Mercurial > p > roundup > code
comparison roundup/security.py @ 5186:36630a062fb5
Check in enhanced form for check command used by addPermission.
New form can include a **context dictionary that allows access to the
name of the property, class, and permission being checked. This
should make designing more complex permission requirements easier.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 17 Feb 2017 21:18:34 -0500 |
| parents | 4058fc1ec746 |
| children | e0732fd6a6c7 |
comparison
equal
deleted
inserted
replaced
| 5185:349bef975367 | 5186:36630a062fb5 |
|---|---|
| 25 the function returns value interpreted as boolean true. | 25 the function returns value interpreted as boolean true. |
| 26 The function is called with arguments db, userid, itemid. | 26 The function is called with arguments db, userid, itemid. |
| 27 ''' | 27 ''' |
| 28 def __init__(self, name='', description='', klass=None, | 28 def __init__(self, name='', description='', klass=None, |
| 29 properties=None, check=None): | 29 properties=None, check=None): |
| 30 import inspect | |
| 30 self.name = name | 31 self.name = name |
| 31 self.description = description | 32 self.description = description |
| 32 self.klass = klass | 33 self.klass = klass |
| 33 self.properties = properties | 34 self.properties = properties |
| 34 self._properties_dict = support.TruthDict(properties) | 35 self._properties_dict = support.TruthDict(properties) |
| 35 self.check = check | 36 self.check = check |
| 36 | 37 |
| 38 if check is None: | |
| 39 self.check_version = 0 | |
| 40 else: | |
| 41 args=inspect.getargspec(check) | |
| 42 # FIXME change args[2] to args.keywords since python | |
| 43 # 2.6 made getargspec a named tuple once roundup 1.6 released. | |
| 44 # If there is a **parameter defined in the function spec, the | |
| 45 # value of the 3rd argument in the tuple is not None. | |
| 46 if args[2] is None: | |
| 47 # function definition is function(db, userid, itemid) | |
| 48 self.check_version = 1 | |
| 49 else: | |
| 50 # function definition is function(db, userid, itemid, **other) | |
| 51 self.check_version = 2 | |
| 52 | |
| 37 def test(self, db, permission, classname, property, userid, itemid): | 53 def test(self, db, permission, classname, property, userid, itemid): |
| 38 if permission != self.name: | 54 if permission != self.name: |
| 39 return 0 | 55 return 0 |
| 40 | 56 |
| 41 # are we checking the correct class | 57 # are we checking the correct class |
| 46 if property is not None and not self._properties_dict[property]: | 62 if property is not None and not self._properties_dict[property]: |
| 47 return 0 | 63 return 0 |
| 48 | 64 |
| 49 # check code | 65 # check code |
| 50 if itemid is not None and self.check is not None: | 66 if itemid is not None and self.check is not None: |
| 51 if not self.check(db, userid, itemid): | 67 if self.check_version == 1: |
| 52 return 0 | 68 if not self.check(db, userid, itemid): |
| 69 return 0 | |
| 70 elif self.check_version == 2: | |
| 71 if not self.check(db, userid, itemid, property=property, permission=permission, classname=classname): | |
| 72 return 0 | |
| 53 | 73 |
| 54 # we have a winner | 74 # we have a winner |
| 55 return 1 | 75 return 1 |
| 56 | 76 |
| 57 def searchable(self, classname, property): | 77 def searchable(self, classname, property): |