From f72b20a490cacde50a805d710681b9de2550ec45 Mon Sep 17 00:00:00 2001 From: Ivan Maslov Date: Tue, 15 Dec 2020 15:43:50 +0300 Subject: [PATCH] Fix in BC with User URL match list --- Sources/pyOpenRPA/Orchestrator/Server.py | 57 ++++++++++--------- .../Orchestrator/__Orchestrator__.py | 23 ++------ 2 files changed, 37 insertions(+), 43 deletions(-) diff --git a/Sources/pyOpenRPA/Orchestrator/Server.py b/Sources/pyOpenRPA/Orchestrator/Server.py index 0c52e659..d17a82f5 100644 --- a/Sources/pyOpenRPA/Orchestrator/Server.py +++ b/Sources/pyOpenRPA/Orchestrator/Server.py @@ -146,7 +146,8 @@ def UserAccessCheckBefore(inMethod, inRequest): ######################################## #Check general before rule (without User domain) #Check rules - for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []): + inRuleMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []) + for lAccessRuleItem in inRuleMatchURLList: #Go next execution if flag is false if not lResult: #Check if Method is identical @@ -178,31 +179,35 @@ def UserAccessCheckBefore(inMethod, inRequest): #Check access by User Domain #Check rules to find first appicable #Check rules - for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []): - #Go next execution if flag is false - if not lResult: - #Check if Method is identical - if lAccessRuleItem["Method"].upper() == inMethod: - #check Match type variant: BeginWith - if lAccessRuleItem["MatchType"].upper() == "BEGINWITH": - lURLPath = inRequest.path - lURLPath = lURLPath.upper() - if lURLPath.startswith(lAccessRuleItem["URL"].upper()): - lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) - #check Match type variant: Contains - elif lAccessRuleItem["MatchType"].upper() == "CONTAINS": - lURLPath = inRequest.path - lURLPath = lURLPath.upper() - if lURLPath.contains(lAccessRuleItem["URL"].upper()): - lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) - # check Match type variant: Equal - elif lAccessRuleItem["MatchType"].upper() == "EQUAL": - if lAccessRuleItem["URL"].upper() == inRequest.path.upper(): - lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) - # check Match type variant: EqualCase - elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": - if lAccessRuleItem["URL"] == inRequest.path: - lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) + lMethodMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []) + if len(lMethodMatchURLList) > 0: + for lAccessRuleItem in lMethodMatchURLList: + #Go next execution if flag is false + if not lResult: + #Check if Method is identical + if lAccessRuleItem["Method"].upper() == inMethod: + #check Match type variant: BeginWith + if lAccessRuleItem["MatchType"].upper() == "BEGINWITH": + lURLPath = inRequest.path + lURLPath = lURLPath.upper() + if lURLPath.startswith(lAccessRuleItem["URL"].upper()): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) + #check Match type variant: Contains + elif lAccessRuleItem["MatchType"].upper() == "CONTAINS": + lURLPath = inRequest.path + lURLPath = lURLPath.upper() + if lURLPath.contains(lAccessRuleItem["URL"].upper()): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) + # check Match type variant: Equal + elif lAccessRuleItem["MatchType"].upper() == "EQUAL": + if lAccessRuleItem["URL"].upper() == inRequest.path.upper(): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) + # check Match type variant: EqualCase + elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": + if lAccessRuleItem["URL"] == inRequest.path: + lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) + else: + return True ##################################### ##################################### #Return lResult diff --git a/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py b/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py index bd44f5c6..055d7f42 100644 --- a/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py +++ b/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py @@ -171,23 +171,12 @@ def UACKeyListCheck(inRequest, inRoleKeyList): # Update user access def UACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict={}): lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] - if inURLList==[] and lUserTurple not in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]: # Backward compatibility if user is not exist - inURLList=[ - { - "Method": "GET", - "MatchType": "Beginwith", - "URL": "/", - # "FlagAccessDefRequestGlobalAuthenticate": TestDef - "FlagAccess": True - }, - { - "Method": "POST", - "MatchType": "Beginwith", - "URL": "/", - # "FlagAccessDefRequestGlobalAuthenticate": TestDef - "FlagAccess": True - } - ] + if inURLList is None: inURLList = [] # Check if None + # Get the old URLList + try: + inURLList += inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["MethodMatchURLBeforeList"] + except: + pass # Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result. if lUserTurple in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]: lRoleHierarchyAllowedOLDDict = inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"]