magpie.adapter.magpieowssecurity
¶
Module Contents¶
Classes¶
Attributes¶
-
class
magpie.adapter.magpieowssecurity.
MagpieOWSSecurity
(request)[source]¶ Bases:
twitcher.owssecurity.OWSSecurityInterface
-
_get_service_cached
(self: magpie.typedefs.Str, service_name) → Tuple[magpie.services.ServiceInterface, Dict[str, magpie.typedefs.AnyValue]][source]¶ Cache this method with
beaker
based on the provided caching key parameters.If the cache is not hit (expired timeout or new key entry), calls
get_service()
to retrieve the actualServiceInterface
implementation. Otherwise, returns the cached service to avoid SQL queries.Note
Function arguments are required to generate caching keys by which cached elements will be retrieved.
-
get_service
(self: pyramid.request.Request, request) → magpie.services.ServiceInterface[source]¶ Obtains the service referenced by the request.
Caching is automatically handled according to configured application settings and whether the specific service name being requested was already processed recently and not expired.
-
check_request
(self: pyramid.request.Request, request) → Optional[NoReturn][source]¶ Verifies if the request user has access to the targeted resource according to parent service and permissions.
If the request path corresponds to configured Twitcher proxy, evaluate the ACL. Otherwise, ignore request access validation.
In the case Twitcher proxy path is matched, the Logged User MUST be allowed access following Effective Permissions resolution via ACL. Otherwise, :exception:`OWSForbidden` is raised. Failing to parse the request or any underlying component also raises that exception.
- Raises
OWSForbidden – if user does not have access to the targeted resource under the service.
- Returns
nothing if user has access.
Ensure login of the user and update the request cookies if Twitcher is in a special configuration.
Only update if
MAGPIE_COOKIE_NAME
is missing and is retrievable fromaccess_token
field within theAuthorization
header. Counter-validate the login procedure by calling Magpie’s/session
which should indicate if there is a logged user.
-