# Copyright (c) 2013, 2018 National Technology and Engineering Solutions of Sandia, LLC . Under the terms of Contract
# DE-NA0003525 with National Technology and Engineering Solutions of Sandia, LLC, the U.S. Government
# retains certain rights in this software.
import cherrypy
[docs]
def project_acl(project):
"""Extract ACL information from a project."""
if "acl" not in project:
cherrypy.log.error("Project missing ACL: %s" % project)
return {"administrators":{}, "writers":{}, "readers":{}}
return project["acl"]
[docs]
def is_server_administrator():
"""Return True if the current request is from a server administrator."""
return cherrypy.request.login in cherrypy.request.app.config["slycat"]["server-admins"]
[docs]
def is_project_administrator(project):
"""Return True if the current request is from a project administrator."""
try:
return cherrypy.request.login in [administrator["user"] for administrator in project_acl(project)["administrators"]]
except TypeError:
cherrypy.log.error("error in acl for project %s" % project["_id"])
return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs]
def is_project_writer(project):
"""Return True if the current request is from a project writer."""
try:
return cherrypy.request.login in [writer["user"] for writer in project_acl(project)["writers"]]
except TypeError:
cherrypy.log.error("error in acl for project %s" % project["_id"])
return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs]
def is_project_reader(project):
"""Return True if the current request is from a project reader."""
try:
return cherrypy.request.login in [reader["user"] for reader in project_acl(project)["readers"]]
except TypeError:
cherrypy.log.error("error in acl for project %s" % project["_id"])
return cherrypy.request.login in {"administrators":{}, "writers":{}, "readers":{}}
[docs]
def test_server_administrator():
"""Return True if the current request has server administrator privileges."""
if is_server_administrator():
return True
return False
[docs]
def test_project_administrator(project):
"""Return True if the current request has project administrator privileges."""
if is_server_administrator():
return True
if is_project_administrator(project):
return True
return False
[docs]
def test_project_writer(project):
"""Return True if the current request has project write privileges."""
if is_server_administrator():
return True
if is_project_administrator(project):
return True
if is_project_writer(project):
return True
return False
[docs]
def test_project_reader(project):
"""Return True if the current request has project read privileges."""
if is_server_administrator():
return True
if is_project_administrator(project):
return True
if is_project_writer(project):
return True
if is_project_reader(project):
return True
return False
[docs]
def require_server_administrator():
"""Raise an exception if the current request doesn't have server administrator privileges."""
if not test_server_administrator():
raise cherrypy.HTTPError(403)
[docs]
def require_project_administrator(project):
"""Raise an exception if the current request doesn't have project administrator privileges."""
if not test_project_administrator(project):
raise cherrypy.HTTPError(403)
[docs]
def require_project_writer(project):
"""Raise an exception if the current request doesn't have project write privileges."""
if not test_project_writer(project):
raise cherrypy.HTTPError(403)
[docs]
def require_project_reader(project):
"""Raise an exception if the current request doesn't have project read privileges."""
if not test_project_reader(project):
raise cherrypy.HTTPError(403)