def is_allowed_by_scope():
"""Check if file is fully restricted or only outside organisation.
:returns: True if file is allowed.
"""
if not file.get('restricted_outside_organisation'):
return False
if not organisations:
return False
# Logged user belongs to same organisation as record's organisation.
for organisation in organisations:
if current_organisation and current_organisation[
'pid'] == organisation['pid']:
return True
# Check IP is allowed.
ip_address = request.environ.get('X-Forwarded-For',
request.remote_addr)
# Take only the first IP, as X-Forwarded for gives the real IP + the
# proxy IP.
ip_address = ip_address.split(', ')[0]
for organisation in organisations:
if is_ip_in_list(ip_address,
organisation.get('allowedIps', '').split('\n')):
return True
return False
def is_masked(self):
"""Check if record is masked.
:returns: True if record is masked
:rtype: boolean
"""
if not self.get('masked'):
return False
if self['masked'] == 'masked_for_all':
return True
if self['masked'] == 'masked_for_external_ips' and self.get(
'organisation') and not is_ip_in_list(
get_current_ip(), self['organisation'][0].get(
'allowedIps', '').split('\n')):
return True
return False
def test_is_ip_in_list():
"""Test IP address list."""
# Wrong IP
assert not is_ip_in_list('wrong', [])
# Not a list
with pytest.raises(Exception) as exception:
is_ip_in_list('10.10.10.10', 'Not a list')
assert str(exception.value) == 'Given parameter is not a list.'
# No list
assert not is_ip_in_list('10.10.10.10', [])
# Wrong list
assert not is_ip_in_list('10.10.10.10', ['wrong'])
# With glob range and asterisk
assert is_ip_in_list('10.10.10.10', ['10.10.10.*'])
# With glob range and hyphen
assert is_ip_in_list('10.10.10.10', ['10.10.10.0-100'])
# With network range
assert is_ip_in_list('10.10.10.10', ['10.10.10.0/24'])