Changeset - 226e0154da46
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 9 years ago 2016-10-24 15:18:51
madski@unity3d.com
auth: when logging HasPermissionAny, make it clear that the scope is global, not unknown
1 file changed with 3 insertions and 0 deletions:
kallithea/lib/auth.py
3
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -927,96 +927,99 @@ class HasUserGroupPermissionAnyDecorator
 
class PermsFunction(object):
 
    """Base function for other check functions"""
 

			




	
	
	
		
 
    def __init__(self, *perms):

			




	
	
	
		
 
        self.required_perms = set(perms)

			




	
	
	
		
 
        self.user_perms = None

			




	
	
	
		
 
        self.repo_name = None

			




	
	
	
		
 
        self.group_name = None

			




	
	
	
		
 

			




	
	
	
		
 
    def __nonzero__(self):

			




	
	
	
		
 
        """ Defend against accidentally forgetting to call the object

			




	
	
	
		
 
            and instead evaluating it directly in a boolean context,

			




	
	
	
		
 
            which could have security implications.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, check_location='unspecified location'):

			




	
	
	
		
 
        user = request.user

			




	
	
	
		
 
        assert user

			




	
	
	
		
 
        assert isinstance(user, AuthUser), user

			




	
	
	
		
 

			




	
	
	
		
 
        cls_name = self.__class__.__name__

			




	
	
	
		
 
        check_scope = self._scope()

			




	
	
	
		
 
        log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,

			




	
	
	
		
 
                  self.required_perms, user, check_scope,

			




	
	
	
		
 
                  check_location)

			




	
	
	
		
 
        self.user_perms = user.permissions

			




	
	
	
		
 

			




	
	
	
		
 
        result = self.check_permissions()

			




	
	
	
		
 
        result_text = 'granted' if result else 'denied'

			




	
	
	
		
 
        log.debug('Permission to %s %s for user: %s @ %s',

			




	
	
	
		
 
            check_scope, result_text, user, check_location)

			




	
	
	
		
 
        return result

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self):

			




	
	
	
		
 
        """Dummy function for overriding"""

			




	
	
	
		
 
        raise Exception('You have to write this function in child class')

			




	
	
	
		
 

			




	
	
	
		
 
    def _scope(self):

			




	
	
	
		
 
        return '(unknown scope)'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasPermissionAny(PermsFunction):

			




	
	
	
		
 
    def check_permissions(self):

			




	
	
	
		
 
        if self.required_perms.intersection(self.user_perms.get('global')):

			




	
	
	
		
 
            return True

			




	
	
	
		
 
        return False

			




	
	
	
		
 

			




	
	
	
		
 
    def _scope(self):

			




	
	
	
		
 
        return 'global'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoPermissionAny(PermsFunction):

			




	
	
	
		
 
    def __call__(self, repo_name=None, check_location=''):

			




	
	
	
		
 
        self.repo_name = repo_name

			




	
	
	
		
 
        return super(HasRepoPermissionAny, self).__call__(check_location)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self):

			




	
	
	
		
 
        if not self.repo_name:

			




	
	
	
		
 
            self.repo_name = get_repo_slug(request)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self._user_perms = set(

			




	
	
	
		
 
                [self.user_perms['repositories'][self.repo_name]]

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except KeyError:

			




	
	
	
		
 
            return False

			




	
	
	
		
 
        if self.required_perms.intersection(self._user_perms):

			




	
	
	
		
 
            return True

			




	
	
	
		
 
        return False

			




	
	
	
		
 

			




	
	
	
		
 
    def _scope(self):

			




	
	
	
		
 
        return 'repo:%s' % self.repo_name

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoGroupPermissionAny(PermsFunction):

			




	
	
	
		
 
    def __call__(self, group_name=None, check_location=''):

			




	
	
	
		
 
        self.group_name = group_name

			




	
	
	
		
 
        return super(HasRepoGroupPermissionAny, self).__call__(check_location)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self._user_perms = set(

			




	
	
	
		
 
                [self.user_perms['repositories_groups'][self.group_name]]

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except KeyError:

			




	
	
	
		
 
            return False

			




	
	
	
		
 
        if self.required_perms.intersection(self._user_perms):

			




	
	
	
		
 
            return True

			




	
	
	
		
 
        return False

			




	
	
	
		
 

			




	
	
	
		
 
    def _scope(self):

			




	
	
	
		
 
        return 'repogroup:%s' % self.group_name

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasUserGroupPermissionAny(PermsFunction):

			




	
	
	
		
 
    def __call__(self, user_group_name=None, check_location=''):

			




	
	
	
		
 
        self.user_group_name = user_group_name

			




	
	
	
		
 
        return super(HasUserGroupPermissionAny, self).__call__(check_location)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.