perms: refactor perms config to make interface much clearer

'perms_policy' is a callback which returns a Perms object, which may filter cdx lines from the response
2025-03-15 00:03:28 +01:00 · 2014-03-06 18:06:05 -08:00 · 2014-03-06 18:06:05 -08:00 · 681c2fd8d5
commit 681c2fd8d5
parent 7b5cbaa878
6 changed files with 41 additions and 17 deletions
--- a/pywb/core/indexreader.py
+++ b/pywb/core/indexreader.py
@ -1,6 +1,7 @@
 import urllib
 import urllib2

+from pywb.perms.perms_filter import make_perms_cdx_filter

 #=================================================================
 class IndexReader(object):
@ -38,7 +39,7 @@ class IndexReader(object):

    def load_cdx(self, wbrequest, params):
        if self.perms_policy:
-            perms_op = self.perms_policy.create_perms_filter_op(wbrequest)
+            perms_op = make_perms_cdx_filter(self.perms_policy, wbrequest)
            if perms_op:
                params['custom_ops'] = [perms_op]

--- a/pywb/perms/perms_filter.py
+++ b/pywb/perms/perms_filter.py
@ -2,7 +2,25 @@ from pywb.utils.wbexception import AccessException


 #=================================================================
-def create_filter_op(perms_checker):
+def make_perms_cdx_filter(perms_policy, wbrequest):
+    """
+    Called internally to convert a perms_policy and a request
+    to a filter which can be applied on the cdx
+    """
+    perms_checker = perms_policy(wbrequest)
+    if not perms_checker:
+        return None
+
+    return _create_cdx_perms_filter(perms_checker)
+
+#=================================================================
+def _create_cdx_perms_filter(perms_checker):
+    """
+    Return a function which will filter the cdx given
+    a Perms object.
+    :param perms_checker: a Perms object which implements the
+        allow_url_lookup() and access_check_capture() methods
+    """

    def perms_filter_op(cdx_iter, query):
        """
@ -25,18 +43,24 @@ def create_filter_op(perms_checker):


 #================================================================
-class AllowAllPermsPolicy(object):
-    def create_perms_filter_op(self, wbrequest):
-        return create_filter_op(self.create_perms_checker(wbrequest))
+def allow_all_perms_policy(wbrequest):
+    """
+    Perms policy which always returns a default Perms object
+    which allows everything.

-    def create_perms_checker(self, wbrequest):
-        return AllowAllPerms()
+    The perms object is created per request and may store request
+    state, if necessary.
+
+    The same perms object may be called with multiple queries
+    (such as for each cdx line) per request.
+    """
+    return Perms()


 #=================================================================
-class AllowAllPerms(object):
+class Perms(object):
    """
-    Sample Perm Checker which allows all
+    A base perms checker which allows everything
    """

    def allow_url_lookup(self, key):
--- a/pywb/perms/perms_handler.py
+++ b/pywb/perms/perms_handler.py
@ -19,7 +19,7 @@ class PermsHandler(WbUrlHandler):
        self.url_canon = url_canon

    def __call__(self, wbrequest):
-        perms_checker = self.perms_policy.create_perms_checker(wbrequest)
+        perms_checker = self.perms_policy(wbrequest)

        if wbrequest.wb_url:
            return self.check_single_url(wbrequest, perms_checker)
--- a/pywb/perms/test/test_perms.py
+++ b/pywb/perms/test/test_perms.py
@ -8,7 +8,7 @@ from pywb.core.indexreader import IndexReader

 from pytest import raises

-from tests.fixture import TestExclusionPermsPolicy, testconfig
+from tests.fixture import testconfig


 #================================================================
--- a/test_config.yaml
+++ b/test_config.yaml
@ -101,4 +101,4 @@ reporter: !!python/object/new:tests.fixture.PrintReporter []
 #domain_specific_rules: rules.yaml

 #perms_checker: !!python/object/new:pywb.cdx.perms.AllowAllPerms []
-perms_policy:  !!python/object/new:tests.fixture.TestExclusionPermsPolicy []
+perms_policy: !!python/name:tests.fixture.test_exclusion_perms_policy
--- a/tests/fixture.py
+++ b/tests/fixture.py
@ -3,7 +3,7 @@ import pytest

 import yaml

-from pywb.perms.perms_filter import AllowAllPerms, AllowAllPermsPolicy
+from pywb.perms.perms_filter import Perms

@pytest.fixture
 def testconfig():
@ -27,7 +27,7 @@ class PrintReporter:
        pass

 #================================================================
-class TestExclusionPerms(AllowAllPerms):
+class TestExclusionPerms(Perms):
    """
    Perm Checker fixture to block a single url for testing
    """
@ -46,6 +46,5 @@ class TestExclusionPerms(AllowAllPerms):


 #================================================================
-class TestExclusionPermsPolicy(AllowAllPermsPolicy):
-    def create_perms_checker(self, wbrequest):
-        return TestExclusionPerms()
+def test_exclusion_perms_policy(wbrequest):
+    return TestExclusionPerms()