mirror/peeringdb-peeringdb
1
0
Fork 0
mirror of https://github.com/peeringdb/peeringdb.git synced 2024-05-11 05:55:09 +00:00
Code Releases Activity
Files
3dff29075de88316ce22d11d5b3aefee8c27b7e7
peeringdb-peeringdb/docs/dev/modules/permissions.py.md
Matt Griswold 505760aa8d Support 202203 (#1144) 
* Do not show objects in status "pending" on the UI #784

* Fix peeringdb.js bug introduced in #784

* 500 Error during login for 2FA enabled accounts with unverified email address #996

* Django-Admin: adding a network with existing asn fails with internal error #1035

* Some command-line-tool executions are not logged #1119

* Ops: API throttling of repeated requests #1126

* Ops: response header X-Auth-ID to augment logging #1120

* Allow rate-limiting of melissa enabled api functionality. #1124

* State / Province normalization #1079

* Log melissa requests #1122

* remove debug messages

* bump django-handleref to 1.0.2

* Need consolidated app logs #845

* pin django peeringdb to 2.13 and relock poetry

* pin django-restframework-apikey to 2.1.0

* linting

* migrations

* docs regenerate

* docs

* linting

Co-authored-by: David Poarch <dpoarch@20c.com>
Co-authored-by: Stefan Pratter <stefan@20c.com>
2022-04-12 15:39:19 -05:00

3.4 KiB
Raw Blame History

Generated from permissions.py on 2022-04-12 16:41:02.631987

peeringdb_server.permissions

Utilities for permission handling.

Permission logic is handled through django-grainy.

API key auth is handled through djangorestframework-api-key.

Determine permission holder from request (api key or user).

Read only user api key handling.

Censor API output data according to permissions using grainy Applicators.

Functions

check_permissions

def check_permissions(obj, target, permissions, **kwargs)

Use the provided permission holding object to initialize the Permissions Util, which then checks permissions.

check_permissions_from_request

def check_permissions_from_request(request, target, flag, **kwargs)

Call the check_permissions util but takes a request as input, not a permission-holding object.

get_key_from_request

def get_key_from_request(request)

Use the default KeyParser from drf-api-keys to pull the key out of the request.

get_org_key_from_request

def get_org_key_from_request(request)

Return an org key from the request if the request was made with an OrgKey.

Otherwise returns None.

get_permission_holder_from_request

def get_permission_holder_from_request(request)

Return either an API Key instance or User instance depending on how the request is Authenticated.

get_user_from_request

def get_user_from_request(request)

Return a user from the request if the request was made with either a User or UserAPIKey.

If request was made with OrgKey, returns None.

get_user_key_from_request

def get_user_key_from_request(request)

Return a user API key from the request if the request was made with an User API Key.

Otherwise returns None.

init_permissions_helper

def init_permissions_helper(obj)

Initialize the Permission Util based on whether the provided object is a UserAPIKey, OrgAPIKey, or a different object.

return_org_api_key_perms

def return_org_api_key_perms(key)

Load Permissions util with OrgAPIKey perms and then add in that organization's user group perms and general user group permissions.

return_user_api_key_perms

def return_user_api_key_perms(key)

Initialize the Permissions Util with the permissions of the user linked to the User API key.

If the UserAPIKey is marked readonly, it downgrades all permissions to readonly.

Classes

APIPermissionsApplicator

APIPermissionsApplicator(grainy.core.NamespaceKeyApplicator)

Applicator that looks for permission namespaces from a specified field in the dict it is scanning

Instanced Attributes

These attributes / properties will be available on instances of the class

  • is_generating_api_cache (@property): None

Methods

_init_

def __init__(self, request)

Initialize self. See help(type(self)) for accurate signature.

ModelViewSetPermissions

ModelViewSetPermissions(rest_framework.permissions.BasePermission)

Use as a permission class on a ModelRestViewSet to automatically wire up the following views to the correct permissions based on the handled object:

  • retrieve
  • list
  • create
  • destroy
  • update
  • partial update

Methods

has_object_permission

def has_object_permission(self, request, view, obj)

Return True if permission is granted, False otherwise.

has_permission

def has_permission(self, request, view)

Return True if permission is granted, False otherwise.

View Git Blame Copy Permalink