Skip to content

Instantly share code, notes, and snippets.

@ionelmc

ionelmc/aspectlib-perm-example.rst

Last active January 27, 2016 18:45
Show Gist options
  • Save ionelmc/f6721ba55b3faa4f39a4 to your computer and use it in GitHub Desktop.
Save ionelmc/f6721ba55b3faa4f39a4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aspectlib-perm-example.rst 
Python 3.5.1 (default, Dec 18 2015, 00:00:00)
[GCC 4.8.4] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
    def delete(self, *, stuff_id, user):
        user.objects.remove(stuff_id)
    def change(self, *, stuff_id, params, user):
        pass

class User(object):
    def __init__(self, is_authenticated=False):
        self.is_authenticated = is_authenticated
        self.objects = []

class PermissionError(Exception):
    pass
>>>
    print("Checking perms on behalf of {}'s {} for arguments {}".format(controller, cutpoint, kwargs))
    user = kwargs['user']
    if user.is_authenticated:
>>> class StuffController(object):
...     def create(self, *, params, user):
...         stuff_id = os.urandom(16)
...         user.objects.append(stuff_id)
...         return stuff_id
...     def delete(self, *, stuff_id, user):
...         user.objects.remove(stuff_id)
...     def change(self, *, stuff_id, params, user):
...         pass
...
>>> class User(object):
...     def __init__(self, is_authenticated=False):
...         self.is_authenticated = is_authenticated
...         self.objects = []
...
>>> class PermissionError(Exception):
...     pass
...
>>> from aspectlib import Aspect, weave
>>>
>>> @Aspect(bind=True)
... def check_perms(cutpoint, controller, **kwargs):
...     print("Checking perms on behalf of {}'s {} for arguments {}".format(controller, cutpoint, kwargs))
...     user = kwargs['user']
...     if user.is_authenticated:
...         if 'stuff_id' in kwargs:
...             print(kwargs['stuff_id'] in user.objects)
...             if kwargs['stuff_id'] in user.objects:
...                 yield
...             else:
...                 raise PermissionError("User don't own {stuff_id}".format(**kwargs))
...         else:
...             yield
...     else:
...         raise PermissionError("User ain't authenticated")
...
>>> weave(StuffController, check_perms)
<aspectlib.Rollback object at 0x7fdd4f74e528>
>>>
>>> controller = StuffController()
>>> controller.create(user=User())
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.create at 0x7fdd50114bf8> for arguments {'user': <__main__.User object at 0x7fdd5012b3c8>}
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/aspectlib/__init__.py", line 256, in advising_function_wrapper
    advice = next(advisor)
  File "<stdin>", line 15, in check_perms
__main__.PermissionError: User ain't authenticated
>>> johnny = User(is_authenticated=True)
>>> abc_id = controller.create(params="abc", user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.create at 0x7fdd50114bf8> for arguments {'user': <__main__.User object at 0x7fdd5012b780>, 'params': 'abc'}
>>> controller.delete(stuff_id=123, user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.delete at 0x7fdd50114c80> for arguments {'stuff_id': 123, 'user': <__main__.User object at 0x7fdd5012b780>}
False
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/aspectlib/__init__.py", line 256, in advising_function_wrapper
    advice = next(advisor)
  File "<stdin>", line 11, in check_perms
__main__.PermissionError: User don't own 123
>>> controller.change(stuff_id=123, params="abc", user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.change at 0x7fdd50114d08> for arguments {'stuff_id': 123, 'user': <__main__.User object at 0x7fdd5012b780>, 'params': 'abc'}
False
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/aspectlib/__init__.py", line 256, in advising_function_wrapper
    advice = next(advisor)
  File "<stdin>", line 11, in check_perms
__main__.PermissionError: User don't own 123
>>> controller.change(stuff_id=abc_id, params="foo", user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.change at 0x7fdd50114d08> for arguments {'stuff_id': b'\xcf\xee\xe0TH1\r\xe7\x92\xee {S\x18zq', 'user': <__main__.User object at 0x7fdd5012b780>, 'params': 'foo'}
True
>>> controller.delete(stuff_id=abc_id, user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.delete at 0x7fdd50114c80> for arguments {'stuff_id': b'\xcf\xee\xe0TH1\r\xe7\x92\xee {S\x18zq', 'user': <__main__.User object at 0x7fdd5012b780>}
True
>>> controller.delete(stuff_id=abc_id, user=johnny)
Checking perms on behalf of <__main__.StuffController object at 0x7fdd5012b6a0>'s <function StuffController.delete at 0x7fdd50114c80> for arguments {'stuff_id': b'\xcf\xee\xe0TH1\r\xe7\x92\xee {S\x18zq', 'user': <__main__.User object at 0x7fdd5012b780>}
False
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/aspectlib/__init__.py", line 256, in advising_function_wrapper
    advice = next(advisor)
  File "<stdin>", line 11, in check_perms
__main__.PermissionError: User don't own b'\xcf\xee\xe0TH1\r\xe7\x92\xee {S\x18zq'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment