1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# Copyright (C) 2015 Custodia Project Contributors - see LICENSE file
import os
class HTTPAuthorizer(object):
def __init__(self, config=None):
self.config = config
self.store_name = None
if self.config and 'store' in self.config:
self.store_name = self.config['store']
self.store = None
def handle(self, request):
raise NotImplementedError
class SimplePathAuthz(HTTPAuthorizer):
def __init__(self, config=None):
super(SimplePathAuthz, self).__init__(config)
self.paths = []
if 'paths' in self.config:
self.paths = self.config['paths'].split()
def handle(self, request):
path = request.get('path', '')
# if an authorized path does not end in /
# check if it matches fullpath for strict match
for authz in self.paths:
if authz.endswith('/'):
continue
if authz.endswith('.'):
# special case to match a path ending in /
authz = authz[:-1]
if authz == path:
return True
while path != '':
if path in self.paths:
return True
if path == '/':
path = ''
else:
path, _ = os.path.split(path)
return None
class UserNameSpace(HTTPAuthorizer):
def __init__(self, *args, **kwargs):
super(UserNameSpace, self).__init__(*args, **kwargs)
self.path = self.config.get('path', '/')
def handle(self, request):
# Only check if we are in the right (sub)path
path = request.get('path', '/')
if not path.startswith(self.path):
return None
name = request.get('remote_user', None)
if name is None:
# UserNameSpace requires a user ...
return False
namespace = self.path.rstrip('/') + '/' + name + '/'
if not path.startswith(namespace):
# Not in the namespace
return False
request['default_namespace'] = name
return True
|