Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
565 Commits
11 Branches
116 Tags
20 MiB
Branch: test/readme
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'test/readme'
${ noResults }
python-keycloak/src/keycloak/uma_permissions.py

182 lines
6.4 KiB
Raw Permalink Normal View History

feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
fix: added fixes based on feedback
3 years ago
feat: added UMA-permission request functionality
3 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # The MIT License (MIT)
  4. #
  5. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  6. #
  7. # Permission is hereby granted, free of charge, to any person obtaining a copy of
  8. # this software and associated documentation files (the "Software"), to deal in
  9. # the Software without restriction, including without limitation the rights to
  10. # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
  11. # the Software, and to permit persons to whom the Software is furnished to do so,
  12. # subject to the following conditions:
  13. #
  14. # The above copyright notice and this permission notice shall be included in all
  15. # copies or substantial portions of the Software.
  16. #
  17. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
  19. # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
  20. # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
  21. # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  22. # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  24. from keycloak.exceptions import KeycloakPermissionFormatError, PermissionDefinitionError
  27. class UMAPermission:
  28. """A class to conveniently assembly permissions.
  29. The class itself is callable, and will return the assembled permission.
  31. Usage example:
  33. >>> r = Resource("Users")
  34. >>> s = Scope("delete")
  35. >>> permission = r(s)
  36. >>> print(permission)
  37. 'Users#delete'
  39. """
  41. def __init__(self, permission=None, resource="", scope=""):
  42. self.resource = resource
  43. self.scope = scope
  45. if permission:
  46. if not isinstance(permission, UMAPermission):
  47. raise PermissionDefinitionError(
  48. "can't determine if '{}' is a resource or scope".format(permission)
  49. )
  50. if permission.resource:
  51. self.resource = str(permission.resource)
  52. if permission.scope:
  53. self.scope = str(permission.scope)
  55. def __str__(self):
  56. scope = self.scope
  57. if scope:
  58. scope = "#" + scope
  59. return "{}{}".format(self.resource, scope)
  61. def __eq__(self, __o: object) -> bool:
  62. return str(self) == str(__o)
  64. def __repr__(self) -> str:
  65. return self.__str__()
  67. def __hash__(self) -> int:
  68. return hash(str(self))
  70. def __call__(self, permission=None, resource="", scope="") -> object:
  71. result_resource = self.resource
  72. result_scope = self.scope
  74. if resource:
  75. result_resource = str(resource)
  76. if scope:
  77. result_scope = str(scope)
  79. if permission:
  80. if not isinstance(permission, UMAPermission):
  81. raise PermissionDefinitionError(
  82. "can't determine if '{}' is a resource or scope".format(permission)
  83. )
  84. if permission.resource:
  85. result_resource = str(permission.resource)
  86. if permission.scope:
  87. result_scope = str(permission.scope)
  89. return UMAPermission(resource=result_resource, scope=result_scope)
  92. class Resource(UMAPermission):
  93. """An UMAPermission Resource class to conveniently assembly permissions.
  94. The class itself is callable, and will return the assembled permission.
  95. """
  97. def __init__(self, resource):
  98. super().__init__(resource=resource)
  101. class Scope(UMAPermission):
  102. """An UMAPermission Scope class to conveniently assembly permissions.
  103. The class itself is callable, and will return the assembled permission.
  104. """
  106. def __init__(self, scope):
  107. super().__init__(scope=scope)
  110. class AuthStatus:
  111. """A class that represents the authorization/login status of a user associated with a token.
  112. This has to evaluate to True if and only if the user is properly authorized
  113. for the requested resource."""
  115. def __init__(self, is_logged_in, is_authorized, missing_permissions):
  116. self.is_logged_in = is_logged_in
  117. self.is_authorized = is_authorized
  118. self.missing_permissions = missing_permissions
  120. def __bool__(self):
  121. return self.is_authorized
  123. def __repr__(self):
  124. return (
  125. f"AuthStatus("
  126. f"is_authorized={self.is_authorized}, "
  127. f"is_logged_in={self.is_logged_in}, "
  128. f"missing_permissions={self.missing_permissions})"
  129. )
  132. def build_permission_param(permissions):
  133. """
  134. Transform permissions to a set, so they are usable for requests
  136. :param permissions: either str (resource#scope),
  137. iterable[str] (resource#scope),
  138. dict[str,str] (resource: scope),
  139. dict[str,iterable[str]] (resource: scopes)
  140. :return: result bool
  141. """
  142. if permissions is None or permissions == "":
  143. return set()
  144. if isinstance(permissions, str):
  145. return set((permissions,))
  146. if isinstance(permissions, UMAPermission):
  147. return set((str(permissions),))
  149. try: # treat as dictionary of permissions
  150. result = set()
  151. for resource, scopes in permissions.items():
  152. print(f"resource={resource}scopes={scopes}")
  153. if scopes is None:
  154. result.add(resource)
  155. elif isinstance(scopes, str):
  156. result.add("{}#{}".format(resource, scopes))
  157. else:
  158. try:
  159. for scope in scopes:
  160. if not isinstance(scope, str):
  161. raise KeycloakPermissionFormatError(
  162. "misbuilt permission {}".format(permissions)
  163. )
  164. result.add("{}#{}".format(resource, scope))
  165. except TypeError:
  166. raise KeycloakPermissionFormatError(
  167. "misbuilt permission {}".format(permissions)
  168. )
  169. return result
  170. except AttributeError:
  171. pass
  173. try: # treat as any other iterable of permissions
  174. result = set()
  175. for permission in permissions:
  176. if not isinstance(permission, (str, UMAPermission)):
  177. raise KeycloakPermissionFormatError("misbuilt permission {}".format(permissions))
  178. result.add(str(permission))
  179. return result
  180. except TypeError:
  181. pass
  182. raise KeycloakPermissionFormatError("misbuilt permission {}".format(permissions))