WIP Permissions API (#190)

2024-11-27 13:09:23 +01:00 · 2016-08-25 00:45:05 -07:00 · 2016-08-25 00:45:05 -07:00 · 91e39b7df9
commit 91e39b7df9
parent 5908776a86
2 changed files with 66 additions and 2 deletions
--- a/coremods/init.py
+++ b/coremods/init.py
@ -1,2 +1,3 @@
-# Service support has to be imported first, so that utils.add_cmd works
+# Note: Service support has to be imported first, so that utils.add_cmd() works for corecommands,
-from . import service_support, control, handlers, corecommands, exttargets
+# etc.
 from . import service_support, control, handlers, corecommands, exttargets, permissions
--- a/coremods/permissions.py
+++ b/coremods/permissions.py
@ -0,0 +1,63 @@
 """
 permissions.py - Permissions Abstraction for PyLink IRC Services.
 """
 from collections import defaultdict
 import threading
 # Global variables: these store mappings of hostmasks/exttargets to lists of permissions each target has.
 default_permissions = defaultdict(set)
 permissions = defaultdict(set)
 # Only allow one thread to change the permissions index at once.
 permissions_lock = threading.Lock()
 from pylinkirc import conf, utils
 from pylinkirc.log import log
 def resetPermissions():
    """
    Loads the permissions specified in the permissions: block of the PyLink configuration,
    if such a block exists. Otherwise, fallback to the default permissions specified by plugins.
    """
    with permissions_lock:
        global permissions
        log.debug('permissions.resetPermissions: old perm list: %s', permissions)
        permissions = conf.conf.get('permissions', default_permissions)
        log.debug('permissions.resetPermissions: new perm list: %s', permissions)
 def addDefaultPermissions(perms):
    """Adds default permissions to the index."""
    with permissions_lock:
        global permissions
        for target, permlist in perms.items():
            permissions[target] |= permlist
 def removeDefaultPermissions(perms):
    """Remove default permissions from the index."""
    with permissions_lock:
        global permissions
        for target, permlist in perms.items():
            permissions[target] -= permlist
 def checkPermissions(irc, uid, perms):
    """
    Checks permissions of the caller. If the caller has any of the permissions listed in perms,
    this function returns True. Otherwise, NotAuthorizedError is raised.
    """
    # Iterate over all hostmask->permission list mappings.
    for host, permlist in permissions.copy().items():
        if irc.matchHost(host, uid):
            # Now, iterate over all the perms we are looking for.
            for perm in perms:
                # Use irc.matchHost to expand globs in an IRC-case insensitive and wildcard
                # friendly way. e.g. 'xyz.*.#Channel\' will match 'xyz.manage.#channel|' on IRCds
                # using the RFC1459 casemapping.
                if any(irc.matchHost(perm, p) for p in permlist):
                    return True
    raise utils.NotAuthorizedError("You are missing one of the following permissions: %s" %
                                      (', '.join(perms)))
 # This is called on first import.
 resetPermissions()