|
a/Allura/allura/lib/security.py |
|
b/Allura/allura/lib/security.py |
|
... |
|
... |
| 175 |
@LazyProperty
|
175 |
@LazyProperty
|
| 176 |
def reaching_ids_set(self):
|
176 |
def reaching_ids_set(self):
|
| 177 |
return set(self.reaching_ids)
|
177 |
return set(self.reaching_ids)
|
| 178 |
|
178 |
|
| 179 |
def has_access(obj, permission, user=None, project=None):
|
179 |
def has_access(obj, permission, user=None, project=None):
|
| 180 |
'''Return whether the given user has the permission name on the giqven object.
|
180 |
'''Return whether the given user has the permission name on the given object.
|
| 181 |
|
181 |
|
| 182 |
- First, all the roles for a user in the given project context are computed.
|
182 |
- First, all the roles for a user in the given project context are computed.
|
| 183 |
|
183 |
|
| 184 |
- Next, for each role, the given object's ACL is examined linearly. If an ACE
|
184 |
- Next, for each role, the given object's ACL is examined linearly. If an ACE
|
| 185 |
is found which matches the permission and user, and that ACE ALLOWs access,
|
185 |
is found which matches the permission and user, and that ACE ALLOWs access,
|
|
... |
|
... |
| 247 |
return result
|
247 |
return result
|
| 248 |
return predicate
|
248 |
return predicate
|
| 249 |
|
249 |
|
| 250 |
def require(predicate, message=None):
|
250 |
def require(predicate, message=None):
|
| 251 |
'''
|
251 |
'''
|
| 252 |
Example: require(has_artifact_access('read'))
|
252 |
Example: require(has_access(c.app, 'read'))
|
| 253 |
|
253 |
|
| 254 |
:param callable predicate: truth function to call
|
254 |
:param callable predicate: truth function to call
|
| 255 |
:param str message: message to show upon failure
|
255 |
:param str message: message to show upon failure
|
| 256 |
:raises: HTTPForbidden or HTTPUnauthorized
|
256 |
:raises: HTTPForbidden or HTTPUnauthorized
|
| 257 |
'''
|
257 |
'''
|