Removed previous authentication logic

Should not have functional changes.
2015-10-11 22:52:57 +02:00
parent 018ddfa20b
commit 1c011b45ff
2 changed files with 6 additions and 351 deletions
--- a/pillar/application/init.py
+++ b/pillar/application/init.py
@@ -19,13 +19,6 @@ from flask import request
 from flask import url_for
 from flask import abort

-from pre_hooks import pre_GET
-from pre_hooks import pre_PUT
-from pre_hooks import pre_PATCH
-from pre_hooks import pre_POST
-from pre_hooks import pre_DELETE
-# from pre_hooks import check_permissions
-# from pre_hooks import compute_permissions

 from datetime import datetime
 from datetime import timedelta
@@ -140,59 +133,17 @@ def validate_token():
    setattr(g, 'current_user', current_user)


-class TokensAuth(TokenAuth):
-    def check_auth(self, token, allowed_roles, resource, method):
-        if not token:
-            return False
-
-        validate_token()
-
-        # if dbtoken:
-        #     check_permissions(dbtoken['user'])
-        #     return True
-
-        # return validation['valid']
-        return True
-
-
-class BasicsAuth(BasicAuth):
-    def check_auth(self, username, password, allowed_roles, resource, method):
-        # return username == 'admin' and password == 'secret'
-        print username
-        print password
-        return True
-
-
-class CustomTokenAuth(BasicsAuth):
-    """Switch between Basic and Token auth"""
-    def __init__(self):
-        self.token_auth = TokensAuth()
-        self.authorized_protected = BasicsAuth.authorized
-
-    def authorized(self, allowed_roles, resource, method):
-        # if resource == 'tokens':
-        if False:
-            return self.authorized_protected(
-                self, allowed_roles, resource, method)
-        else:
-            print 'is auth'
-            return self.token_auth.authorized(allowed_roles, resource, method)
-
-    def authorized_protected(self):
-        pass
-
-
 class NewAuth(TokenAuth):
    def check_auth(self, token, allowed_roles, resource, method):
        if not token:
            return False
        else:
-            print '---'
-            print 'validating'
-            print token
-            print resource
-            print method
-            print '---'
+            # print '---'
+            # print 'validating'
+            # print token
+            # print resource
+            # print method
+            # print '---'
            validate_token()

        return True
@@ -273,65 +224,6 @@ client = MongoClient(app.config['MONGO_HOST'], 27017)
 db = client.eve


