Skip to content

Commit

Permalink
update authorized wrapper with resource
Browse files Browse the repository at this point in the history
  • Loading branch information
Zsailer authored and davidbrochart committed May 28, 2021
1 parent d2eae45 commit 912e05b
Show file tree
Hide file tree
Showing 15 changed files with 52 additions and 38 deletions.
4 changes: 2 additions & 2 deletions jupyter_server/files/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,14 @@ def content_security_policy(self):
"; sandbox allow-scripts"

@web.authenticated
@authorized('read')
@authorized("read", resource="files")
def head(self, path):
self.get(path, include_body=False)
self.check_xsrf_cookie()
return self.get(path, include_body=False)

@web.authenticated
@authorized('read')
@authorized("read", resource="files")
async def get(self, path, include_body=True):
# /files/ requests must originate from the same site
self.check_xsrf_cookie()
Expand Down
4 changes: 2 additions & 2 deletions jupyter_server/kernelspecs/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def initialize(self):
web.StaticFileHandler.initialize(self, path='')

@web.authenticated
@authorized("read")
@authorized("read", resource="kernelspecs")
def get(self, kernel_name, path, include_body=True):
ksm = self.kernel_spec_manager
try:
Expand All @@ -23,7 +23,7 @@ def get(self, kernel_name, path, include_body=True):
return web.StaticFileHandler.get(self, path, include_body=include_body)

@web.authenticated
@authorized("read")
@authorized("read", resource="kernelspecs")
def head(self, kernel_name, path):
return self.get(kernel_name, path, include_body=False)

Expand Down
5 changes: 5 additions & 0 deletions jupyter_server/nbconvert/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
from ipython_genutils.py3compat import cast_bytes
from ipython_genutils import text

from jupyter_server.utils import authorized


def find_resource_files(output_files_dir):
files = []
for dirpath, dirnames, filenames in os.walk(output_files_dir):
Expand Down Expand Up @@ -81,6 +84,7 @@ class NbconvertFileHandler(JupyterHandler):
SUPPORTED_METHODS = ('GET',)

@web.authenticated
@authorized("read", resource="nbconvert")
async def get(self, format, path):
self.check_xsrf_cookie()
exporter = get_exporter(format, config=self.config, log=self.log)
Expand Down Expand Up @@ -150,6 +154,7 @@ class NbconvertPostHandler(JupyterHandler):
SUPPORTED_METHODS = ('POST',)

@web.authenticated
@authorized("write", resource="nbconvert")
def post(self, format):
exporter = get_exporter(format, config=self.config)

Expand Down
4 changes: 3 additions & 1 deletion jupyter_server/services/api/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from tornado import web

from ...base.handlers import JupyterHandler, APIHandler
from jupyter_server.utils import ensure_async
from jupyter_server.utils import ensure_async, authorized
from jupyter_server._tz import utcfromtimestamp, isoformat


Expand All @@ -19,6 +19,7 @@ def initialize(self):
web.StaticFileHandler.initialize(self, path=os.path.dirname(__file__))

@web.authenticated
@authorized("read", resource="api")
def get(self):
self.log.warning("Serving api spec (experimental, incomplete)")
return web.StaticFileHandler.get(self, 'api.yaml')
Expand All @@ -32,6 +33,7 @@ class APIStatusHandler(APIHandler):
_track_activity = False

@web.authenticated
@authorized("read", resource="api")
async def get(self):
# if started was missing, use unix epoch
started = self.settings.get('started', utcfromtimestamp(0))
Expand Down
8 changes: 3 additions & 5 deletions jupyter_server/services/config/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,27 +9,25 @@
from tornado import web

from ...base.handlers import APIHandler

from jupyter_server.utils import authorized


class ConfigHandler(APIHandler):

@web.authenticated
@authorized('read')
@authorized("read", resource="config")
def get(self, section_name):
self.set_header("Content-Type", 'application/json')
self.finish(json.dumps(self.config_manager.get(section_name)))

@web.authenticated
@authorized('write')
@authorized("write", resource="config")
def put(self, section_name):
data = self.get_json_body() # Will raise 400 if content is not valid JSON
self.config_manager.set(section_name, data)
self.set_status(204)

