Source Code for Module buildbot.status.web.authz

 1  from buildbot.status.web.auth import IAuth 
 2   
 3 -class Authz(object): 
 4      """Decide who can do what.""" 
 5   
 6      knownActions = [ 
 7      # If you add a new action here, be sure to also update the documentation 
 8      # at docs/cfg-statustargets.texinfo 
 9              'gracefulShutdown', 
10              'forceBuild', 
11              'forceAllBuilds', 
12              'pingBuilder', 
13              'stopBuild', 
14              'stopAllBuilds', 
15              'cancelPendingBuild', 
16              'cleanShutdown', 
17      ] 
18   
19 -    def __init__(self, 
20              default_action=False, 
21              auth=None, 
22              **kwargs): 
23          self.auth = auth 
24          if auth: 
25              assert IAuth.providedBy(auth) 
26   
27          self.config = dict( (a, default_action) for a in self.knownActions ) 
28          for act in self.knownActions: 
29              if act in kwargs: 
30                  self.config[act] = kwargs[act] 
31                  del kwargs[act] 
32   
33          if kwargs: 
34              raise ValueError("unknown authorization action(s) " + ", ".join(kwargs.keys())) 
35   
36 -    def advertiseAction(self, action): 
37          """Should the web interface even show the form for ACTION?""" 
38          if action not in self.knownActions: 
39              raise KeyError("unknown action") 
40          cfg = self.config.get(action, False) 
41          if cfg: 
42              return True 
43          return False 
44   
45 -    def needAuthForm(self, action): 
46          """Does this action require an authentication form?""" 
47          if action not in self.knownActions: 
48              raise KeyError("unknown action") 
49          cfg = self.config.get(action, False) 
50          if cfg == 'auth' or callable(cfg): 
51              return True 
52          return False 
53   
54 -    def actionAllowed(self, action, request, *args): 
55          """Is this ACTION allowed, given this http REQUEST?""" 
56          if action not in self.knownActions: 
57              raise KeyError("unknown action") 
58          cfg = self.config.get(action, False) 
59          if cfg: 
60              if cfg == 'auth' or callable(cfg): 
61                  if not self.auth: 
62                      return False 
63                  user = request.args.get("username", ["<unknown>"])[0] 
64                  passwd = request.args.get("passwd", ["<no-password>"])[0] 
65                  if user == "<unknown>" or passwd == "<no-password>": 
66                      return False 
67                  if self.auth.authenticate(user, passwd): 
68                      if callable(cfg) and not cfg(user, *args): 
69                          return False 
70                      return True 
71                  return False 
72              else: 
73                  return True # anyone can do this.. 
74