magpie.adapter.magpieowssecurity

Module Contents

Attributes

LOGGER

magpie.adapter.magpieowssecurity.LOGGER[source]
class magpie.adapter.magpieowssecurity.MagpieOWSSecurity(request)[source]

Bases: twitcher.owssecurity.OWSSecurityInterface

_get_service_cached(self: magpie.typedefs.Str, service_name)Tuple[magpie.services.ServiceInterface, Dict[str, magpie.typedefs.AnyValue]][source]

Cache this method with beaker based on the provided caching key parameters.

If the cache is not hit (expired timeout or new key entry), calls get_service() to retrieve the actual ServiceInterface implementation. Otherwise, returns the cached service to avoid SQL queries.

Note

Function arguments are required to generate caching keys by which cached elements will be retrieved.

See also

get_service(self: pyramid.request.Request, request)magpie.services.ServiceInterface[source]

Obtains the service referenced by the request.

Caching is automatically handled according to configured application settings and whether the specific service name being requested was already processed recently and not expired.

check_request(self: pyramid.request.Request, request)Optional[NoReturn][source]

Verifies if the request user has access to the targeted resource according to parent service and permissions.

If the request path corresponds to configured Twitcher proxy, evaluate the ACL. Otherwise, ignore request access validation.

In the case Twitcher proxy path is matched, the Logged User MUST be allowed access following Effective Permissions resolution via ACL. Otherwise, :exception:`OWSForbidden` is raised. Failing to parse the request or any underlying component also raises that exception.

Raises

OWSForbidden – if user does not have access to the targeted resource under the service.

Returns

nothing if user has access.

update_request_cookies(self, request)[source]

Ensure login of the user and update the request cookies if Twitcher is in a special configuration.

Only update if MAGPIE_COOKIE_NAME is missing and is retrievable from access_token field within the Authorization header. Counter-validate the login procedure by calling Magpie’s /session which should indicate if there is a logged user.