Revision 17629fea
b/pithos/backends/simple.py | ||
---|---|---|
205 | 205 |
|
206 | 206 |
logger.debug("list_containers: %s %s %s %s", account, marker, limit, until) |
207 | 207 |
if user != account: |
208 |
raise NotAllowedError |
|
208 |
if until: |
|
209 |
raise NotAllowedError |
|
210 |
containers = self._allowed_containers(user, account) |
|
211 |
start = 0 |
|
212 |
if marker: |
|
213 |
try: |
|
214 |
start = containers.index(marker) + 1 |
|
215 |
except ValueError: |
|
216 |
pass |
|
217 |
if not limit or limit > 10000: |
|
218 |
limit = 10000 |
|
219 |
return containers[start:start + limit] |
|
209 | 220 |
return self._list_objects(account, '', '/', marker, limit, False, [], until) |
210 | 221 |
|
211 | 222 |
def get_container_meta(self, user, account, container, until=None): |
... | ... | |
757 | 768 |
sql = 'delete from groups where account = ?' |
758 | 769 |
self.con.execute(sql, (account,)) |
759 | 770 |
|
760 |
def _is_allowed(self, user, account, container, name, op='read'): |
|
761 |
if user == account: |
|
762 |
return True |
|
763 |
path = os.path.join(account, container, name) |
|
764 |
if op == 'read' and self._get_public(path): |
|
765 |
return True |
|
766 |
perm_path, perms = self._get_permissions(path) |
|
767 |
|
|
768 |
# Expand groups. |
|
769 |
for x in ('read', 'write'): |
|
770 |
g_perms = set() |
|
771 |
for y in perms.get(x, []): |
|
772 |
if ':' in y: |
|
773 |
g_account, g_name = y.split(':', 1) |
|
774 |
groups = self._get_groups(g_account) |
|
775 |
if g_name in groups: |
|
776 |
g_perms.update(groups[g_name]) |
|
777 |
else: |
|
778 |
g_perms.add(y) |
|
779 |
perms[x] = g_perms |
|
780 |
|
|
781 |
if op == 'read' and ('*' in perms['read'] or user in perms['read']): |
|
782 |
return True |
|
783 |
if '*' in perms['write'] or user in perms['write']: |
|
784 |
return True |
|
785 |
return False |
|
786 |
|
|
787 |
def _can_read(self, user, account, container, name): |
|
788 |
if not self._is_allowed(user, account, container, name, 'read'): |
|
789 |
raise NotAllowedError |
|
790 |
|
|
791 |
def _can_write(self, user, account, container, name): |
|
792 |
if not self._is_allowed(user, account, container, name, 'write'): |
|
793 |
raise NotAllowedError |
|
794 |
|
|
795 | 771 |
def _check_permissions(self, path, permissions): |
796 | 772 |
# Check for existing permissions. |
797 | 773 |
sql = '''select name from permissions |
... | ... | |
860 | 836 |
sql = 'delete from public where name = ?' |
861 | 837 |
self.con.execute(sql, (path,)) |
862 | 838 |
self.con.commit() |
839 |
|
|
840 |
def _is_allowed(self, user, account, container, name, op='read'): |
|
841 |
if user == account: |
|
842 |
return True |
|
843 |
path = os.path.join(account, container, name) |
|
844 |
if op == 'read' and self._get_public(path): |
|
845 |
return True |
|
846 |
perm_path, perms = self._get_permissions(path) |
|
847 |
|
|
848 |
# Expand groups. |
|
849 |
for x in ('read', 'write'): |
|
850 |
g_perms = set() |
|
851 |
for y in perms.get(x, []): |
|
852 |
if ':' in y: |
|
853 |
g_account, g_name = y.split(':', 1) |
|
854 |
groups = self._get_groups(g_account) |
|
855 |
if g_name in groups: |
|
856 |
g_perms.update(groups[g_name]) |
|
857 |
else: |
|
858 |
g_perms.add(y) |
|
859 |
perms[x] = g_perms |
|
860 |
|
|
861 |
if op == 'read' and ('*' in perms['read'] or user in perms['read']): |
|
862 |
return True |
|
863 |
if '*' in perms['write'] or user in perms['write']: |
|
864 |
return True |
|
865 |
return False |
|
866 |
|
|
867 |
def _can_read(self, user, account, container, name): |
|
868 |
if not self._is_allowed(user, account, container, name, 'read'): |
|
869 |
raise NotAllowedError |
|
870 |
|
|
871 |
def _can_write(self, user, account, container, name): |
|
872 |
if not self._is_allowed(user, account, container, name, 'write'): |
|
873 |
raise NotAllowedError |
|
874 |
|
|
875 |
def _allowed_paths(self, user, prefix=None): |
|
876 |
sql = '''select distinct name from permissions where (user = ? |
|
877 |
or user in (select account || ':' || gname from groups where user = ?))''' |
|
878 |
param = (user, user) |
|
879 |
if prefix: |
|
880 |
sql += ' and name like ?' |
|
881 |
param += (prefix + '/%',) |
|
882 |
c = self.con.execute(sql, param) |
|
883 |
return [x[0] for x in c.fetchall()] |
|
884 |
|
|
885 |
def _allowed_accounts(self, user): |
|
886 |
allow = set() |
|
887 |
for path in self._allowed_paths(user): |
|
888 |
allow.add(path.split('/', 1)[0]) |
|
889 |
return sorted(allow) |
|
890 |
|
|
891 |
def _allowed_containers(self, user, account): |
|
892 |
allow = set() |
|
893 |
for path in self._allowed_paths(user, account): |
|
894 |
allow.add(path.split('/', 2)[1]) |
|
895 |
return sorted(allow) |
Also available in: Unified diff