Skip to content

Commit

Permalink
update authorized wrapper with resource
Browse files Browse the repository at this point in the history
  • Loading branch information
Zsailer committed Jan 10, 2020
1 parent aba70f9 commit 1343a1e
Show file tree
Hide file tree
Showing 16 changed files with 65 additions and 49 deletions.
2 changes: 1 addition & 1 deletion jupyter_server/edit/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ class EditorHandler(JupyterHandler):
"""Render the text editor interface."""

@web.authenticated
@authorized('read')
@authorized("read", resource="editor")
def get(self, path):
path = path.strip('/')
if not self.contents_manager.file_exists(path):
Expand Down
4 changes: 2 additions & 2 deletions jupyter_server/files/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ def content_security_policy(self):
"; sandbox allow-scripts"

@web.authenticated
@authorized('read')
@authorized("read", resource="files")
def head(self, path):
self.get(path, include_body=False)

@web.authenticated
@authorized('read')
@authorized("read", resource="files")
@gen.coroutine
def get(self, path, include_body=True):
cm = self.contents_manager
Expand Down
4 changes: 2 additions & 2 deletions jupyter_server/kernelspecs/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def initialize(self):
web.StaticFileHandler.initialize(self, path='')

@web.authenticated
@authorized("read")
@authorized("read", resource="kernelspecs")
def get(self, kernel_name, path, include_body=True):
ksm = self.kernel_spec_manager
try:
Expand All @@ -22,7 +22,7 @@ def get(self, kernel_name, path, include_body=True):
return web.StaticFileHandler.get(self, path, include_body=include_body)

@web.authenticated
@authorized("read")
@authorized("read", resource="kernelspecs")
def head(self, kernel_name, path):
return self.get(kernel_name, path, include_body=False)

Expand Down
5 changes: 5 additions & 0 deletions jupyter_server/nbconvert/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
from ipython_genutils.py3compat import cast_bytes
from ipython_genutils import text

from jupyter_server.utils import authorized


def find_resource_files(output_files_dir):
files = []
for dirpath, dirnames, filenames in os.walk(output_files_dir):
Expand Down Expand Up @@ -80,6 +83,7 @@ class NbconvertFileHandler(JupyterHandler):
SUPPORTED_METHODS = ('GET',)

@web.authenticated
@authorized("read", resource="nbconvert")
def get(self, format, path):

exporter = get_exporter(format, config=self.config, log=self.log)
Expand Down Expand Up @@ -149,6 +153,7 @@ class NbconvertPostHandler(JupyterHandler):
SUPPORTED_METHODS = ('POST',)

@web.authenticated
@authorized("write", resource="nbconvert")
def post(self, format):
exporter = get_exporter(format, config=self.config)

Expand Down
6 changes: 4 additions & 2 deletions jupyter_server/services/api/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@

from tornado import gen, web

from ...base.handlers import JupyterHandler, APIHandler
from jupyter_server.base.handlers import JupyterHandler, APIHandler
from jupyter_server._tz import utcfromtimestamp, isoformat
from jupyter_server.utils import maybe_future
from jupyter_server.utils import maybe_future, authorized


class APISpecHandler(web.StaticFileHandler, JupyterHandler):
Expand All @@ -19,6 +19,7 @@ def initialize(self):
web.StaticFileHandler.initialize(self, path=os.path.dirname(__file__))

@web.authenticated
@authorized("read", resource="api")
def get(self):
self.log.warning("Serving api spec (experimental, incomplete)")
return web.StaticFileHandler.get(self, 'api.yaml')
Expand All @@ -32,6 +33,7 @@ class APIStatusHandler(APIHandler):
_track_activity = False

@web.authenticated
@authorized("read", resource="api")
@gen.coroutine
def get(self):
# if started was missing, use unix epoch
Expand Down
9 changes: 4 additions & 5 deletions jupyter_server/services/config/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,28 +9,27 @@
from tornado import web

from ipython_genutils.py3compat import PY3
from ...base.handlers import APIHandler

from jupyter_server.base.handlers import APIHandler
from jupyter_server.utils import authorized


class ConfigHandler(APIHandler):

