24 __docformat__ = "restructuredtext en" |
24 __docformat__ = "restructuredtext en" |
25 |
25 |
26 import sys |
26 import sys |
27 from os.path import join, exists |
27 from os.path import join, exists |
28 from glob import glob |
28 from glob import glob |
|
29 from contextlib import contextmanager |
29 |
30 |
30 from logilab.common.modutils import LazyObject |
31 from logilab.common.modutils import LazyObject |
31 from logilab.common.textutils import splitstrip |
32 from logilab.common.textutils import splitstrip |
32 from logilab.common.registry import yes |
33 from logilab.common.registry import yes |
33 from logilab import database |
34 from logilab import database |
78 DBG_MS = 8 |
79 DBG_MS = 8 |
79 #: hooks |
80 #: hooks |
80 DBG_HOOKS = 16 |
81 DBG_HOOKS = 16 |
81 #: operations |
82 #: operations |
82 DBG_OPS = 32 |
83 DBG_OPS = 32 |
|
84 #: security |
|
85 DBG_SEC = 64 |
83 #: more verbosity |
86 #: more verbosity |
84 DBG_MORE = 64 |
87 DBG_MORE = 128 |
85 #: all level enabled |
88 #: all level enabled |
86 DBG_ALL = DBG_RQL + DBG_SQL + DBG_REPO + DBG_MS + DBG_HOOKS + DBG_OPS + DBG_MORE |
89 DBG_ALL = DBG_RQL + DBG_SQL + DBG_REPO + DBG_MS + DBG_HOOKS + DBG_OPS + DBG_SEC + DBG_MORE |
|
90 |
|
91 _SECURITY_ITEMS = [] |
|
92 _SECURITY_CAPS = ['read', 'add', 'update', 'delete'] |
87 |
93 |
88 #: current debug mode |
94 #: current debug mode |
89 DEBUG = 0 |
95 DEBUG = 0 |
|
96 |
|
97 @contextmanager |
|
98 def tunesecurity(items=(), capabilities=()): |
|
99 """Context manager to use in conjunction with DBG_SEC. |
|
100 |
|
101 This allows some tuning of: |
|
102 * the monitored capabilities ('read', 'add', ....) |
|
103 * the object being checked by the security checkers |
|
104 |
|
105 When no item is given, all of them will be watched. |
|
106 By default all capabilities are monitored, unless specified. |
|
107 |
|
108 Example use:: |
|
109 |
|
110 from cubicweb.server import debugged, DBG_SEC, tunesecurity |
|
111 with debugged(DBG_SEC): |
|
112 with tunesecurity(items=('Elephant', 'trumps'), |
|
113 capabilities=('update', 'delete')): |
|
114 babar.cw_set(trumps=celeste) |
|
115 flore.cw_delete() |
|
116 |
|
117 ==> |
|
118 |
|
119 check_perm: 'update' 'relation Elephant.trumps.Elephant' |
|
120 [(ERQLExpression(Any X WHERE U has_update_permission X, X eid %(x)s, U eid %(u)s), |
|
121 {'eid': 2167}, True)] |
|
122 check_perm: 'delete' 'Elephant' |
|
123 [(ERQLExpression(Any X WHERE U has_delete_permission X, X eid %(x)s, U eid %(u)s), |
|
124 {'eid': 2168}, True)] |
|
125 |
|
126 """ |
|
127 olditems = _SECURITY_ITEMS[:] |
|
128 _SECURITY_ITEMS.extend(list(items)) |
|
129 oldactions = _SECURITY_CAPS[:] |
|
130 _SECURITY_CAPS[:] = capabilities |
|
131 yield |
|
132 _SECURITY_ITEMS[:] = olditems |
|
133 _SECURITY_CAPS[:] = oldactions |
90 |
134 |
91 def set_debug(debugmode): |
135 def set_debug(debugmode): |
92 """change the repository debugging mode""" |
136 """change the repository debugging mode""" |
93 global DEBUG |
137 global DEBUG |
94 if not debugmode: |
138 if not debugmode: |