From 82bcd45727a72513ff052ddf0cfe892c1726d590 Mon Sep 17 00:00:00 2001 From: Jimmy Zelinskie Date: Wed, 22 Mar 2017 23:41:31 -0400 Subject: [PATCH] endpoints: clarify repo access decorators --- endpoints/appr/__init__.py | 31 +--------------------------- endpoints/decorators.py | 41 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 32 deletions(-) diff --git a/endpoints/appr/__init__.py b/endpoints/appr/__init__.py index 83c8bd060..eda407b2e 100644 --- a/endpoints/appr/__init__.py +++ b/endpoints/appr/__init__.py @@ -8,7 +8,7 @@ from flask import Blueprint from app import metric_queue from auth.permissions import (AdministerRepositoryPermission, ReadRepositoryPermission, ModifyRepositoryPermission) -from data import model # TODO: stop using model directly +from endpoints.decorators import require_repo_permission from util.metrics.metricqueue import time_blueprint @@ -17,35 +17,6 @@ time_blueprint(appr_bp, metric_queue) logger = logging.getLogger(__name__) -def _raise_unauthorized(repository, scopes): - raise StandardError("Unauthorized acces to %s", repository) - - -def _get_reponame_kwargs(*args, **kwargs): - return [kwargs['namespace_name'], kwargs['repo_name']] - - -def require_repo_permission(permission_class, scopes=None, allow_public=False, - raise_method=_raise_unauthorized, - get_reponame_method=_get_reponame_kwargs): - def wrapper(func): - @wraps(func) - def wrapped(*args, **kwargs): - namespace_name, repo_name = get_reponame_method(*args, **kwargs) - - logger.debug('Checking permission %s for repo: %s/%s', permission_class, - namespace_name, repo_name) - permission = permission_class(namespace_name, repo_name) - if (permission.can() or - (allow_public and - model.repository.repository_is_public(namespace_name, repo_name))): - return func(*args, **kwargs) - repository = namespace_name + '/' + repo_name - raise_method(repository, scopes) - return wrapped - return wrapper - - def _raise_method(repository, scopes): raise UnauthorizedAccess("Unauthorized access for: %s" % repository, {"package": repository, "scopes": scopes}) diff --git a/endpoints/decorators.py b/endpoints/decorators.py index b032b624a..8c8af2a52 100644 --- a/endpoints/decorators.py +++ b/endpoints/decorators.py @@ -1,10 +1,19 @@ """ Various decorators for endpoint and API handlers. """ -import features +import logging + +from functools import wraps + from flask import abort + +import features + from auth.auth_context import (get_validated_oauth_token, get_authenticated_user, get_validated_token, get_grant_context) -from functools import wraps +from data import model # TODO: stop using model directly + + +logger = logging.getLogger(__name__) def anon_allowed(func): @@ -34,3 +43,31 @@ def check_anon_protection(func): abort(401) return wrapper + +def _raise_unauthorized(repository, scopes): + raise StandardError("Unauthorized acces to %s", repository) + + +def _get_reponame_kwargs(*args, **kwargs): + return [kwargs['namespace_name'], kwargs['repo_name']] + + +def require_repo_permission(permission_class, scopes=None, allow_public=False, + raise_method=_raise_unauthorized, + get_reponame_method=_get_reponame_kwargs): + def wrapper(func): + @wraps(func) + def wrapped(*args, **kwargs): + namespace_name, repo_name = get_reponame_method(*args, **kwargs) + + logger.debug('Checking permission %s for repo: %s/%s', permission_class, + namespace_name, repo_name) + permission = permission_class(namespace_name, repo_name) + if (permission.can() or + (allow_public and + model.repository.repository_is_public(namespace_name, repo_name))): + return func(*args, **kwargs) + repository = namespace_name + '/' + repo_name + raise_method(repository, scopes) + return wrapped + return wrapper