magpie.adapter.magpieowssecurity¶
Attributes¶
Classes¶
Module Contents¶
- class magpie.adapter.magpieowssecurity.MagpieOWSSecurity(container: magpie.typedefs.AnySettingsContainer)[source]¶
Bases:
twitcher.interface.OWSSecurityInterface
- _get_service_cached(service_name: magpie.typedefs.Str, request_uuid: uuid.UUID) Tuple[magpie.services.ServiceInterface, Dict[str, magpie.typedefs.AnyValue]] [source]¶
Cache this method with
beaker
based on the provided caching key parameters.If the cache is not hit (expired timeout or new key entry), calls
service_factory()
to retrieve the actualServiceInterface
implementation. Otherwise, returns the cached service to avoid SQL queries.Note
Function arguments are required to generate caching keys by which cached elements will be retrieved. Those arguments must be serializable to generate the cache key (i.e.: cannot pass a
Request
object that contains session and other unserializable/circular references).
- get_service(request: pyramid.request.Request) magpie.services.ServiceInterface [source]¶
Obtains the service referenced by the request.
Caching is automatically handled according to configured application settings and whether the specific service name being requested was already processed recently and not expired.
- verify_request(request: pyramid.request.Request) bool [source]¶
Verify that the service request is allowed.
Added in version 3.18: Available only in
Twitcher >= 0.6.x
.
- check_request(request: pyramid.request.Request) None [source]¶
Verifies if the request user has access to the targeted resource according to parent service and permissions.
If the request path corresponds to configured Twitcher proxy, evaluate the ACL. Otherwise, ignore request access validation.
In the case Twitcher proxy path is matched, the Logged User MUST be allowed access following Effective Permissions resolution via ACL. Otherwise, :exception:`OWSAccessForbidden` is raised.
Failing to parse the request or any underlying component that raises an exception will be left up to the parent caller to handle the exception. In most typical use case, this means Twitcher will raise a generic :exception:`OWSException` with
NoApplicableCode
, unless the exception was more specifically handled.- Raises:
OWSAccessForbidden – If the user does not have access to the targeted resource under the service.
HTTPBadRequest – If a request parsing error was detected when trying to resolve the permission based on the service/resource.
Exception – Any derived exception that was not explicitly handled is re-raised directly after logging the event.
- Returns:
Nothing if user has access.
- update_request_cookies(request: pyramid.request.Request) None [source]¶
Ensure login of the user and update the request cookies if Twitcher is in a special configuration.
Only update if
MAGPIE_COOKIE_NAME
is missing and is retrievable fromaccess_token
field within theAuthorization
header. Counter-validate the login procedure by calling Magpie’s/session
which should indicate if there is a logged user.