Fix in BC with User URL match list

dev-linux
Ivan Maslov 4 years ago
parent 8487d6e485
commit f72b20a490

@ -146,7 +146,8 @@ def UserAccessCheckBefore(inMethod, inRequest):
######################################## ########################################
#Check general before rule (without User domain) #Check general before rule (without User domain)
#Check rules #Check rules
for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []): inRuleMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", [])
for lAccessRuleItem in inRuleMatchURLList:
#Go next execution if flag is false #Go next execution if flag is false
if not lResult: if not lResult:
#Check if Method is identical #Check if Method is identical
@ -178,31 +179,35 @@ def UserAccessCheckBefore(inMethod, inRequest):
#Check access by User Domain #Check access by User Domain
#Check rules to find first appicable #Check rules to find first appicable
#Check rules #Check rules
for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []): lMethodMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", [])
#Go next execution if flag is false if len(lMethodMatchURLList) > 0:
if not lResult: for lAccessRuleItem in lMethodMatchURLList:
#Check if Method is identical #Go next execution if flag is false
if lAccessRuleItem["Method"].upper() == inMethod: if not lResult:
#check Match type variant: BeginWith #Check if Method is identical
if lAccessRuleItem["MatchType"].upper() == "BEGINWITH": if lAccessRuleItem["Method"].upper() == inMethod:
lURLPath = inRequest.path #check Match type variant: BeginWith
lURLPath = lURLPath.upper() if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
if lURLPath.startswith(lAccessRuleItem["URL"].upper()): lURLPath = inRequest.path
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) lURLPath = lURLPath.upper()
#check Match type variant: Contains if lURLPath.startswith(lAccessRuleItem["URL"].upper()):
elif lAccessRuleItem["MatchType"].upper() == "CONTAINS": lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
lURLPath = inRequest.path #check Match type variant: Contains
lURLPath = lURLPath.upper() elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
if lURLPath.contains(lAccessRuleItem["URL"].upper()): lURLPath = inRequest.path
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) lURLPath = lURLPath.upper()
# check Match type variant: Equal if lURLPath.contains(lAccessRuleItem["URL"].upper()):
elif lAccessRuleItem["MatchType"].upper() == "EQUAL": lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
if lAccessRuleItem["URL"].upper() == inRequest.path.upper(): # check Match type variant: Equal
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
# check Match type variant: EqualCase if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
if lAccessRuleItem["URL"] == inRequest.path: # check Match type variant: EqualCase
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict) elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
if lAccessRuleItem["URL"] == inRequest.path:
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
else:
return True
##################################### #####################################
##################################### #####################################
#Return lResult #Return lResult

@ -171,23 +171,12 @@ def UACKeyListCheck(inRequest, inRoleKeyList):
# Update user access # Update user access
def UACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict={}): def UACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict={}):
lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]
if inURLList==[] and lUserTurple not in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]: # Backward compatibility if user is not exist if inURLList is None: inURLList = [] # Check if None
inURLList=[ # Get the old URLList
{ try:
"Method": "GET", inURLList += inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["MethodMatchURLBeforeList"]
"MatchType": "Beginwith", except:
"URL": "/", pass
# "FlagAccessDefRequestGlobalAuthenticate": TestDef
"FlagAccess": True
},
{
"Method": "POST",
"MatchType": "Beginwith",
"URL": "/",
# "FlagAccessDefRequestGlobalAuthenticate": TestDef
"FlagAccess": True
}
]
# Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result. # Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result.
if lUserTurple in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]: if lUserTurple in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]:
lRoleHierarchyAllowedOLDDict = inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"] lRoleHierarchyAllowedOLDDict = inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"]

Loading…
Cancel
Save