| 22 | |
| 23 | |
| 24 | class Authorizer: |
| 25 | def __init__(self, app_allowed_users, admin_users, full_history_users, code_editor_users, groups_provider): |
| 26 | self._app_allowed_users = _normalize_users(app_allowed_users) |
| 27 | self._admin_users = _normalize_users(admin_users) |
| 28 | self._full_history_users = _normalize_users(full_history_users) |
| 29 | self._code_editor_users = _normalize_users(code_editor_users) |
| 30 | |
| 31 | self._groups_provider = groups_provider |
| 32 | |
| 33 | def is_allowed_in_app(self, user_id): |
| 34 | return self._is_allowed_internal(user_id, self._app_allowed_users) |
| 35 | |
| 36 | def is_admin(self, user_id): |
| 37 | return self._is_allowed_internal(user_id, self._admin_users) |
| 38 | |
| 39 | def has_full_history_access(self, user_id): |
| 40 | return self.is_admin(user_id) or self._is_allowed_internal(user_id, self._full_history_users) |
| 41 | |
| 42 | def can_edit_code(self, user_id): |
| 43 | return self.is_admin(user_id) and self._is_allowed_internal(user_id, self._code_editor_users) |
| 44 | |
| 45 | def is_allowed(self, user_id, allowed_users): |
| 46 | normalized_users = _normalize_users(allowed_users) |
| 47 | |
| 48 | return self._is_allowed_internal(user_id, normalized_users) |
| 49 | |
| 50 | def _is_allowed_internal(self, user_id, normalized_allowed_users): |
| 51 | if not normalized_allowed_users: |
| 52 | return False |
| 53 | |
| 54 | if normalized_allowed_users == ANY_USER: |
| 55 | return True |
| 56 | |
| 57 | if _normalize_user(user_id) in normalized_allowed_users: |
| 58 | return True |
| 59 | |
| 60 | user_groups = self._groups_provider.get_groups(user_id) |
| 61 | if not user_groups: |
| 62 | return False |
| 63 | |
| 64 | for group in user_groups: |
| 65 | if _normalize_user(GROUP_PREFIX + group) in normalized_allowed_users: |
| 66 | return True |
| 67 | |
| 68 | return False |
| 69 | |
| 70 | |
| 71 | class EmptyGroupProvider: |