policy.check(request.context,
                             "get_%s" % self._resource,
                             obj,
                             plugin=self._plugin)
         ]
     return {
         self._collection: [
             self._view(obj, fields_to_strip=fields_to_add)
             for obj in obj_list
         ]
     }
示例#2
0
 def _items(self, request, do_authz=False, parent_id=None):
     """Retrieves and formats a list of elements of the requested entity"""
     # NOTE(salvatore-orlando): The following ensures that fields which
     # are needed for authZ policy validation are not stripped away by the
     # plugin before returning.
     original_fields, fields_to_add = self._do_field_list(_fields(request))
     kwargs = {'filters': _filters(request, self._attr_info),
               'fields': original_fields}
     if parent_id:
         kwargs[self._parent_id_name] = parent_id
     obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
     obj_list = obj_getter(request.context, **kwargs)
     # Check authz
     if do_authz:
         # FIXME(salvatore-orlando): obj_getter might return references to
         # other resources. Must check authZ on them too.
         # Omit items from list that should not be visible
         obj_list = [obj for obj in obj_list
                     if policy.check(request.context,
                                     self._plugin_handlers[self.SHOW],
                                     obj,
                                     plugin=self._plugin)]
     return {self._collection: [self._view(obj,
                                           fields_to_strip=fields_to_add)
                                for obj in obj_list]}
示例#3
0
 def _check_service_type_view_auth(self, context, service_type):
     # FIXME(salvatore-orlando): This should be achieved via policy
     # engine without need for explicit checks in manager code.
     # Also, the policy in this way does not make a lot of sense
     return policy.check(context,
                         "extension:service_type:view_extended",
                         service_type)
示例#4
0
 def _check_service_type_view_auth(self, context, service_type):
     # FIXME(salvatore-orlando): This should be achieved via policy
     # engine without need for explicit checks in manager code.
     # Also, the policy in this way does not make a lot of sense
     return policy.check(context,
                         "extension:service_type:view_extended",
                         service_type)
示例#5
0
 def _check_portbindings_view_auth(self, context, port):
     #TODO(salv-orlando): Remove this as part of bp/make-authz-orthogonal
     keys_to_delete = []
     for key in port:
         if key.startswith('binding'):
             policy_rule = "get_port:%s" % key
             if not policy.check(context, policy_rule, port):
                 keys_to_delete.append(key)
     for key in keys_to_delete:
         del port[key]
     return port
示例#6
0
    def _items(self, request, do_authz=False):
        """Retrieves and formats a list of elements of the requested entity"""
        kwargs = {"filters": filters(request), "verbose": verbose(request), "fields": fields(request)}

        obj_getter = getattr(self._plugin, "get_%s" % self._collection)
        obj_list = obj_getter(request.context, **kwargs)

        # Check authz
        if do_authz:
            # Omit items from list that should not be visible
            obj_list = [obj for obj in obj_list if policy.check(request.context, "get_%s" % self._resource, obj)]

        return {self._collection: [self._view(obj) for obj in obj_list]}
示例#7
0
    def _items(self, request, do_authz=False, parent_id=None):
        """Retrieves and formats a list of elements of the requested entity"""
        # NOTE(salvatore-orlando): The following ensures that fields which
        # are needed for authZ policy validation are not stripped away by the
        # plugin before returning.
        original_fields, fields_to_add = self._do_field_list(
            api_common.list_args(request, 'fields'))
        filters = api_common.get_filters(request, self._attr_info, [
            'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse'
        ])
        kwargs = {'filters': filters, 'fields': original_fields}
        sorting_helper = self._get_sorting_helper(request)
        pagination_helper = self._get_pagination_helper(request)
        sorting_helper.update_args(kwargs)
        sorting_helper.update_fields(original_fields, fields_to_add)
        pagination_helper.update_args(kwargs)
        pagination_helper.update_fields(original_fields, fields_to_add)
        if parent_id:
            kwargs[self._parent_id_name] = parent_id
        obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
        obj_list = obj_getter(request.context, **kwargs)
        obj_list = sorting_helper.sort(obj_list)
        obj_list = pagination_helper.paginate(obj_list)

