MCPcopy Index your code
hub / github.com/bugy/script-server / validate_absolute_path

Method validate_absolute_path

src/web/server.py:648–659  ·  view source on GitHub ↗
(self, root, absolute_path)

Source from the content-addressed store, hash-verified

646
647 @check_authorization_sync
648 def validate_absolute_path(self, root, absolute_path):
649 audit_name = get_audit_name_from_request(self)
650 user_id = identify_user(self)
651
652 file_download_feature = self.application.file_download_feature
653
654 file_path = file_utils.relative_path(absolute_path, os.path.abspath(root))
655 if not file_download_feature.allowed_to_download(file_path, user_id):
656 LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path)
657 raise tornado.web.HTTPError(403)
658
659 return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
660
661
662# Use for testing only

Callers 1

Calls 3

identify_userFunction · 0.90
allowed_to_downloadMethod · 0.80

Tested by

no test coverage detected