Mercurial > libervia-web

comparison libervia/web/server/restricted_bridge.py @ 1518:eb00d593801d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
author Goffi <goffi@goffi.org>
date Fri, 02 Jun 2023 16:49:28 +0200
parents libervia/server/restricted_bridge.py@a3ca1bab6eb1
children 49ad8dd210d0
comparison
equal deleted inserted replaced
1517:b8ed9726525b 1518:eb00d593801d
1 #!/usr/bin/env python3
2
3 # Libervia: a SàT frontend
4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org)
5
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU Affero General Public License as published by
8 # the Free Software Foundation, either version 3 of the License, or
9 # (at your option) any later version.
10
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU Affero General Public License for more details.
15
16 # You should have received a copy of the GNU Affero General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 from libervia.backend.tools.common import data_format
20 from libervia.backend.core import exceptions
21 from libervia.web.server.constants import Const as C
22
23
24 class RestrictedBridge:
25 """bridge with limited access, which can be used in browser
26
27 Only a few method are implemented, with potentially dangerous argument controlled.
28 Security limit is used
29 """
30
31 def __init__(self, host):
32 self.host = host
33 self.security_limit = C.SECURITY_LIMIT
34
35 def no_service_profile(self, profile):
36 """Raise an error if service profile is used"""
37 if profile == C.SERVICE_PROFILE:
38 raise exceptions.PermissionError(
39 "This action is not allowed for service profile"
40 )
41
42 async def action_launch(
43 self, callback_id: str, data_s: str, profile: str
44 ) -> str:
45 self.no_service_profile(profile)
46 return await self.host.bridge_call(
47 "action_launch", callback_id, data_s, profile
48 )
49
50 async def call_start(self, entity: str, call_data_s: str, profile: str) -> None:
51 self.no_service_profile(profile)
52 return await self.host.bridge_call(
53 "call_start", entity, call_data_s, profile
54 )
55
56 async def call_end(self, session_id: str, call_data: str, profile: str) -> None:
57 self.no_service_profile(profile)
58 return await self.host.bridge_call(
59 "call_end", session_id, call_data, profile
60 )
61
62 async def contacts_get(self, profile):
63 return await self.host.bridge_call("contacts_get", profile)
64
65 async def external_disco_get(self, entity, profile):
66 self.no_service_profile(profile)
67 return await self.host.bridge_call(
68 "external_disco_get", entity, profile)
69
70 async def ice_candidates_add(self, session_id, media_ice_data_s, profile):
71 self.no_service_profile(profile)
72 return await self.host.bridge_call(
73 "ice_candidates_add", session_id, media_ice_data_s, profile
74 )
75
76 async def identity_get(self, entity, metadata_filter, use_cache, profile):
77 return await self.host.bridge_call(
78 "identity_get", entity, metadata_filter, use_cache, profile)
79
80 async def identities_get(self, entities, metadata_filter, profile):
81 return await self.host.bridge_call(
82 "identities_get", entities, metadata_filter, profile)
83
84 async def identities_base_get(self, profile):
85 return await self.host.bridge_call(
86 "identities_base_get", profile)
87
88 async def ps_node_delete(self, service_s, node, profile):
89 self.no_service_profile(profile)
90 return await self.host.bridge_call(
91 "ps_node_delete", service_s, node, profile)
92
93 async def ps_node_affiliations_set(self, service_s, node, affiliations, profile):
94 self.no_service_profile(profile)
95 return await self.host.bridge_call(
96 "ps_node_affiliations_set", service_s, node, affiliations, profile)
97
98 async def ps_item_retract(self, service_s, node, item_id, notify, profile):
99 self.no_service_profile(profile)
100 return await self.host.bridge_call(
101 "ps_item_retract", service_s, node, item_id, notify, profile)
102
103 async def mb_preview(self, service_s, node, data, profile):
104 return await self.host.bridge_call(
105 "mb_preview", service_s, node, data, profile)
106
107 async def list_set(self, service_s, node, values, schema, item_id, extra, profile):
108 self.no_service_profile(profile)
109 return await self.host.bridge_call(
110 "list_set", service_s, node, values, "", item_id, "", profile)
111
112
113 async def file_http_upload_get_slot(
114 self, filename, size, content_type, upload_jid, profile):
115 self.no_service_profile(profile)
116 return await self.host.bridge_call(
117 "file_http_upload_get_slot", filename, size, content_type,
118 upload_jid, profile)
119
120 async def file_sharing_delete(
121 self, service_jid, path, namespace, profile):
122 self.no_service_profile(profile)
123 return await self.host.bridge_call(
124 "file_sharing_delete", service_jid, path, namespace, profile)
125
126 async def interests_file_sharing_register(
127 self, service, repos_type, namespace, path, name, extra_s, profile
128 ):
129 self.no_service_profile(profile)
130 if extra_s:
131 # we only allow "thumb_url" here
132 extra = data_format.deserialise(extra_s)
133 if "thumb_url" in extra:
134 extra_s = data_format.serialise({"thumb_url": extra["thumb_url"]})
135 else:
136 extra_s = ""
137
138 return await self.host.bridge_call(
139 "interests_file_sharing_register", service, repos_type, namespace, path, name,
140 extra_s, profile
141 )
142
143 async def interest_retract(
144 self, service_jid, item_id, profile
145 ):
146 self.no_service_profile(profile)
147 return await self.host.bridge_call(
148 "interest_retract", service_jid, item_id, profile)
149
150 async def ps_invite(
151 self, invitee_jid_s, service_s, node, item_id, name, extra_s, profile
152 ):
153 self.no_service_profile(profile)
154 return await self.host.bridge_call(
155 "ps_invite", invitee_jid_s, service_s, node, item_id, name, extra_s, profile
156 )
157
158 async def fis_invite(
159 self, invitee_jid_s, service_s, repos_type, namespace, path, name, extra_s,
160 profile
161 ):
162 self.no_service_profile(profile)
163 if extra_s:
164 # we only allow "thumb_url" here
165 extra = data_format.deserialise(extra_s)
166 if "thumb_url" in extra:
167 extra_s = data_format.serialise({"thumb_url": extra["thumb_url"]})
168 else:
169 extra_s = ""
170
171 return await self.host.bridge_call(
172 "fis_invite", invitee_jid_s, service_s, repos_type, namespace, path, name,
173 extra_s, profile
174 )
175
176 async def fis_affiliations_set(
177 self, service_s, namespace, path, affiliations, profile
178 ):
179 self.no_service_profile(profile)
180 return await self.host.bridge_call(
181 "fis_affiliations_set", service_s, namespace, path, affiliations, profile
182 )
183
184 async def invitation_simple_create(
185 self, invitee_email, invitee_name, url_template, extra_s, profile
186 ):
187 self.no_service_profile(profile)
188 return await self.host.bridge_call(
189 "invitation_simple_create", invitee_email, invitee_name, url_template, extra_s,
190 profile
191 )