diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
commit | 19fcec84d8d7d21e796c7624e521b60d28ee21ed (patch) | |
tree | 42d26aa27d1e3f7c0b8bd3fd14e7d7082f5008dc /src/pybind/mgr/dashboard/controllers/_permissions.py | |
parent | Initial commit. (diff) | |
download | ceph-upstream.tar.xz ceph-upstream.zip |
Adding upstream version 16.2.11+ds.upstream/16.2.11+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/pybind/mgr/dashboard/controllers/_permissions.py')
-rw-r--r-- | src/pybind/mgr/dashboard/controllers/_permissions.py | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/pybind/mgr/dashboard/controllers/_permissions.py b/src/pybind/mgr/dashboard/controllers/_permissions.py new file mode 100644 index 000000000..eb190c9a9 --- /dev/null +++ b/src/pybind/mgr/dashboard/controllers/_permissions.py @@ -0,0 +1,60 @@ +""" +Role-based access permissions decorators +""" +import logging + +from ..exceptions import PermissionNotValid +from ..security import Permission + +logger = logging.getLogger(__name__) + + +def _set_func_permissions(func, permissions): + if not isinstance(permissions, list): + permissions = [permissions] + + for perm in permissions: + if not Permission.valid_permission(perm): + logger.debug("Invalid security permission: %s\n " + "Possible values: %s", perm, + Permission.all_permissions()) + raise PermissionNotValid(perm) + + # pylint: disable=protected-access + if not hasattr(func, '_security_permissions'): + func._security_permissions = permissions + else: + permissions.extend(func._security_permissions) + func._security_permissions = list(set(permissions)) + + +def ReadPermission(func): # noqa: N802 + """ + :raises PermissionNotValid: If the permission is missing. + """ + _set_func_permissions(func, Permission.READ) + return func + + +def CreatePermission(func): # noqa: N802 + """ + :raises PermissionNotValid: If the permission is missing. + """ + _set_func_permissions(func, Permission.CREATE) + return func + + +def DeletePermission(func): # noqa: N802 + """ + :raises PermissionNotValid: If the permission is missing. + """ + _set_func_permissions(func, Permission.DELETE) + return func + + +def UpdatePermission(func): # noqa: N802 + """ + :raises PermissionNotValid: If the permission is missing. + """ + _set_func_permissions(func, Permission.UPDATE) + return func |