-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
10 changed files
with
110 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,73 @@ | ||
from typing import Any | ||
import json | ||
from typing import Any, Dict, List | ||
|
||
from .interface import PermissionService | ||
import requests | ||
|
||
from ...shared.exceptions import PermissionException | ||
from ...shared.interfaces.logging import LoggingModule | ||
from .interface import NotAllowed, PermissionService | ||
|
||
|
||
class PermissionHTTPAdapter(PermissionService): | ||
""" | ||
Adapter to connect to permission service. | ||
""" | ||
|
||
def __init__(self, permission_url: str) -> None: | ||
self.url = permission_url | ||
# self.headers = {"Content-Type": "application/json"} | ||
def __init__(self, permission_url: str, logging: LoggingModule) -> None: | ||
self.endpoint = permission_url + "/is_allowed" | ||
self.logger = logging.getLogger(__name__) | ||
|
||
def is_allowed( | ||
self, name: str, user_id: int, data_list: List[Dict[str, Any]] | ||
) -> List[Dict[str, Any]]: | ||
payload = json.dumps( | ||
{"name": name, "user_id": user_id, "data": data_list}, separators=(",", ":") | ||
) | ||
|
||
try: | ||
response = requests.post( | ||
url=self.endpoint, | ||
data=payload, | ||
headers={"Content-Type": "application/json"}, | ||
) | ||
except requests.exceptions.ConnectionError as e: | ||
raise PermissionException( | ||
f"Cannot reach the permission service on {self.endpoint}. Error: {e}" | ||
) | ||
|
||
content = response.json() | ||
self.logger.debug(f"Permission service response: {str(content)}") | ||
|
||
if "error" in content: | ||
type = content["error"]["type"] | ||
msg = content["error"]["msg"] | ||
raise PermissionException(f"Error in permission service. {type}: {msg}") | ||
|
||
allowed = content.get("allowed", False) | ||
|
||
if not allowed: | ||
reason = content.get("reason") | ||
error_index = content.get("error_index") | ||
if error_index < 0: | ||
error_index = None | ||
|
||
# TODO: dev only. Log about missing perms check | ||
if "no such query" in reason: | ||
self.logger.warning( | ||
f"Action {name} has no permission check. Return a default-true." | ||
) | ||
return [{} for _ in data_list] | ||
|
||
raise NotAllowed(reason, error_index) | ||
|
||
additions = content.get("additions") | ||
if not isinstance(additions, list): | ||
raise PermissionException("additions must be a list") | ||
|
||
for i in range(len(additions)): | ||
if additions[i] is None: | ||
additions[i] = {} | ||
if not isinstance(additions[i], dict): | ||
raise PermissionError(f"Addition {i} is not a dict") | ||
|
||
def check_action(self, user_id: int, action: str, data: Any) -> bool: | ||
# TODO: Do not use hardcoded value here but send request to | ||
# permission service. | ||
return True | ||
return additions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,23 @@ | ||
from typing import Any, Protocol | ||
from typing import Any, Dict, List, Optional, Protocol | ||
|
||
|
||
class NotAllowed(Exception): | ||
def __init__(self, reason: str, error_index: Optional[int]): | ||
self.reason = reason | ||
self.error_index = error_index | ||
super().__init__(reason) | ||
|
||
|
||
class PermissionService(Protocol): | ||
""" | ||
Interface of the permission service. | ||
""" | ||
|
||
def check_action(self, user_id: int, action: str, data: Any) -> bool: | ||
def is_allowed( | ||
self, name: str, user_id: int, data_list: List[Dict[str, Any]] | ||
) -> List[Dict[str, Any]]: | ||
""" | ||
Check if the given action with the given data is allowed for the fiven user. | ||
Checks, if the user is allowed to execute the `name` with the list of data. | ||
If it is allowed, additional information will be returned for each data. If not, NotAllowed | ||
will be thrown providing more information. | ||
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters