PyLink/coremods/permissions.py

"""
permissions.py - Permissions Abstraction for PyLink IRC Services.
"""

from collections import defaultdict
import threading

# Global variables: these store mappings of hostmasks/exttargets to lists of permissions each target has.
default_permissions = defaultdict(set)

from pylinkirc import conf, utils
from pylinkirc.log import log

def add_default_permissions(perms):
    """Adds default permissions to the index."""
    global default_permissions
    for target, permlist in perms.items():
        default_permissions[target] |= set(permlist)
addDefaultPermissions = add_default_permissions

def remove_default_permissions(perms):
    """Remove default permissions from the index."""
    global default_permissions
    for target, permlist in perms.items():
        default_permissions[target] -= set(permlist)
removeDefaultPermissions = remove_default_permissions

def check_permissions(irc, uid, perms, also_show=[]):
    """
    Checks permissions of the caller. If the caller has any of the permissions listed in perms,
    this function returns True. Otherwise, NotAuthorizedError is raised.
    """
    # For old (< 1.1 login blocks):
    # If the user is logged in, they automatically have all permissions.
    olduser = conf.conf['login'].get('user')
    if olduser and irc.match_host('$pylinkacc:%s' % olduser, uid):
        log.debug('permissions: overriding permissions check for old-style admin user %s',
                  irc.get_hostmask(uid))
        return True

    permissions = defaultdict(set)
    # Enumerate the configured permissions list.
    for k, v in (conf.conf.get('permissions') or {}).items():
        permissions[k] |= set(v)

    # Merge in default permissions if enabled.
    if conf.conf.get('permissions_merge_defaults', True):
        for k, v in default_permissions.items():
            permissions[k] |= v

    for host, permlist in permissions.items():
        log.debug('permissions: permlist for %s: %s', host, permlist)
        if irc.match_host(host, uid):
            # Now, iterate over all the perms we are looking for.
            for perm in permlist:
                # Use irc.match_host to expand globs in an IRC-case insensitive and wildcard
                # friendly way. e.g. 'xyz.*.#Channel\' will match 'xyz.manage.#channel|' on IRCds
                # using the RFC1459 casemapping.
                log.debug('permissions: checking if %s glob matches anything in %s', perm, permlist)
                if any(irc.match_host(perm, p) for p in perms):
                    return True
    raise utils.NotAuthorizedError("You are missing one of the following permissions: %s" %
                                   (', '.join(perms+also_show)))
checkPermissions = check_permissions