diff options
Diffstat (limited to 'moon_authz/moon_authz/api/authorization.py')
-rw-r--r-- | moon_authz/moon_authz/api/authorization.py | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/moon_authz/moon_authz/api/authorization.py b/moon_authz/moon_authz/api/authorization.py index e939604b..84114466 100644 --- a/moon_authz/moon_authz/api/authorization.py +++ b/moon_authz/moon_authz/api/authorization.py @@ -89,16 +89,28 @@ class Authz(Resource): # Context.update_target(context) if not self.context.pdp_set: raise exceptions.PdpUnknown + if current_header_id not in self.context.pdp_set: + raise Exception('Invalid index') current_pdp = self.context.pdp_set[current_header_id] category_list = list() - category_list.extend(current_pdp["meta_rules"]["subject_categories"]) - category_list.extend(current_pdp["meta_rules"]["object_categories"]) - category_list.extend(current_pdp["meta_rules"]["action_categories"]) + if 'meta_rules' not in current_pdp: + raise exceptions.PdpContentError + try: + category_list.extend(current_pdp["meta_rules"]["subject_categories"]) + category_list.extend(current_pdp["meta_rules"]["object_categories"]) + category_list.extend(current_pdp["meta_rules"]["action_categories"]) + except Exception: + raise exceptions.MetaRuleContentError + if 'target' not in current_pdp: + raise exceptions.PdpContentError for category in category_list: scope = list(current_pdp['target'][category]) scopes_list.append(scope) # policy_id = self.cache.get_policy_from_meta_rules("admin", current_header_id) - + if self.context.current_policy_id not in self.cache.rules: + raise exceptions.PolicyUnknown + if 'rules' not in self.cache.rules[self.context.current_policy_id]: + raise exceptions.RuleUnknown for item in itertools.product(*scopes_list): req = list(item) for rule in self.cache.rules[self.context.current_policy_id]["rules"]: @@ -365,4 +377,4 @@ class Authz(Resource): def head(self, uuid=None, subject_name=None, object_name=None, action_name=None): logger.info("HEAD request") - return "", 200
\ No newline at end of file + return "", 200 |