authentik/passbook/core/views/access.py

44 lines
1.5 KiB
Python
Raw Normal View History

"""passbook access helper classes"""
from typing import List, Tuple
from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
2019-10-01 09:24:10 +01:00
from structlog import get_logger
2018-12-09 20:07:38 +00:00
from passbook.core.models import Application, Provider, User
2019-10-07 15:33:48 +01:00
from passbook.policies.engine import PolicyEngine
2018-12-09 20:07:38 +00:00
LOGGER = get_logger()
2019-12-31 11:51:16 +00:00
class AccessMixin:
"""Mixin class for usage in Authorization views.
Provider functions to check application access, etc"""
# request is set by view but since this Mixin has no base class
request: HttpRequest = None
def provider_to_application(self, provider: Provider) -> Application:
"""Lookup application assigned to provider, throw error if no application assigned"""
2018-12-09 20:07:38 +00:00
try:
return provider.application
except Application.DoesNotExist as exc:
2019-12-31 11:51:16 +00:00
messages.error(
self.request,
_(
'Provider "%(name)s" has no application assigned'
% {"name": provider}
),
)
raise exc
2019-12-31 11:51:16 +00:00
def user_has_access(
self, application: Application, user: User
) -> Tuple[bool, List[str]]:
"""Check if user has access to application."""
LOGGER.debug("Checking permissions", user=user, application=application)
policy_engine = PolicyEngine(application.policies.all(), user, self.request)
policy_engine.build()
2019-03-12 09:56:01 +00:00
return policy_engine.result