Source code for slycat.web.server.authentication

# Copyright (c) 2013, 2018 National Technology and Engineering Solutions of Sandia, LLC . Under the terms of Contract 
# DE-NA0003525 with National Technology and Engineering Solutions of Sandia, LLC, the U.S. Government 
# retains certain rights in this software.

import cherrypy

[docs] def project_acl(project): """Extract ACL information from a project.""" if "acl" not in project: cherrypy.log.error("Project missing ACL: %s" % project) return {"administrators":{}, "writers":{}, "readers":{}} return project["acl"]
[docs] def is_server_administrator(): """Return True if the current request is from a server administrator.""" return cherrypy.request.login in cherrypy.request.app.config["slycat"]["server-admins"]
[docs] def is_project_administrator(project): """Return True if the current request is from a project administrator.""" try: return cherrypy.request.login in [administrator["user"] for administrator in project_acl(project)["administrators"]] except TypeError: cherrypy.log.error("error in acl for project %s" % project["_id"]) return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs] def is_project_writer(project): """Return True if the current request is from a project writer.""" try: return cherrypy.request.login in [writer["user"] for writer in project_acl(project)["writers"]] except TypeError: cherrypy.log.error("error in acl for project %s" % project["_id"]) return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs] def is_project_reader(project): """Return True if the current request is from a project reader.""" try: return cherrypy.request.login in [reader["user"] for reader in project_acl(project)["readers"]] except TypeError: cherrypy.log.error("error in acl for project %s" % project["_id"]) return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs] def test_server_administrator(): """Return True if the current request has server administrator privileges.""" if is_server_administrator(): return True return False
[docs] def test_project_administrator(project): """Return True if the current request has project administrator privileges.""" if is_server_administrator(): return True if is_project_administrator(project): return True return False
[docs] def test_project_writer(project): """Return True if the current request has project write privileges.""" if is_server_administrator(): return True if is_project_administrator(project): return True if is_project_writer(project): return True return False
[docs] def test_project_reader(project): """Return True if the current request has project read privileges.""" if is_server_administrator(): return True if is_project_administrator(project): return True if is_project_writer(project): return True if is_project_reader(project): return True return False
[docs] def require_server_administrator(): """Raise an exception if the current request doesn't have server administrator privileges.""" if not test_server_administrator(): raise cherrypy.HTTPError(403)
[docs] def require_project_administrator(project): """Raise an exception if the current request doesn't have project administrator privileges.""" if not test_project_administrator(project): raise cherrypy.HTTPError(403)
[docs] def require_project_writer(project): """Raise an exception if the current request doesn't have project write privileges.""" if not test_project_writer(project): raise cherrypy.HTTPError(403)
[docs] def require_project_reader(project): """Raise an exception if the current request doesn't have project read privileges.""" if not test_project_reader(project): raise cherrypy.HTTPError(403)