-def global_validation():
-    token_data = validate_token()
-    if token_data:
-        setattr(g, 'token_data', token_data)
-        #setattr(g, 'validate', validate(token_data['token']))
-        check_permissions(token_data['user'], app.data.driver)
-    else:
-        print 'NO TOKEN'
-
-
-def pre_GET_nodes(request, lookup):
-    # Only get allowed documents
-    global_validation()
-    # print ("Get")
-    # print ("Owner: {0}".format(g.get('owner_permissions')))
-    # print ("World: {0}".format(g.get('world_permissions')))
-    return pre_GET(request, lookup, app.data.driver)
-
-
-def pre_PUT_nodes(request, lookup):
-    # Only Update allowed documents
-    global_validation()
-    # print ("Put")
-    # print ("Owner: {0}".format(g.get('owner_permissions')))
-    # print ("World: {0}".format(g.get('world_permissions')))
-    return pre_PUT(request, lookup, app.data.driver)
-
-
-def pre_PATCH_nodes(request):
-    return pre_PATCH(request, app.data.driver)
-
-
-def pre_POST_nodes(request):
-    # global_validation()
-    # print ("Post")
-    # print ("World: {0}".format(g.get('world_permissions')))
-    # print ("Group: {0}".format(g.get('groups_permissions')))
-    # return pre_POST(request, app.data.driver)
-    print 'pre posting'
-    print request
-
-
-def pre_DELETE_nodes(request, lookup):
-    # Only Delete allowed documents
-    global_validation()
-    # print ("Delete")
-    # print ("Owner: {0}".format(type_owner_permissions))
-    # print ("World: {0}".format(type_world_permissions))
-    # print ("Groups: {0}".format(type_groups_permissions))
-    return pre_DELETE(request, lookup, app.data.driver)
-
-
-#app.on_pre_GET_nodes += pre_GET_nodes
-app.on_pre_POST_nodes += pre_POST_nodes
-# app.on_pre_PATCH_nodes += pre_PATCH_nodes
-#app.on_pre_PUT_nodes += pre_PUT_nodes
-app.on_pre_DELETE_nodes += pre_DELETE_nodes
-
-
 def check_permissions(resource, method):
    """Check user permissions to access a node. We look up node permissions from
    world to groups to users and match them with the computed user permissions.
--- a/pillar/application/pre_hooks.py
+++ b/pillar/application/pre_hooks.py
@@ -1,237 +0,0 @@
-import json
-from flask import g
-from flask import abort
-from flask import request
-
-from bson import ObjectId
-
-# from application import app
-
-
-def permissions_lookup(action, lookup):
-    type_world_permissions = g.get('type_world_permissions')
-    type_owner_permissions = g.get('type_owner_permissions')
-    node_types = []
-    # Get all node_types allowed by world:
-    for perm in type_world_permissions:
-        if action in type_world_permissions[perm]:
-            node_types.append(str(perm))
-    # Get all nodes with node_type allowed by owner if user == owner
-    owner_lookup = []
-    for perm in type_owner_permissions:
-        if action in type_owner_permissions[perm]:
-            if action not in type_world_permissions[perm]:
-                # If one of the following is true
-                # If node_type==node_type and user==user
-                owner_lookup.append(
-                    {'$and': [{'node_type': str(perm)},
-                              {'user': str(g.get('token_data')['user'])}]})
-    lookup['$or'] = [{'node_type': {'$in': node_types}}]
-    if len(owner_lookup) > 0:
-        lookup['$or'].append({'$or': owner_lookup})
-    return lookup
-
-
-def pre_GET(request, lookup, data_driver):
-    action = 'GET'
-    if 'token_type' not in lookup and '_id' not in request.view_args:
-        # Is quering for all nodes (mixed types)
-        lookup = permissions_lookup(action, lookup)
-    else:
-        # Is quering for one specific node
-        if action not in g.get('world_permissions') and \
-                action not in g.get('groups_permissions'):
-            lookup['user'] = g.get('token_data')['user']
-    # token_data = validate_token()
-    # validate(token_data['token'])
-
-    # lookup["userr"] = "user"
-    # print ("Lookup")
-    # print (lookup)
-
-
-def pre_PUT(request, lookup, data_driver):
-    action = 'UPDATE'
-    if 'token_type' not in lookup and '_id' not in request.view_args:
-        # Is updating all nodes (mixed types)
-        lookup = permissions_lookup(action, lookup)
-    else:
-        # Is updating one specific node
-        if action not in g.get('world_permissions') and \
-                action not in g.get('groups_permissions'):
-            lookup['user'] = g.get('token_data')['user']
-
-    # print ("Lookup")
-    # print (lookup)
-
-
-def pre_PATCH(request, lookup, data_driver):
-    print ("Patch")
-
-
-def pre_POST(request, data_driver):
-    # Only Post allowed documents
-    action = 'POST'
-    #print(g.get('type_groups_permissions'))
-    print(g.get('groups_permissions'))
-    print(g.get('world_permissions'))
-    # Is quering for one specific node
-    if action not in g.get('world_permissions') and \
-            action not in g.get('groups_permissions'):
-        abort(403)
-
-
-def pre_DELETE(request, lookup, data_driver):
-    type_world_permissions = g.get('type_world_permissions')
-    type_owner_permissions = g.get('type_owner_permissions')
-    type_groups_permissions = g.get('type_groups_permissions')
-    action = 'DELETE'
-
-    if '_id' in lookup:
-        nodes = data_driver.db['nodes']
-        dbnode = nodes.find_one({'_id': ObjectId(lookup['_id'])})
-        # print (dbnode.count())
-        node_type = str(dbnode['node_type'])
-        if g.get('token_data')['user'] == dbnode['user']:
-            owner = True
-        else:
-            owner = False
-        if action not in type_world_permissions[node_type] and \
-            action not in type_groups_permissions[node_type]:
