This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/core/views/access.py

41 lines
1.4 KiB
Python
Raw Normal View History

"""passbook access helper classes"""
from typing import List, Tuple
from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
2019-10-01 08:24:10 +00:00
from structlog import get_logger
2018-12-09 20:07:38 +00:00
from passbook.core.models import Application, Outlet, User
2019-10-07 14:33:48 +00:00
from passbook.policies.engine import PolicyEngine
2018-12-09 20:07:38 +00:00
LOGGER = get_logger()
2019-12-31 11:51:16 +00:00
class AccessMixin:
"""Mixin class for usage in Authorization views.
Outlet functions to check application access, etc"""
# request is set by view but since this Mixin has no base class
request: HttpRequest = None
def outlet_to_application(self, outlet: Outlet) -> Application:
"""Lookup application assigned to outlet, throw error if no application assigned"""
2018-12-09 20:07:38 +00:00
try:
return outlet.application
2018-12-09 20:07:38 +00:00
except Application.DoesNotExist as exc:
2019-12-31 11:51:16 +00:00
messages.error(
self.request,
_('Outlet "%(name)s" has no application assigned' % {"name": outlet}),
2019-12-31 11:51:16 +00:00
)
raise exc
2019-12-31 11:51:16 +00:00
def user_has_access(
self, application: Application, user: User
) -> Tuple[bool, List[str]]:
"""Check if user has access to application."""
LOGGER.debug("Checking permissions", user=user, application=application)
policy_engine = PolicyEngine(application.policies.all(), user, self.request)
policy_engine.build()
2019-03-12 09:56:01 +00:00
return policy_engine.result