authentik/passbook/core/views/access.py

"""passbook access helper classes"""
from typing import List, Tuple

from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
from structlog import get_logger

from passbook.core.models import Application, Provider, User
from passbook.policy.engine import PolicyEngine

LOGGER = get_logger()

class AccessMixin:
    """Mixin class for usage in Authorization views.
    Provider functions to check application access, etc"""

    # request is set by view but since this Mixin has no base class
    request: HttpRequest = None

    def provider_to_application(self, provider: Provider) -> Application:
        """Lookup application assigned to provider, throw error if no application assigned"""
        try:
            return provider.application
        except Application.DoesNotExist as exc:
            messages.error(self.request, _('Provider "%(name)s" has no application assigned' % {
                'name': provider
                }))
            raise exc

    def user_has_access(self, application: Application, user: User) -> Tuple[bool, List[str]]:
        """Check if user has access to application."""
        LOGGER.debug("Checking permissions", user=user, application=application)
        policy_engine = PolicyEngine(application.policies.all())
        policy_engine.for_user(user).with_request(self.request).build()
        return policy_engine.result
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""passbook access helper classes"""`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from typing import List, Tuple`

add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.contrib import messages`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from django.http import HttpRequest`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.utils.translation import gettext as _`
*(minor): stdlib logging to structlog 2019-10-01 08:24:10 +00:00			`from structlog import get_logger`
core: cleanup 2018-12-09 20:07:38 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from passbook.core.models import Application, Provider, User`
policy(minor): Move policy-related code to separate package 2019-10-01 08:17:39 +00:00			`from passbook.policy.engine import PolicyEngine`
core: cleanup 2018-12-09 20:07:38 +00:00
*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
			`class AccessMixin:`
			`"""Mixin class for usage in Authorization views.`
			`Provider functions to check application access, etc"""`

add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`# request is set by view but since this Mixin has no base class`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`request: HttpRequest = None`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`def provider_to_application(self, provider: Provider) -> Application:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Lookup application assigned to provider, throw error if no application assigned"""`
core: cleanup 2018-12-09 20:07:38 +00:00			`try:`
			`return provider.application`
			`except Application.DoesNotExist as exc:`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`messages.error(self.request, _('Provider "%(name)s" has no application assigned' % {`
			`'name': provider`
			`}))`
			`raise exc`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`def user_has_access(self, application: Application, user: User) -> Tuple[bool, List[str]]:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Check if user has access to application."""`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`LOGGER.debug("Checking permissions", user=user, application=application)`
remove Application.user_is_authorized 2019-03-12 09:56:01 +00:00			`policy_engine = PolicyEngine(application.policies.all())`
			`policy_engine.for_user(user).with_request(self.request).build()`
			`return policy_engine.result`