Add a simple permission audit script

master
Pierre Jaury 8 years ago
parent f8dcef22ef
commit c1f9b61dac

@ -0,0 +1,43 @@
from freeposte import app
import sys
import tabulate
# Known endpoints without permissions
known_missing_permissions = [
"index",
"static", "bootstrap.static",
"admin.static", "admin.login"
]
# Compute the permission table
missing_permissions = []
permissions = {}
for endpoint, function in app.view_functions.items():
audit = function.__dict__.get("_audit_permissions")
if audit:
handler, args = audit
if args:
model = args[0].__name__
key = args[1]
else:
model = key = None
permissions[endpoint] = [endpoint, handler.__name__, model, key]
elif endpoint not in known_missing_permissions:
missing_permissions.append(endpoint)
# Fail if any endpoint is missing a permission check
if missing_permissions:
print("The following endpoints are missing permission checks:")
print(missing_permissions.join(","))
sys.exit(1)
# Display the permissions table
print(tabulate.tabulate([
[route, *permissions[route.endpoint]]
for route in app.url_map.iter_rules() if route.endpoint in permissions
]))

@ -25,6 +25,7 @@ def permissions_wrapper(handler):
@functools.wraps(function)
def wrapper(*args, **kwargs):
return callback(function, args, kwargs, dargs, dkwargs)
wrapper._audit_permissions = handler, dargs
return flask_login.login_required(wrapper)
return inner
else:
@ -32,6 +33,7 @@ def permissions_wrapper(handler):
@functools.wraps(function)
def wrapper(*args, **kwargs):
return callback(function, args, kwargs, (), {})
wrapper._audit_permissions = handler, []
return flask_login.login_required(wrapper)
return decorator

@ -10,3 +10,4 @@ PyOpenSSL
passlib
gunicorn
docker-py
tabulate

Loading…
Cancel
Save