Check for allowed_roles on get on the resource level

This hook was originally implemented only on the item leve, now we check for every node at every GET request. The performance hit can be significant.
2015-10-15 16:12:46 +02:00
parent 4f6c0e27ce
commit 7fbcee2ee7
1 changed files with 10 additions and 1 deletions
--- a/pillar/application/init.py
+++ b/pillar/application/init.py
@@ -277,7 +277,7 @@ def check_permissions(resource, method, append_allowed_methods=False):

    if append_allowed_methods and method in allowed_methods:
        resource['allowed_methods'] = list(set(allowed_methods))
-        return
+        return resource

    abort(403)

@@ -286,6 +286,14 @@ def before_returning_node(response):
    validate_token()
    check_permissions(response, 'GET', append_allowed_methods=True)

+def before_returning_nodes(response):
+    for item in response['_items']:
+        print item
+        validate_token()
+        item = check_permissions(item, 'GET', append_allowed_methods=True)
+        print item
+    print response['_items']
+
 def before_replacing_node(item, original):
    check_permissions(original, 'PUT')

@@ -295,6 +303,7 @@ def before_inserting_nodes(items):


 app.on_fetched_item_nodes += before_returning_node
+app.on_fetched_resource_nodes += before_returning_nodes
 app.on_replace_nodes += before_replacing_node
 app.on_insert_nodes += before_inserting_nodes