mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
505760aa8d
* Do not show objects in status "pending" on the UI #784 * Fix peeringdb.js bug introduced in #784 * 500 Error during login for 2FA enabled accounts with unverified email address #996 * Django-Admin: adding a network with existing asn fails with internal error #1035 * Some command-line-tool executions are not logged #1119 * Ops: API throttling of repeated requests #1126 * Ops: response header X-Auth-ID to augment logging #1120 * Allow rate-limiting of melissa enabled api functionality. #1124 * State / Province normalization #1079 * Log melissa requests #1122 * remove debug messages * bump django-handleref to 1.0.2 * Need consolidated app logs #845 * pin django peeringdb to 2.13 and relock poetry * pin django-restframework-apikey to 2.1.0 * linting * migrations * docs regenerate * docs * linting Co-authored-by: David Poarch <dpoarch@20c.com> Co-authored-by: Stefan Pratter <stefan@20c.com>
160 lines
3.4 KiB
Markdown
160 lines
3.4 KiB
Markdown
Generated from permissions.py on 2022-04-12 16:41:02.631987
|
|
|
|
# peeringdb_server.permissions
|
|
|
|
Utilities for permission handling.
|
|
|
|
Permission logic is handled through django-grainy.
|
|
|
|
API key auth is handled through djangorestframework-api-key.
|
|
|
|
Determine permission holder from request (api key or user).
|
|
|
|
Read only user api key handling.
|
|
|
|
Censor API output data according to permissions using grainy Applicators.
|
|
|
|
# Functions
|
|
---
|
|
|
|
## check_permissions
|
|
`def check_permissions(obj, target, permissions, **kwargs)`
|
|
|
|
Use the provided permission holding object to initialize
|
|
the Permissions Util, which then checks permissions.
|
|
|
|
---
|
|
## check_permissions_from_request
|
|
`def check_permissions_from_request(request, target, flag, **kwargs)`
|
|
|
|
Call the check_permissions util but takes a request as
|
|
input, not a permission-holding object.
|
|
|
|
---
|
|
## get_key_from_request
|
|
`def get_key_from_request(request)`
|
|
|
|
Use the default KeyParser from drf-api-keys to pull the key out of the request.
|
|
|
|
---
|
|
## get_org_key_from_request
|
|
`def get_org_key_from_request(request)`
|
|
|
|
Return an org key from the request if the request
|
|
was made with an OrgKey.
|
|
|
|
Otherwise returns None.
|
|
|
|
---
|
|
## get_permission_holder_from_request
|
|
`def get_permission_holder_from_request(request)`
|
|
|
|
Return either an API Key instance or User instance
|
|
depending on how the request is Authenticated.
|
|
|
|
---
|
|
## get_user_from_request
|
|
`def get_user_from_request(request)`
|
|
|
|
Return a user from the request if the request
|
|
was made with either a User or UserAPIKey.
|
|
|
|
If request was made with OrgKey, returns None.
|
|
|
|
---
|
|
## get_user_key_from_request
|
|
`def get_user_key_from_request(request)`
|
|
|
|
Return a user API key from the request if the request
|
|
was made with an User API Key.
|
|
|
|
Otherwise returns None.
|
|
|
|
---
|
|
## init_permissions_helper
|
|
`def init_permissions_helper(obj)`
|
|
|
|
Initialize the Permission Util based on
|
|
whether the provided object is a UserAPIKey, OrgAPIKey,
|
|
or a different object.
|
|
|
|
---
|
|
## return_org_api_key_perms
|
|
`def return_org_api_key_perms(key)`
|
|
|
|
Load Permissions util with OrgAPIKey perms
|
|
and then add in that organization's user group perms
|
|
and general user group permissions.
|
|
|
|
---
|
|
## return_user_api_key_perms
|
|
`def return_user_api_key_perms(key)`
|
|
|
|
Initialize the Permissions Util with the
|
|
permissions of the user linked to the User API
|
|
key.
|
|
|
|
If the UserAPIKey is marked readonly, it downgrades
|
|
all permissions to readonly.
|
|
|
|
---
|
|
# Classes
|
|
---
|
|
|
|
## APIPermissionsApplicator
|
|
|
|
```
|
|
APIPermissionsApplicator(grainy.core.NamespaceKeyApplicator)
|
|
```
|
|
|
|
Applicator that looks for permission namespaces from
|
|
a specified field in the dict it is scanning
|
|
|
|
|
|
### Instanced Attributes
|
|
|
|
These attributes / properties will be available on instances of the class
|
|
|
|
- is_generating_api_cache (`@property`): None
|
|
|
|
### Methods
|
|
|
|
#### \__init__
|
|
`def __init__(self, request)`
|
|
|
|
Initialize self. See help(type(self)) for accurate signature.
|
|
|
|
---
|
|
|
|
## ModelViewSetPermissions
|
|
|
|
```
|
|
ModelViewSetPermissions(rest_framework.permissions.BasePermission)
|
|
```
|
|
|
|
Use as a permission class on a ModelRestViewSet
|
|
to automatically wire up the following views
|
|
to the correct permissions based on the handled object:
|
|
- retrieve
|
|
- list
|
|
- create
|
|
- destroy
|
|
- update
|
|
- partial update
|
|
|
|
|
|
### Methods
|
|
|
|
#### has_object_permission
|
|
`def has_object_permission(self, request, view, obj)`
|
|
|
|
Return `True` if permission is granted, `False` otherwise.
|
|
|
|
---
|
|
#### has_permission
|
|
`def has_permission(self, request, view)`
|
|
|
|
Return `True` if permission is granted, `False` otherwise.
|
|
|
|
---
|