Mercurial > libervia-web
view libervia/server/restricted_bridge.py @ 1509:106bae41f5c8
massive refactoring from camelCase -> snake_case. See backend commit log for more details
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sat, 08 Apr 2023 13:44:11 +0200 |
| parents | e739600267cd |
| children | a3ca1bab6eb1 |
line wrap: on
line source
#!/usr/bin/env python3 # Libervia: a SàT frontend # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. from sat.tools.common import data_format from sat.core import exceptions from libervia.server.constants import Const as C class RestrictedBridge: """bridge with limited access, which can be used in browser Only a few method are implemented, with potentially dangerous argument controlled. Security limit is used """ def __init__(self, host): self.host = host self.security_limit = C.SECURITY_LIMIT def no_service_profile(self, profile): """Raise an error if service profile is used""" if profile == C.SERVICE_PROFILE: raise exceptions.PermissionError( "This action is not allowed for service profile" ) async def contacts_get(self, profile): return await self.host.bridge_call("contacts_get", profile) async def identity_get(self, entity, metadata_filter, use_cache, profile): return await self.host.bridge_call( "identity_get", entity, metadata_filter, use_cache, profile) async def identities_get(self, entities, metadata_filter, profile): return await self.host.bridge_call( "identities_get", entities, metadata_filter, profile) async def identities_base_get(self, profile): return await self.host.bridge_call( "identities_base_get", profile) async def ps_node_delete(self, service_s, node, profile): self.no_service_profile(profile) return await self.host.bridge_call( "ps_node_delete", service_s, node, profile) async def ps_node_affiliations_set(self, service_s, node, affiliations, profile): self.no_service_profile(profile) return await self.host.bridge_call( "ps_node_affiliations_set", service_s, node, affiliations, profile) async def ps_item_retract(self, service_s, node, item_id, notify, profile): self.no_service_profile(profile) return await self.host.bridge_call( "ps_item_retract", service_s, node, item_id, notify, profile) async def mb_preview(self, service_s, node, data, profile): return await self.host.bridge_call( "mb_preview", service_s, node, data, profile) async def list_set(self, service_s, node, values, schema, item_id, extra, profile): self.no_service_profile(profile) return await self.host.bridge_call( "list_set", service_s, node, values, "", item_id, "", profile) async def file_http_upload_get_slot( self, filename, size, content_type, upload_jid, profile): self.no_service_profile(profile) return await self.host.bridge_call( "file_http_upload_get_slot", filename, size, content_type, upload_jid, profile) async def file_sharing_delete( self, service_jid, path, namespace, profile): self.no_service_profile(profile) return await self.host.bridge_call( "file_sharing_delete", service_jid, path, namespace, profile) async def interests_file_sharing_register( self, service, repos_type, namespace, path, name, extra_s, profile ): self.no_service_profile(profile) if extra_s: # we only allow "thumb_url" here extra = data_format.deserialise(extra_s) if "thumb_url" in extra: extra_s = data_format.serialise({"thumb_url": extra["thumb_url"]}) else: extra_s = "" return await self.host.bridge_call( "interests_file_sharing_register", service, repos_type, namespace, path, name, extra_s, profile ) async def interest_retract( self, service_jid, item_id, profile ): self.no_service_profile(profile) return await self.host.bridge_call( "interest_retract", service_jid, item_id, profile) async def ps_invite( self, invitee_jid_s, service_s, node, item_id, name, extra_s, profile ): self.no_service_profile(profile) return await self.host.bridge_call( "ps_invite", invitee_jid_s, service_s, node, item_id, name, extra_s, profile ) async def fis_invite( self, invitee_jid_s, service_s, repos_type, namespace, path, name, extra_s, profile ): self.no_service_profile(profile) if extra_s: # we only allow "thumb_url" here extra = data_format.deserialise(extra_s) if "thumb_url" in extra: extra_s = data_format.serialise({"thumb_url": extra["thumb_url"]}) else: extra_s = "" return await self.host.bridge_call( "fis_invite", invitee_jid_s, service_s, repos_type, namespace, path, name, extra_s, profile ) async def fis_affiliations_set( self, service_s, namespace, path, affiliations, profile ): self.no_service_profile(profile) return await self.host.bridge_call( "fis_affiliations_set", service_s, namespace, path, affiliations, profile ) async def invitation_simple_create( self, invitee_email, invitee_name, url_template, extra_s, profile ): self.no_service_profile(profile) return await self.host.bridge_call( "invitation_simple_create", invitee_email, invitee_name, url_template, extra_s, profile )