@web.authenticated
@authorized('read')
@authorized("read", resource="config")
def get(self, section_name):
self.set_header("Content-Type", 'application/json')
self.finish(json.dumps(self.config_manager.get(section_name)))

@web.authenticated
@authorized('write')
@authorized("write", resource="config")
def put(self, section_name):
data = self.get_json_body() # Will raise 400 if content is not valid JSON
self.config_manager.set(section_name, data)
self.set_status(204)

@web.authenticated
@authorized('write')
@authorized("write", resource="config")
def patch(self, section_name):
new_data = self.get_json_body()
section = self.config_manager.update(section_name, new_data)
Expand Down
22 changes: 11 additions & 11 deletions jupyter_server/services/contents/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@
from jupyter_server.base.handlers import (
JupyterHandler, APIHandler, path_regex,
)

from jupyter_server.utils import authorized


def validate_model(model, expect_content):
"""
Validate a model returned by a ContentsManager method.
Expand Down Expand Up @@ -89,7 +89,7 @@ def _finish_model(self, model, location=True):
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('read', resource='contents')
@authorized("read", resource="contents")
@gen.coroutine
def get(self, path=''):
"""Return a model for a file or directory.
Expand Down Expand Up @@ -117,7 +117,7 @@ def get(self, path=''):
self._finish_model(model, location=False)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
@gen.coroutine
def patch(self, path=''):
"""PATCH renames a file or directory without re-uploading content."""
Expand Down Expand Up @@ -170,7 +170,7 @@ def _save(self, model, path):
self._finish_model(model)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
@gen.coroutine
def post(self, path=''):
"""Create a new file in the specified path.
Expand Down Expand Up @@ -208,7 +208,7 @@ def post(self, path=''):
yield self._new_untitled(path)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
@gen.coroutine
def put(self, path=''):
"""Saves the file in the location specified by name and path.
Expand All @@ -234,7 +234,7 @@ def put(self, path=''):
yield maybe_future(self._new_untitled(path))

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
@gen.coroutine
def delete(self, path=''):
"""delete a file in the given path"""
Expand All @@ -248,7 +248,7 @@ def delete(self, path=''):
class CheckpointsHandler(APIHandler):

@web.authenticated
@authorized('read', resource='checkpoints')
@authorized("read", resource="contents")
@gen.coroutine
def get(self, path=''):
"""get lists checkpoints for a file"""
Expand All @@ -258,7 +258,7 @@ def get(self, path=''):
self.finish(data)

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
@gen.coroutine
def post(self, path=''):
"""post creates a new checkpoint"""
Expand All @@ -275,7 +275,7 @@ def post(self, path=''):
class ModifyCheckpointsHandler(APIHandler):

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
@gen.coroutine
def post(self, path, checkpoint_id):
"""post restores a file from a checkpoint"""
Expand All @@ -285,7 +285,7 @@ def post(self, path, checkpoint_id):
self.finish()

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
@gen.coroutine
def delete(self, path, checkpoint_id):
"""delete clears a checkpoint for a given file"""
Expand Down Expand Up @@ -314,7 +314,7 @@ class TrustNotebooksHandler(JupyterHandler):
""" Handles trust/signing of notebooks """

@web.authenticated
@authorized('write', resource='trust_notebook')
@authorized("write", resource="contents")
@gen.coroutine
def post(self,path=''):
cm = self.contents_manager
Expand Down
14 changes: 7 additions & 7 deletions jupyter_server/services/kernels/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,23 +19,23 @@
from ipython_genutils.py3compat import cast_unicode
from jupyter_server.utils import url_path_join, url_escape, maybe_future

from ...base.handlers import APIHandler
from ...base.zmqhandlers import AuthenticatedZMQStreamHandler, deserialize_binary_message
from jupyter_server.base.handlers import APIHandler
from jupyter_server.base.zmqhandlers import AuthenticatedZMQStreamHandler, deserialize_binary_message

from jupyter_server.utils import authorized

class MainKernelHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernels')
@authorized("read", resource="kernels")
@gen.coroutine
def get(self):
km = self.kernel_manager
kernels = yield maybe_future(km.list_kernels())
self.finish(json.dumps(kernels, default=date_default))