@web.authenticated
@authorized('write')
@authorized("write", resource="config")
def patch(self, section_name):
new_data = self.get_json_body()
section = self.config_manager.update(section_name, new_data)
Expand Down
23 changes: 11 additions & 12 deletions jupyter_server/services/contents/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@
from jupyter_server.base.handlers import (
JupyterHandler, APIHandler, path_regex,
)

from jupyter_server.utils import authorized


def validate_model(model, expect_content):
"""
Validate a model returned by a ContentsManager method.
Expand Down Expand Up @@ -89,7 +89,7 @@ def _finish_model(self, model, location=True):
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('read', resource='contents')
@authorized("read", resource="contents")
async def get(self, path=''):
"""Return a model for a file or directory.
Expand All @@ -116,7 +116,7 @@ async def get(self, path=''):
self._finish_model(model, location=False)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
async def patch(self, path=''):
"""PATCH renames a file or directory without re-uploading content."""
cm = self.contents_manager
Expand Down Expand Up @@ -165,7 +165,7 @@ async def _save(self, model, path):
self._finish_model(model)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
async def post(self, path=''):
"""Create a new file in the specified path.
Expand Down Expand Up @@ -202,7 +202,7 @@ async def post(self, path=''):
await self._new_untitled(path)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
async def put(self, path=''):
"""Saves the file in the location specified by name and path.
Expand All @@ -227,7 +227,7 @@ async def put(self, path=''):
await self._new_untitled(path)

@web.authenticated
@authorized('write', resource='contents')
@authorized("write", resource="contents")
async def delete(self, path=''):
"""delete a file in the given path"""
cm = self.contents_manager
Expand All @@ -240,7 +240,7 @@ async def delete(self, path=''):
class CheckpointsHandler(APIHandler):

@web.authenticated
@authorized('read', resource='checkpoints')
@authorized("read", resource="contents")
async def get(self, path=''):
"""get lists checkpoints for a file"""
cm = self.contents_manager
Expand All @@ -249,7 +249,7 @@ async def get(self, path=''):
self.finish(data)

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
async def post(self, path=''):
"""post creates a new checkpoint"""
cm = self.contents_manager
Expand All @@ -265,7 +265,7 @@ async def post(self, path=''):
class ModifyCheckpointsHandler(APIHandler):

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
async def post(self, path, checkpoint_id):
"""post restores a file from a checkpoint"""
cm = self.contents_manager
Expand All @@ -274,7 +274,7 @@ async def post(self, path, checkpoint_id):
self.finish()

@web.authenticated
@authorized('write', resource='checkpoints')
@authorized("write", resource="contents")
async def delete(self, path, checkpoint_id):
"""delete clears a checkpoint for a given file"""
cm = self.contents_manager
Expand Down Expand Up @@ -302,13 +302,12 @@ class TrustNotebooksHandler(JupyterHandler):
""" Handles trust/signing of notebooks """

@web.authenticated
@authorized('write', resource='trust_notebook')
@authorized("write", resource="contents")
async def post(self,path=''):
cm = self.contents_manager
await ensure_async(cm.trust_notebook(path))
self.set_status(201)
self.finish()

#-----------------------------------------------------------------------------
# URL to handler mappings
#-----------------------------------------------------------------------------
Expand Down
10 changes: 5 additions & 5 deletions jupyter_server/services/kernels/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@
class MainKernelHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernels')
@authorized("read", resource="kernels")
async def get(self):
km = self.kernel_manager
kernels = await ensure_async(km.list_kernels())
self.finish(json.dumps(kernels, default=date_default))

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
async def post(self):
km = self.kernel_manager
model = self.get_json_body()
Expand All @@ -57,14 +57,14 @@ async def post(self):
class KernelHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernels')
@authorized("read", resource="kernels")
async def get(self, kernel_id):
km = self.kernel_manager
model = await ensure_async(km.kernel_model(kernel_id))
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
async def delete(self, kernel_id):
km = self.kernel_manager
await ensure_async(km.shutdown_kernel(kernel_id))
Expand All @@ -75,7 +75,7 @@ async def delete(self, kernel_id):
class KernelActionHandler(APIHandler):

