lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Add a simple permission audit script

Browse Source
master
Pierre Jaury 8 years ago
parent f8dcef22ef
commit c1f9b61dac
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File

43
admin/audit.py
Unescape Escape View File

@ -0,0 +1,43 @@
from freeposte import app
import sys
import tabulate
# Known endpoints without permissions
known_missing_permissions = [
"index",
"static", "bootstrap.static",
"admin.static", "admin.login"
]
# Compute the permission table
missing_permissions = []
permissions = {}
for endpoint, function in app.view_functions.items():
audit = function.__dict__.get("_audit_permissions")
if audit:
handler, args = audit
if args:
model = args[0].__name__
key = args[1]
else:
model = key = None
permissions[endpoint] = [endpoint, handler.__name__, model, key]
elif endpoint not in known_missing_permissions:
missing_permissions.append(endpoint)
# Fail if any endpoint is missing a permission check
if missing_permissions:
print("The following endpoints are missing permission checks:")
print(missing_permissions.join(","))
sys.exit(1)
# Display the permissions table
print(tabulate.tabulate([
[route, *permissions[route.endpoint]]
for route in app.url_map.iter_rules() if route.endpoint in permissions
]))

2
admin/freeposte/admin/access.py
Unescape Escape View File

@ -25,6 +25,7 @@ def permissions_wrapper(handler):
@functools.wraps(function) @functools.wraps(function)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
return callback(function, args, kwargs, dargs, dkwargs) return callback(function, args, kwargs, dargs, dkwargs)
wrapper._audit_permissions = handler, dargs
return flask_login.login_required(wrapper) return flask_login.login_required(wrapper)
return inner return inner
else: else:
@ -32,6 +33,7 @@ def permissions_wrapper(handler):
@functools.wraps(function) @functools.wraps(function)
def wrapper(*args, **kwargs): def wrapper(*args, **kwargs):
return callback(function, args, kwargs, (), {}) return callback(function, args, kwargs, (), {})
wrapper._audit_permissions = handler, []
return flask_login.login_required(wrapper) return flask_login.login_required(wrapper)
return decorator return decorator

1
admin/requirements.txt
Unescape Escape View File

@ -10,3 +10,4 @@ PyOpenSSL
passlib passlib
gunicorn gunicorn
docker-py docker-py
tabulate

Write Preview
Loading…
Cancel
Save