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
@gen.coroutine
def post(self):
km = self.kernel_manager
Expand All @@ -58,14 +58,14 @@ def post(self):
class KernelHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernels')
@authorized("read", resource="kernels")
def get(self, kernel_id):
km = self.kernel_manager
model = km.kernel_model(kernel_id)
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
@gen.coroutine
def delete(self, kernel_id):
km = self.kernel_manager
Expand All @@ -77,7 +77,7 @@ def delete(self, kernel_id):
class KernelActionHandler(APIHandler):

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
@gen.coroutine
def post(self, kernel_id, action):
km = self.kernel_manager
Expand Down
4 changes: 2 additions & 2 deletions jupyter_server/services/kernelspecs/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ def is_kernelspec_model(spec_dict):
class MainKernelSpecHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernelspecs')
@authorized("read", resource="kernelspecs")
@gen.coroutine
def get(self):
ksm = self.kernel_spec_manager
Expand All @@ -82,7 +82,7 @@ def get(self):
class KernelSpecHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernelspecs')
@authorized("read", resource="kernelspecs")
@gen.coroutine
def get(self, kernel_name):
ksm = self.kernel_spec_manager
Expand Down
5 changes: 3 additions & 2 deletions jupyter_server/services/nbconvert/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@

from tornado import web

from ...base.handlers import APIHandler

from jupyter_server.base.handlers import APIHandler
from jupyter_server.utils import authorized

class NbconvertRootHandler(APIHandler):

@web.authenticated
@authorized("read", resource="nbconvert")
def get(self):
try:
from nbconvert.exporters import base
Expand Down
4 changes: 3 additions & 1 deletion jupyter_server/services/security/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@

from tornado import web

from ...base.handlers import APIHandler
from jupyter_server.base.handlers import APIHandler
from jupyter_server.utils import authorized
from . import csp_report_uri

class CSPReportHandler(APIHandler):
Expand All @@ -22,6 +23,7 @@ def check_xsrf_cookie(self):
return

@web.authenticated
@authorized("write", resource="csp")
def post(self):
'''Log a content security policy violation report'''
self.log.warning("Content security violation: %s",
Expand Down
11 changes: 5 additions & 6 deletions jupyter_server/services/sessions/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,13 @@
from jupyter_client.jsonutil import date_default
from jupyter_server.utils import maybe_future, url_path_join
from jupyter_client.kernelspec import NoSuchKernel

from jupyter_server.utils import authorized


class SessionRootHandler(APIHandler):

@web.authenticated
@authorized('read', resource='sessions')
@authorized("read", resource="sessions")
@gen.coroutine
def get(self):
# Return a list of running sessions
Expand All @@ -30,7 +29,7 @@ def get(self):
self.finish(json.dumps(sessions, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
@gen.coroutine
def post(self):
# Creates a new session
Expand Down Expand Up @@ -92,7 +91,7 @@ def post(self):
class SessionHandler(APIHandler):

@web.authenticated
@authorized('read', resource='sessions')
@authorized("read", resource="sessions")
@gen.coroutine
def get(self, session_id):
# Returns the JSON model for a single session
Expand All @@ -101,7 +100,7 @@ def get(self, session_id):
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
@gen.coroutine
def patch(self, session_id):
"""Patch updates sessions:
Expand Down Expand Up @@ -155,7 +154,7 @@ def patch(self, session_id):
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
@gen.coroutine
def delete(self, session_id):
# Deletes the session with given session_id
Expand Down
Loading

0 comments on commit 1343a1e

Please sign in to comment.