本文整理汇总了Python中sentry.auth.superuser.is_active_superuser函数的典型用法代码示例。如果您正苦于以下问题:Python is_active_superuser函数的具体用法?Python is_active_superuser怎么用?Python is_active_superuser使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了is_active_superuser函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get
def get(self, request):
status = request.GET.get('status')
if status == 'published':
queryset = SentryApp.objects.filter(status=SentryAppStatus.PUBLISHED)
elif status == 'unpublished':
if is_active_superuser(request):
queryset = SentryApp.objects.filter(
status=SentryAppStatus.UNPUBLISHED
)
else:
queryset = SentryApp.objects.filter(
status=SentryAppStatus.UNPUBLISHED,
owner__in=request.user.get_orgs(),
)
else:
if is_active_superuser(request):
queryset = SentryApp.objects.all()
else:
queryset = SentryApp.objects.filter(status=SentryAppStatus.PUBLISHED)
return self.paginate(
request=request,
queryset=queryset,
order_by='-date_added',
paginator_cls=OffsetPaginator,
on_results=lambda x: serialize(x, request.user),
)
示例2: get_projects
def get_projects(
self,
request,
organization,
force_global_perms=False,
include_all_accessible=False,
):
"""
Determines which project ids to filter the endpoint by. If a list of
project ids is passed in via the `project` querystring argument then
validate that these projects can be accessed. If not passed, then
return all project ids that the user can access within this
organization.
:param request:
:param organization: Organization to fetch projects for
:param force_global_perms: Permission override. Allows subclasses to
perform their own validation and allow the user to access any project
in the organization. This is a hack to support the old
`request.auth.has_scope` way of checking permissions, don't use it
for anything else, we plan to remove this once we remove uses of
`auth.has_scope`.
:param include_all_accessible: Whether to factor the organization
allow_joinleave flag into permission checks. We should ideally
standardize how this is used and remove this parameter.
:return: A list of project ids, or raises PermissionDenied.
"""
project_ids = set(map(int, request.GET.getlist('project')))
requested_projects = project_ids.copy()
user = getattr(request, 'user', None)
qs = Project.objects.filter(
organization=organization,
status=ProjectStatus.VISIBLE,
)
if project_ids:
qs = qs.filter(id__in=project_ids)
if force_global_perms:
projects = list(qs)
else:
if (
user and is_active_superuser(request) or
requested_projects or
include_all_accessible
):
func = request.access.has_project_access
else:
func = request.access.has_project_membership
projects = [p for p in qs if func(p)]
project_ids = set(p.id for p in projects)
if requested_projects and project_ids != requested_projects:
raise PermissionDenied
return projects
示例3: wrapped
def wrapped(request, *args, **kwargs):
if not is_active_superuser(request):
if request.user.is_superuser:
auth.initiate_login(request, next_url=request.get_full_path())
return HttpResponseRedirect(auth.get_login_url())
return render_to_response('sentry/missing_permissions.html', {}, request, status=400)
return func(request, *args, **kwargs)
示例4: from_request
def from_request(request, organization, scopes=None):
if not organization:
return DEFAULT
if is_active_superuser(request):
# we special case superuser so that if they're a member of the org
# they must still follow SSO checks, but they gain global access
try:
member = OrganizationMember.objects.get(
user=request.user,
organization=organization,
)
except OrganizationMember.DoesNotExist:
requires_sso, sso_is_valid = False, True
else:
requires_sso, sso_is_valid = _sso_params(member)
team_list = list(organization.team_set.all())
return Access(
scopes=scopes if scopes is not None else settings.SENTRY_SCOPES,
is_active=True,
teams=team_list,
memberships=team_list,
sso_is_valid=sso_is_valid,
requires_sso=requires_sso,
)
return from_user(request.user, organization, scopes=scopes)
示例5: get
def get(self, request, *args, **kwargs):
next_uri = self.get_next_uri(request, *args, **kwargs)
if request.user.is_authenticated():
# if the user is a superuser, but not 'superuser authenticated'
# we allow them to re-authenticate to gain superuser status
if not request.user.is_superuser or is_active_superuser(request):
return self.handle_authenticated(request, *args, **kwargs)
request.session.set_test_cookie()
# we always reset the state on GET so you dont end up at an odd location
auth.initiate_login(request, next_uri)
# Single org mode -- send them to the org-specific handler
if settings.SENTRY_SINGLE_ORGANIZATION:
org = Organization.get_default()
next_uri = reverse('sentry-auth-organization', args=[org.slug])
return HttpResponseRedirect(next_uri)
session_expired = 'session_expired' in request.COOKIES
if session_expired:
messages.add_message(request, messages.WARNING,
WARN_SESSION_EXPIRED)
response = self.handle_basic_auth(request, *args, **kwargs)
if session_expired:
response.delete_cookie('session_expired')
return response
示例6: has_object_permission
def has_object_permission(self, request, view, project):
result = super(ProjectPermission,
self).has_object_permission(request, view, project.organization)
if not result:
return result
if project.teams.exists():
return any(
has_team_permission(request, team, self.scope_map) for team in project.teams.all()
)
elif request.user.is_authenticated():
# this is only for team-less projects
if is_active_superuser(request):
return True
try:
role = OrganizationMember.objects.filter(
organization=project.organization,
user=request.user,
).values_list('role', flat=True).get()
except OrganizationMember.DoesNotExist:
# this should probably never happen?
return False
return roles.get(role).is_global
elif hasattr(request.auth, 'project_id') and project.id == request.auth.project_id:
return True
return False
示例7: post
def post(self, request):
if not (is_active_superuser(request) and request.access.has_permission('broadcasts.admin')):
return self.respond(status=401)
validator = AdminBroadcastValidator(data=request.DATA)
if not validator.is_valid():
return self.respond(validator.errors, status=400)
result = validator.object
with transaction.atomic():
broadcast = Broadcast.objects.create(
title=result['title'],
message=result['message'],
link=result['link'],
is_active=result.get('isActive') or False,
date_expires=result.get('expiresAt'),
)
logger.info('broadcasts.create', extra={
'ip_address': request.META['REMOTE_ADDR'],
'user_id': request.user.id,
'broadcast_id': broadcast.id,
})
if result.get('hasSeen'):
try:
with transaction.atomic():
BroadcastSeen.objects.create(
broadcast=broadcast,
user=request.user,
)
except IntegrityError:
pass
return self.respond(self._serialize_objects(broadcast, request))
示例8: _serialize_objects
def _serialize_objects(self, items, request):
if is_active_superuser(request):
serializer_cls = AdminBroadcastSerializer
else:
serializer_cls = BroadcastSerializer
return serialize(items, request.user, serializer=serializer_cls())
示例9: get_allowed_projects
def get_allowed_projects(self, request, organization):
has_valid_api_key = False
if isinstance(request.auth, ApiKey):
if request.auth.organization_id != organization.id:
return []
has_valid_api_key = request.auth.has_scope('project:releases') or \
request.auth.has_scope('project:write')
if not (has_valid_api_key or request.user.is_authenticated()):
return []
if has_valid_api_key or is_active_superuser(request) or organization.flags.allow_joinleave:
allowed_teams = Team.objects.filter(organization=organization).values_list(
'id', flat=True
)
else:
allowed_teams = OrganizationMemberTeam.objects.filter(
organizationmember__user=request.user,
team__organization_id=organization.id,
).values_list(
'team_id', flat=True
)
return Project.objects.filter(
id__in=ProjectTeam.objects.filter(
team_id__in=allowed_teams,
).values_list('project_id', flat=True)
)
示例10: serialize
def serialize(self, obj, attrs, user):
from sentry.mediators.service_hooks.creator import consolidate_events
data = {
'name': obj.name,
'slug': obj.slug,
'author': obj.author,
'scopes': obj.get_scopes(),
'events': consolidate_events(obj.events),
'status': obj.get_status_display(),
'schema': obj.schema,
'uuid': obj.uuid,
'webhookUrl': obj.webhook_url,
'redirectUrl': obj.redirect_url,
'isAlertable': obj.is_alertable,
'overview': obj.overview,
}
if is_active_superuser(env.request) or (
hasattr(user, 'get_orgs') and obj.owner in user.get_orgs()
):
data.update({
'clientId': obj.application.client_id,
'clientSecret': obj.application.client_secret,
'owner': {
'id': obj.owner.id,
'slug': obj.owner.slug,
},
})
return data
示例11: handle
def handle(self, request, organization):
try:
auth_provider = AuthProvider.objects.get(
organization=organization,
)
except AuthProvider.DoesNotExist:
pass
else:
provider = auth_provider.get_provider()
requires_feature = provider.required_feature
# Provider is not enabled
# Allow superusers to edit and disable SSO for orgs that
# downgrade plans and can no longer access the feature
if requires_feature and not features.has(
requires_feature,
organization,
actor=request.user
) and not is_active_superuser(request):
home_url = organization.get_url()
messages.add_message(request, messages.ERROR, ERR_NO_SSO)
return HttpResponseRedirect(home_url)
return self.handle_existing_provider(
request=request,
organization=organization,
auth_provider=auth_provider,
)
if request.method == 'POST':
provider_key = request.POST.get('provider')
if not manager.exists(provider_key):
raise ValueError(u'Provider not found: {}'.format(provider_key))
helper = AuthHelper(
request=request,
organization=organization,
provider_key=provider_key,
flow=AuthHelper.FLOW_SETUP_PROVIDER,
)
feature = helper.provider.required_feature
if feature and not features.has(feature, organization, actor=request.user):
return HttpResponse('Provider is not enabled', status=401)
if request.POST.get('init'):
helper.init_pipeline()
if not helper.pipeline_is_valid():
return helper.error('Something unexpected happened during authentication.')
# render first time setup view
return helper.current_step()
# Otherwise user is in bad state since frontend/react should handle this case
return HttpResponseRedirect(
organization.get_url()
)
示例12: can
def can(self, request):
if 'prof' not in request.GET:
return False
if settings.DEBUG:
return True
if is_active_superuser(request):
return True
return False
示例13: has_object_permission
def has_object_permission(self, request, view, user=None):
if user is None:
user = request.user
if request.user == user:
return True
if request.auth:
return False
if is_active_superuser(request):
return True
return False
示例14: get_allowed_roles
def get_allowed_roles(self, request, organization, member=None):
can_admin = request.access.has_scope('member:admin')
allowed_roles = []
if can_admin and not is_active_superuser(request):
acting_member = OrganizationMember.objects.get(
user=request.user,
organization=organization,
)
if member and roles.get(acting_member.role).priority < roles.get(member.role).priority:
can_admin = False
else:
allowed_roles = [
r for r in roles.get_all()
if r.priority <= roles.get(acting_member.role).priority
]
can_admin = bool(allowed_roles)
elif is_active_superuser(request):
allowed_roles = roles.get_all()
return (can_admin, allowed_roles, )
示例15: _get_identities
def _get_identities(self, item_list, user):
if not (env.request and is_active_superuser(env.request)):
item_list = [x for x in item_list if x == user]
queryset = AuthIdentity.objects.filter(
user__in=item_list,
).select_related('auth_provider', 'auth_provider__organization')
results = {i.id: [] for i in item_list}
for item in queryset:
results[item.user_id].append(item)
return results