@web.authenticated
@authorized('write', resource='kernels')
@authorized("write", resource="kernels")
async def post(self, kernel_id, action):
km = self.kernel_manager
if action == 'interrupt':
Expand Down
5 changes: 3 additions & 2 deletions jupyter_server/services/kernelspecs/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

from jupyter_server.utils import authorized


def kernelspec_model(handler, name, spec_dict, resource_dir):
"""Load a KernelSpec by name and return the REST API model"""
d = {
Expand Down Expand Up @@ -56,7 +57,7 @@ def is_kernelspec_model(spec_dict):
class MainKernelSpecHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernelspecs')
@authorized("read", resource="kernelspecs")
async def get(self):
ksm = self.kernel_spec_manager
km = self.kernel_manager
Expand All @@ -81,7 +82,7 @@ async def get(self):
class KernelSpecHandler(APIHandler):

@web.authenticated
@authorized('read', resource='kernelspecs')
@authorized("read", resource="kernelspecs")
async def get(self, kernel_name):
ksm = self.kernel_spec_manager
kernel_name = url_unescape(kernel_name)
Expand Down
2 changes: 2 additions & 0 deletions jupyter_server/services/nbconvert/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,13 @@
from tornado import web

from ...base.handlers import APIHandler
from jupyter_server.utils import authorized


class NbconvertRootHandler(APIHandler):

@web.authenticated
@authorized("read", resource="nbconvert")
async def get(self):
try:
from nbconvert.exporters import base
Expand Down
2 changes: 2 additions & 0 deletions jupyter_server/services/security/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from tornado import web

from ...base.handlers import APIHandler
from jupyter_server.utils import authorized
from . import csp_report_uri

class CSPReportHandler(APIHandler):
Expand All @@ -22,6 +23,7 @@ def check_xsrf_cookie(self):
return

@web.authenticated
@authorized("write", resource="csp")
def post(self):
'''Log a content security policy violation report'''
self.log.warning("Content security violation: %s",
Expand Down
11 changes: 5 additions & 6 deletions jupyter_server/services/sessions/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,21 @@
from jupyter_client.jsonutil import date_default
from jupyter_server.utils import url_path_join, ensure_async
from jupyter_client.kernelspec import NoSuchKernel

from jupyter_server.utils import authorized


class SessionRootHandler(APIHandler):

@web.authenticated
@authorized('read', resource='sessions')
@authorized("read", resource="sessions")
async def get(self):
# Return a list of running sessions
sm = self.session_manager
sessions = await ensure_async(sm.list_sessions())
self.finish(json.dumps(sessions, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
async def post(self):
# Creates a new session
#(unless a session already exists for the named session)
Expand Down Expand Up @@ -90,15 +89,15 @@ async def post(self):
class SessionHandler(APIHandler):

@web.authenticated
@authorized('read', resource='sessions')
@authorized("read", resource="sessions")
async def get(self, session_id):
# Returns the JSON model for a single session
sm = self.session_manager
model = await sm.get_session(session_id=session_id)
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
async def patch(self, session_id):
"""Patch updates sessions:
Expand Down Expand Up @@ -149,7 +148,7 @@ async def patch(self, session_id):
self.finish(json.dumps(model, default=date_default))

@web.authenticated
@authorized('write', resource='sessions')
@authorized("write", resource="sessions")
async def delete(self, session_id):
# Deletes the session with given session_id
sm = self.session_manager
Expand Down
2 changes: 2 additions & 0 deletions jupyter_server/services/shutdown.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@
"""
from tornado import web, ioloop
from jupyter_server.base.handlers import JupyterHandler
from jupyter_server.utils import authorized


class ShutdownHandler(JupyterHandler):
@web.authenticated
@authorized("write", resource="shutdown")
def post(self):
self.log.info("Shutting down on /api/shutdown request.")
ioloop.IOLoop.current().stop()
Expand Down
Loading

0 comments on commit 912e05b

Please sign in to comment.