This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/core/views/access.py

37 lines
1.4 KiB
Python

"""passbook access helper classes"""
from typing import List, Tuple
from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
from structlog import get_logger
from passbook.core.models import Application, Provider, User
from passbook.policy.engine import PolicyEngine
LOGGER = get_logger()
class AccessMixin:
"""Mixin class for usage in Authorization views.
Provider functions to check application access, etc"""
# request is set by view but since this Mixin has no base class
request: HttpRequest = None
def provider_to_application(self, provider: Provider) -> Application:
"""Lookup application assigned to provider, throw error if no application assigned"""
try:
return provider.application
except Application.DoesNotExist as exc:
messages.error(self.request, _('Provider "%(name)s" has no application assigned' % {
'name': provider
}))
raise exc
def user_has_access(self, application: Application, user: User) -> Tuple[bool, List[str]]:
"""Check if user has access to application."""
LOGGER.debug("Checking permissions", user=user, application=application)
policy_engine = PolicyEngine(application.policies.all())
policy_engine.for_user(user).with_request(self.request).build()
return policy_engine.result