        # Check authz
        if do_authz:
            # FIXME(salvatore-orlando): obj_getter might return references to
            # other resources. Must check authZ on them too.
            # Omit items from list that should not be visible
            obj_list = [
                obj for obj in obj_list
                if policy.check(request.context,
                                self._plugin_handlers[self.SHOW],
                                obj,
                                plugin=self._plugin)
            ]
        collection = {
            self._collection: [
                self._view(obj, fields_to_strip=fields_to_add)
                for obj in obj_list
            ]
        }
        pagination_links = pagination_helper.get_links(obj_list)
        if pagination_links:
            collection[self._collection + "_links"] = pagination_links

        return collection
示例#8
0
    def _items(self, request, do_authz=False, parent_id=None):
        """Retrieves and formats a list of elements of the requested entity"""
        # NOTE(salvatore-orlando): The following ensures that fields which
        # are needed for authZ policy validation are not stripped away by the
        # plugin before returning.
        original_fields, fields_to_add = self._do_field_list(
            api_common.list_args(request, 'fields'))
        filters = api_common.get_filters(request, self._attr_info,
                                         ['fields', 'sort_key', 'sort_dir',
                                          'limit', 'marker', 'page_reverse'])
        kwargs = {'filters': filters,
                  'fields': original_fields}
        sorting_helper = self._get_sorting_helper(request)
        pagination_helper = self._get_pagination_helper(request)
        sorting_helper.update_args(kwargs)
        sorting_helper.update_fields(original_fields, fields_to_add)
        pagination_helper.update_args(kwargs)
        pagination_helper.update_fields(original_fields, fields_to_add)
        if parent_id:
            kwargs[self._parent_id_name] = parent_id
        obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
        obj_list = obj_getter(request.context, **kwargs)
        obj_list = sorting_helper.sort(obj_list)
        obj_list = pagination_helper.paginate(obj_list)

        # Check authz
        if do_authz:
            # FIXME(salvatore-orlando): obj_getter might return references to
            # other resources. Must check authZ on them too.
            # Omit items from list that should not be visible
            obj_list = [obj for obj in obj_list
                        if policy.check(request.context,
                                        self._plugin_handlers[self.SHOW],
                                        obj,
                                        plugin=self._plugin)]
        collection = {self._collection:
                      [self._view(obj,
                                  fields_to_strip=fields_to_add)
                       for obj in obj_list]}
        pagination_links = pagination_helper.get_links(obj_list)
        if pagination_links:
            collection[self._collection + "_links"] = pagination_links

        return collection
示例#9
0
    def _items(self, request, do_authz=False):
        """Retrieves and formats a list of elements of the requested entity"""
        kwargs = {
            'filters': filters(request),
            'verbose': verbose(request),
            'fields': fields(request)
        }

        obj_getter = getattr(self._plugin, "get_%s" % self._collection)
        obj_list = obj_getter(request.context, **kwargs)

        # Check authz
        if do_authz:
            # Omit items from list that should not be visible
            obj_list = [
                obj for obj in obj_list
                if policy.check(request.context, "get_%s" %
                                self._resource, obj)
            ]

        return {self._collection: [self._view(obj) for obj in obj_list]}
示例#10
0
    def _items(self, request, do_authz=False):
        """Retrieves and formats a list of elements of the requested entity"""
        # NOTE(salvatore-orlando): The following ensures that fields which
        # are needed for authZ policy validation are not stripped away by the
        # plugin before returning.
        original_fields, fields_to_add = self._do_field_list(fields(request))
        kwargs = {'filters': filters(request),
                  'verbose': verbose(request),
                  'fields': original_fields}
        obj_getter = getattr(self._plugin, "get_%s" % self._collection)
        obj_list = obj_getter(request.context, **kwargs)
        # Check authz
        if do_authz:
            # Omit items from list that should not be visible
            obj_list = [obj for obj in obj_list
                        if policy.check(request.context,
                                        "get_%s" % self._resource,
                                        obj)]

        return {self._collection: [self._view(obj,
                                              fields_to_strip=fields_to_add)
                                   for obj in obj_list]}
示例#11
0
 def _check_provider_view_auth(self, context, network):
     return policy.check(context, "extension:provider_network:view",
                         network)
 def _check_view_auth(self, context, resource, action):
     return policy.check(context, action, resource)
示例#13
0
 def _check_view_auth(self, context, resource, action):
     return policy.check(context, action, resource)
示例#14
0
文件: l3_db.py 项目: CiscoAS/quantum
 def _check_l3_view_auth(self, context, network):
     return policy.check(context,
                         "extension:router:view",
                         network)
示例#15
0
 def _check_l3_view_auth(self, context, network):
     return policy.check(context, "extension:router:view", network)
 def _check_provider_view_auth(self, context, network):
     return policy.check(context,
                         "extension:provider_network:view",
                         network)
示例#17
0
 def test_check_bad_action_noraise(self):
     action = "example:denied"
     result = policy.check(self.context, action, self.target)
     self.assertEqual(result, False)
示例#18
0
 def test_check_bad_action_noraise(self):
     action = "example:denied"
     result = policy.check(self.context, action, self.target)
     self.assertEqual(result, False)