in modular_api_cli/modular_handler/user_handler.py [0:0]
def policy_simulator_handler(self, user_name, user_group, policy_name,
requested_command):
warnings_list = []
policies = []
item_name = ''
item = ''
if user_name:
existed_user = self.user_service.describe_user(
username=user_name)
if not existed_user:
raise ModularApiBadRequestException(
f'No such user: \'{user_name}\'')
warnings_list, policies = \
self.validate_groups_policies_and_resolve_actions(
groups=existed_user.groups
)
item, item_name = 'user', user_name
elif user_group:
warnings_list, policies = \
self.validate_groups_policies_and_resolve_actions(
groups=[user_group]
)
item, item_name = 'group', user_group
elif policy_name:
policies, warnings_list = self.resolve_policy_allowed_actions(
policies=[policy_name]
)
item, item_name = 'policy', policy_name
if warnings_list:
return CommandResponse(
message='Any action can not be performed due to '
'user/group/policy invalid configuration',
warnings=warnings_list
)
if not requested_command.startswith('admin '):
raise ModularApiBadRequestException(
'Incorrect spelling. All commands should starting '
'with "admin ..."'
)
if '-' in requested_command:
raise ModularApiBadRequestException(
'Incorrect spelling. "-" and "--" symbols are not allowed. '
'Check spelling'
)
available_commands = permissions_handler_instance().available_commands
filtered_commands = filter_commands_by_permissions(available_commands,
policies)
route_mapping = generate_route_meta_mapping(
commands_meta=filtered_commands)
init_cmd = requested_command
requested_command = requested_command.split()
path = '/'.join(requested_command).replace('admin', '')
# for admin root commands
# if will be added new one -> add to list:
if path == '/get_operation_status':
path = '/admin/get_operation_status'
# ----------------------------------------
effect = 'ALLOW' if path in route_mapping.keys() else 'DENY'
return CommandResponse(
f'Checked for {item}: {item_name}{os.linesep}'
f'Command: {init_cmd}{os.linesep}'
f'Status: {effect}{os.linesep}'
)