Mercurial Repository: p/roundup/code: roundup/security.py comparison

comparison roundup/security.py @ 6012:06e6bc21b67e

flake8 changes whitepace and formatting

author	John Rouillard <rouilj@ieee.org>
date	Tue, 31 Dec 2019 21:34:24 -0500
parents	3fa026621f69
children	c12377fb4144

comparison

equal deleted inserted replaced

-:8bd93c8e98a6
+:06e6bc21b67e
 from roundup import hyperdb, support
 import logging
 logger = logging.getLogger('roundup.security')
 class Permission:
 ''' Defines a Permission with the attributes
 - name
 - description
 db.security.set_props_only_default()
 with a True or False value.
 '''
-limit_perm_to_props_only=False
+limit_perm_to_props_only = False
 def __init__(self, name='', description='', klass=None,
 properties=None, check=None, props_only=None):
 from roundup.anypy import findargspec
 self.name = name
 self.description = description
 self.klass = klass
 self.properties = properties
 # see note on use of bool() in set_props_only_default()
 self.limit_perm_to_props_only = bool(props_only)
 else:
 self.limit_perm_to_props_only = None
 if check is None:
 self.check_version = 0
 else:
-args=findargspec.findargspec(check)
+args = findargspec.findargspec(check)
 # args[2] is the keywords argument. Leave it as a subscript and
 # do not use named tuple reference as names change in python 3.
 # If there is a **parameter defined in the function spec, the
 # value of the 3rd argument (2nd index) in the tuple is not None.
 if args[2] is None:
 if itemid is not None and self.check is not None:
 if self.check_version == 1:
 if not self.check(db, userid, itemid):
 return 0
 elif self.check_version == 2:
-if not self.check(db, userid, itemid, property=property, \
+if not self.check(db, userid, itemid, property=property,
 permission=permission, classname=classname):
 return 0
 # we have a winner
 return 1
 if self.check:
 return 0
 return 1
 def __repr__(self):
-return '<Permission 0x%x %r,%r,%r,%r,%r>'%(id(self), self.name,
+return '<Permission 0x%x %r,%r,%r,%r,%r>' % (id(self), self.name,
 self.klass, self.properties, self.check,
 self.limit_perm_to_props_only)
 def __eq__(self, other):
 if self.name != other.name:
 if self.klass != other.klass: return False
 if self.properties != other.properties: return False
 if self.check != other.check: return False
 if self.limit_perm_to_props_only != \
 other.limit_perm_to_props_only: return False
 # match
 return True
 def __ne__(self, other):
 return not self.__eq__(other)
-def __getitem__(self,index):
+def __getitem__(self, index):
 return (self.name, self.klass, self.properties, self.check,
 self.limit_perm_to_props_only)[index]
 class Role:
 ''' Defines a Role with the attributes
 - name
 - description
 if permissions is None:
 permissions = []
 self.permissions = permissions
 def __repr__(self):
-return '<Role 0x%x %r,%r>'%(id(self), self.name, self.permissions)
+return '<Role 0x%x %r,%r>' % (id(self), self.name, self.permissions)
 class Security:
 def __init__(self, db):
 ''' Initialise the permission and role classes, and add in the
 base roles (for admin user).
 self.addRole(name="Anonymous", description="An anonymous user")
 # default permissions - Admin may do anything
 for p in 'create edit restore retire view'.split():
 p = self.addPermission(name=p.title(),
-description="User may %s everything"%p)
+description="User may %s everything" % p)
 self.addPermissionToRole('Admin', p)
 # initialise the permissions and roles needed for the UIs
 from roundup.cgi import client
 client.initialiseSecurity(self)
 from roundup import mailgw
 mailgw.initialiseSecurity(self)
 def getPermission(self, permission, classname=None, properties=None,
 check=None, props_only=None):
 ''' Find the Permission matching the name and for the class, if the
 classname is specified.
 Raise ValueError if there is no exact match.
 '''
 if permission not in self.permission:
-raise ValueError('No permission "%s" defined'%permission)
+raise ValueError('No permission "%s" defined' % permission)
 if classname:
 try:
 self.db.getclass(classname)
 except KeyError:
-raise ValueError('No class "%s" defined'%classname)
+raise ValueError('No class "%s" defined' % classname)
 # look through all the permissions of the given name
 tester = Permission(permission, klass=classname, properties=properties,
 check=check,
 props_only=props_only)
 for perm in self.permission[permission]:
 if perm == tester:
 return perm
-raise ValueError('No permission "%s" defined for "%s"'%(permission,
+raise ValueError('No permission "%s" defined for "%s"' % (permission,
 classname))
 def hasPermission(self, permission, userid, classname=None,
 property=None, itemid=None):
 '''Look through all the Roles, and hence Permissions, and
 see if "permission" exists given the constraints of
 classname, property, itemid, and props_only.
 If classname is specified (and only classname) the
 continue
 # for each of the user's Roles, check the permissions
 for perm in self.role[rolename].permissions:
 # permission match?
 if perm.test(self.db, permission, classname, property,
 userid, itemid):
 return 1
 return 0
 def roleHasSearchPermission(self, classname, property, *rolenames):
 """ For each of the given roles, check the permissions.
 Property can be a transitive property.
 """
 perms = []
 # pre-compute permissions
-for rn in rolenames :
+for rn in rolenames:
 for perm in self.role[rn].permissions:
 perms.append(perm)
 # Note: break from inner loop means "found"
 #       break from outer loop means "not found"
 cn = classname
 either no properties listed or the property must appear in
 the list.
 '''
 roles = [r for r in self.db.user.get_roles(userid)
 if r and (r in self.role)]
-return self.roleHasSearchPermission (classname, property, *roles)
+return self.roleHasSearchPermission(classname, property, *roles)
 def addPermission(self, **propspec):
 ''' Create a new Permission with the properties defined in
 'propspec'. See the Permission class for the possible
 keyword args.
 def get_props_only_default(self):
 return Permission.limit_perm_to_props_only
 def addPermissionToRole(self, rolename, permission, classname=None,
 properties=None, check=None, props_only=None):
 ''' Add the permission to the role's permission list.
 'rolename' is the name of the role to add the permission to.
 'permission' is either a Permission *or* a permission name
 is obtained by passing 'permission' and 'classname' to
 self.getPermission)
 '''
 if not isinstance(permission, Permission):
 permission = self.getPermission(permission, classname,
 properties, check, props_only)
 role = self.role[rolename.lower()]
 role.permissions.append(permission)
 # Convenience methods for removing non-allowed properties from a
 # filterspec or sort/group list
 def filterFilterspec(self, userid, classname, filterspec):
 """ Return a filterspec that has all non-allowed properties removed.
 """
-return dict ([(k, v) for k, v in filterspec.items()
+return dict([(k, v) for k, v in filterspec.items()
-if self.hasSearchPermission(userid,classname,k)])
+if self.hasSearchPermission(userid, classname, k)])
 def filterSortspec(self, userid, classname, sort):
 """ Return a sort- or group-list that has all non-allowed properties
 removed.
 """
 if isinstance(sort, tuple) and sort[0] in '+-':
 sort = [sort]
 return [(d, p) for d, p in sort
-if self.hasSearchPermission(userid,classname,p)]
+if self.hasSearchPermission(userid, classname, p)]
 # vim: set filetype=python sts=4 sw=4 et si :

Mercurial > p > roundup > code

comparison roundup/security.py @ 6012:06e6bc21b67e