authentik/passbook/policies/mixins.py

"""passbook access helper classes"""
from typing import Optional

from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
from structlog import get_logger

from passbook.core.models import Application, Provider, User
from passbook.policies.engine import PolicyEngine
from passbook.policies.types import PolicyResult

LOGGER = get_logger()


class BaseMixin:
    """Base Mixin class, used to annotate View Member variables"""

    request: HttpRequest


class PolicyAccessMixin(BaseMixin):
    """Mixin class for usage in Authorization views.
    Provider functions to check application access, etc"""

    def provider_to_application(self, provider: Provider) -> Application:
        """Lookup application assigned to provider, throw error if no application assigned"""
        try:
            return provider.application
        except Application.DoesNotExist as exc:
            messages.error(
                self.request,
                _(
                    'Provider "%(name)s" has no application assigned'
                    % {"name": provider}
                ),
            )
            raise exc

    def user_has_access(
        self, application: Application, user: Optional[User] = None
    ) -> PolicyResult:
        """Check if user has access to application."""
        user = user or self.request.user
        policy_engine = PolicyEngine(
            application, user or self.request.user, self.request
        )
        policy_engine.build()
        result = policy_engine.result
        LOGGER.debug(
            "AccessMixin user_has_access", user=user, app=application, result=result,
        )
        if not result.passing:
            for message in result.messages:
                messages.error(self.request, _(message))
        return result
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""passbook access helper classes"""`
providers/*: use PolicyAccessMixin to simplify 2020-07-01 21:18:10 +00:00			`from typing import Optional`

add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.contrib import messages`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from django.http import HttpRequest`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.utils.translation import gettext as _`
*(minor): stdlib logging to structlog 2019-10-01 08:24:10 +00:00			`from structlog import get_logger`
core: cleanup 2018-12-09 20:07:38 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from passbook.core.models import Application, Provider, User`
*(minor): small refactor 2019-10-07 14:33:48 +00:00			`from passbook.policies.engine import PolicyEngine`
policies/*: remove Policy.negate, order, timeout (#39) policies: rewrite engine to use PolicyBinding for order/negate/timeout policies: rewrite engine to use PolicyResult instead of tuple 2020-05-28 19:45:54 +00:00			`from passbook.policies.types import PolicyResult`
core: cleanup 2018-12-09 20:07:38 +00:00
*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00
providers/*: use PolicyAccessMixin to simplify 2020-07-01 21:18:10 +00:00			`class BaseMixin:`
			`"""Base Mixin class, used to annotate View Member variables"""`

			`request: HttpRequest`


			`class PolicyAccessMixin(BaseMixin):`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Mixin class for usage in Authorization views.`
			`Provider functions to check application access, etc"""`

root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`def provider_to_application(self, provider: Provider) -> Application:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Lookup application assigned to provider, throw error if no application assigned"""`
core: cleanup 2018-12-09 20:07:38 +00:00			`try:`
			`return provider.application`
			`except Application.DoesNotExist as exc:`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`messages.error(`
			`self.request,`
			`_(`
			`'Provider "%(name)s" has no application assigned'`
			`% {"name": provider}`
			`),`
			`)`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`raise exc`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
providers/*: use PolicyAccessMixin to simplify 2020-07-01 21:18:10 +00:00			`def user_has_access(`
			`self, application: Application, user: Optional[User] = None`
			`) -> PolicyResult:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Check if user has access to application."""`
providers/*: use PolicyAccessMixin to simplify 2020-07-01 21:18:10 +00:00			`user = user or self.request.user`
			`policy_engine = PolicyEngine(`
			`application, user or self.request.user, self.request`
			`)`
policy(major): simplify PolicyEngine API, add flag to ignore cache for debug purposes 2019-10-15 13:44:59 +00:00			`policy_engine.build()`
providers/*: use PolicyAccessMixin to simplify 2020-07-01 21:18:10 +00:00			`result = policy_engine.result`
			`LOGGER.debug(`
			`"AccessMixin user_has_access", user=user, app=application, result=result,`
			`)`
			`if not result.passing:`
			`for message in result.messages:`
			`messages.error(self.request, _(message))`
			`return result`