Sākums Izpētīt Palīdzība
Pierakstīties
bux
/
tracim
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
1 Revīzijas
1 Atzari
Koks: fb6389f283
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'fb6389f283'
${ noResults }
tracim/pod/pod/lib/auth.py

auth.py 2.1KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. # -*- coding: utf-8 -*-

  2. """Predicates for authorizations"""

  3. from tg.predicates import Predicate

  4. from pod.model import DBSession as session

  5. from pod.model.auth import Permission, User

  6. import logging as l

  7. 

  8. DIRTY_canReadOrCanWriteSqlQuery = """

  9. SELECT

  10.     pgn.node_id

  11. FROM

  12.     pod_group_node AS pgn

  13.     JOIN pod_nodes AS pn ON pn.node_id = pgn.node_id AND pn.is_shared = 't'

  14.     JOIN pod_user_group AS pug ON pug.group_id = pgn.group_id

  15.     JOIN pod_user AS pu ON pug.user_id = pu.user_id

  16. WHERE

  17.     rights > :excluded_right_low_level

  18.     AND email_address = :email

  19.     AND pgn.node_id = :node_id

  20. UNION

  21.     SELECT

  22.         pnn.node_id

  23.     FROM

  24.         pod_nodes AS pnn,

  25.         pod_user AS puu

  26.     WHERE

  27.         pnn.node_id = :node_id

  28.         AND pnn.owner_id = puu.user_id

  29.         AND puu.email_address = :email

  30. """

  31. 

  32. class can_read(Predicate):

  33.     message = ""

  34. 

  35.     def __init__(self, **kwargs):

  36.         pass

  37. 

  38.     def evaluate(self, environ, credentials):

  39.         if 'node_id' in environ['webob.adhoc_attrs']['validation']['values']:

  40.             node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']

  41.             if node_id!=0:

  42.                 has_right = session.execute(

  43.                     DIRTY_canReadOrCanWriteSqlQuery,

  44.                     {"email":credentials["repoze.who.userid"], "node_id":node_id, "excluded_right_low_level": 0}

  45.                 )

  46.                 if has_right.rowcount == 0 :

  47.                     l.info("User {} don't have read right on node {}".format(credentials["repoze.who.userid"], node_id))

  48.                     self.unmet()

  49. 

  50. class can_write(Predicate):

  51.     message = ""

  52. 

  53.     def __init__(self, **kwargs):

  54.         pass

  55. 

  56.     def evaluate(self, environ, credentials):

  57.         node_id = environ['webob.adhoc_attrs']['validation']['values']['node_id']

  58.         if node_id!=0:

  59.             has_right = session.execute(

  60.                 DIRTY_canReadOrCanWriteSqlQuery,

  61.                 {"email":credentials["repoze.who.userid"], "node_id":node_id, "excluded_right_low_level": 1}

  62.             )

  63.             if has_right.rowcount == 0 :

  64.                 self.unmet()

  65.