-            if action not in type_owner_permissions[node_type]:
-                print ("Abort1")
-                abort(403)
-            else:
-                if not owner:
-                    print ("Abort2")
-                    abort(403)
-    else:
-        print ("Abort3")
-        abort(403)
-
-
-def compute_permissions(user, data_driver):
-    node_type = None
-    dbnode = None
-    owner_permissions = []
-    world_permissions = []
-    groups_permissions = []
-    groups = data_driver.db['groups']
-    users = data_driver.db['users']
-    # The hardcoded owners group. In this group we define the default permission
-    # level that the user associated with a node has. These permissions can be
-    # overridden by custom group and world.
-    owner_group = groups.find_one({'name': 'owner'})
-    # The world group is always evaluated, especially when the user is not logged
-    # in.
-    world_group = groups.find_one({'name': 'world'})
-    user_data = users.find_one({'_id': ObjectId(user)})
-    # If we are requesting a specific node
-    try:
-        uuid = request.path.split("/")[2]
-        nodes = data_driver.db['nodes']
-        lookup = {'_id': ObjectId(uuid)}
-        dbnode = nodes.find_one(lookup)
-    except IndexError:
-        pass
-    if dbnode:
-        # If a node object is found, extract the node_type ObjectID
-        node_type = str(dbnode['node_type'])
-
-    # If we are creating a new node, we get the node_type ObjectID from the request
-    json_data = None
-    # TODO(fsiddi): handle creation vs everything else in a more efficient way
-    try:
-        json_data = json.loads(request.data)
-    except ValueError:
-        pass
-    if not node_type and json_data:
-        if 'node_type' in json_data:
-            node_type = json_data['node_type']
-
-    # Extract query lookup
-    # which node_type is asking for?
-    # TODO(fsiddi): It's not clear if this code is being used at all
-
-    # for arg in request.args:
-    #     if arg == 'where':
-    #         try:
-    #             where = json.loads(request.args[arg])
-    #         except ValueError:
-    #             raise
-    #         if where.get('node_type'):
-    #             node_type = where.get('node_type')
-    #         break
-
-    # Get and store permissions for that node_type
-    type_owner_permissions = {}
-    type_world_permissions = {}
-    type_groups_permissions = {}
-    type_mixed_permissions = {}
-
-    for perm in owner_group['permissions']:
-        # Build the global type_owner_permission dictionary
-        type_owner_permissions[str(perm['node_type'])] = perm['permissions']
-        if str(perm['node_type']) == node_type:
-            # If a node_type ObjectID matches the requested node_type, populate
-            # the actual owner permissions for the current user
-            owner_permissions = perm['permissions']
-
-    for perm in world_group['permissions']:
-        # Build the global type_owner_permission dictionary
-        type_world_permissions[str(perm['node_type'])] = perm['permissions']
-        if str(perm['node_type']) == node_type:
-            # If a node_type ObjectID matches the requested node_type, populate
-            # the actual world permissions in relation to the current user
-            world_permissions = perm['permissions']
-
-        # Adding empty permissions
-        if str(perm['node_type']) not in type_groups_permissions:
-            type_groups_permissions[str(perm['node_type'])] = []
-
-    # This dictionary will hold the combined permissions. Why?
-    type_mixed_permissions = type_world_permissions
-
-    # Get group ObjectID associated with the requesting user
-    groups_data = user_data.get('groups')
-    if groups_data:
-        for group in groups_data:
-            group_data = groups.find_one({'_id': ObjectId(group)})
-            for perm in group_data['permissions']:
-                # Populate the group permissions. This searches in the
-                # type_groups_permissions dict, which is generated previously
-                # using the world permissions. If a world permission is not
-                # defined for a certain node type, this will fail.
-                type_groups_permissions[str(perm['node_type'])] += \
-                    perm['permissions']
-                type_mixed_permissions[str(perm['node_type'])] += \
-                    perm['permissions']
-                if str(perm['node_type']) == node_type:
-                    groups_permissions = perm['permissions']
-
-    return {
-        'owner_permissions': owner_permissions,
-        'world_permissions': world_permissions,
-        'groups_permissions': groups_permissions,
-        'type_owner_permissions': type_owner_permissions,
-        'type_world_permissions': type_world_permissions,
-        'type_groups_permissions': type_groups_permissions,
-        'type_mixed_permissions': type_mixed_permissions
-    }
-
-
-def check_permissions(user, data_driver):
-    # Entry point should be nodes
-    entry_point = request.path.split("/")[1]
-    if entry_point != 'nodes':
-        return
-
-    permissions = compute_permissions(user, data_driver)
-
-    # Store permission properties on global
-    setattr(g, 'owner_permissions', permissions['owner_permissions'])
-    setattr(g, 'world_permissions', permissions['world_permissions'])
-    setattr(g, 'groups_permissions', permissions['groups_permissions'])
-    setattr(g, 'type_owner_permissions', permissions['type_owner_permissions'])
-    setattr(g, 'type_world_permissions', permissions['type_world_permissions'])
-    setattr(g, 'type_groups_permissions', permissions['type_groups_permissions'])