core/homeassistant/auth/permissions/util.py

"""Helpers to deal with permissions."""
from functools import wraps

from typing import Callable, Dict, List, Optional, cast  # noqa: F401

from .const import SUBCAT_ALL
from .models import PermissionLookup
from .types import CategoryType, SubCategoryDict, ValueType

LookupFunc = Callable[[PermissionLookup, SubCategoryDict, str], Optional[ValueType]]
SubCatLookupType = Dict[str, LookupFunc]


def lookup_all(
    perm_lookup: PermissionLookup, lookup_dict: SubCategoryDict, object_id: str
) -> ValueType:
    """Look up permission for all."""
    # In case of ALL category, lookup_dict IS the schema.
    return cast(ValueType, lookup_dict)


def compile_policy(
    policy: CategoryType, subcategories: SubCatLookupType, perm_lookup: PermissionLookup
) -> Callable[[str, str], bool]:  # noqa
    """Compile policy into a function that tests policy.
    Subcategories are mapping key -> lookup function, ordered by highest
    priority first.
    """
    # None, False, empty dict
    if not policy:

        def apply_policy_deny_all(entity_id: str, key: str) -> bool:
            """Decline all."""
            return False

        return apply_policy_deny_all

    if policy is True:

        def apply_policy_allow_all(entity_id: str, key: str) -> bool:
            """Approve all."""
            return True

        return apply_policy_allow_all

    assert isinstance(policy, dict)

    funcs = []  # type: List[Callable[[str, str], Optional[bool]]]

    for key, lookup_func in subcategories.items():
        lookup_value = policy.get(key)

        # If any lookup value is `True`, it will always be positive
        if isinstance(lookup_value, bool):
            return lambda object_id, key: True

        if lookup_value is not None:
            funcs.append(_gen_dict_test_func(perm_lookup, lookup_func, lookup_value))

    if len(funcs) == 1:
        func = funcs[0]

        @wraps(func)
        def apply_policy_func(object_id: str, key: str) -> bool:
            """Apply a single policy function."""
            return func(object_id, key) is True

        return apply_policy_func

    def apply_policy_funcs(object_id: str, key: str) -> bool:
        """Apply several policy functions."""
        for func in funcs:
            result = func(object_id, key)
            if result is not None:
                return result
        return False

    return apply_policy_funcs


def _gen_dict_test_func(
    perm_lookup: PermissionLookup, lookup_func: LookupFunc, lookup_dict: SubCategoryDict
) -> Callable[[str, str], Optional[bool]]:  # noqa
    """Generate a lookup function."""

    def test_value(object_id: str, key: str) -> Optional[bool]:
        """Test if permission is allowed based on the keys."""
        schema = lookup_func(perm_lookup, lookup_dict, object_id)  # type: ValueType

        if schema is None or isinstance(schema, bool):
            return schema

        assert isinstance(schema, dict)

        return schema.get(key)

    return test_value


def test_all(policy: CategoryType, key: str) -> bool:
    """Test if a policy has an ALL access for a specific key."""
    if not isinstance(policy, dict):
        return bool(policy)

    all_policy = policy.get(SUBCAT_ALL)

    if not isinstance(all_policy, dict):
        return bool(all_policy)

    return all_policy.get(key, False)
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`"""Helpers to deal with permissions."""`
			`from functools import wraps`

Optional and Union simplifications (#25365) 2019-07-21 17:59:51 +00:00			`from typing import Callable, Dict, List, Optional, cast # noqa: F401`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00
Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00			`from .const import SUBCAT_ALL`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`from .models import PermissionLookup`
			`from .types import CategoryType, SubCategoryDict, ValueType`

Black 2019-07-31 19:25:30 +00:00			`LookupFunc = Callable[[PermissionLookup, SubCategoryDict, str], Optional[ValueType]]`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`SubCatLookupType = Dict[str, LookupFunc]`


Black 2019-07-31 19:25:30 +00:00			`def lookup_all(`
			`perm_lookup: PermissionLookup, lookup_dict: SubCategoryDict, object_id: str`
			`) -> ValueType:`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`"""Look up permission for all."""`
			`# In case of ALL category, lookup_dict IS the schema.`
			`return cast(ValueType, lookup_dict)`


			`def compile_policy(`
Black 2019-07-31 19:25:30 +00:00			`policy: CategoryType, subcategories: SubCatLookupType, perm_lookup: PermissionLookup`
			`) -> Callable[[str, str], bool]: # noqa`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`"""Compile policy into a function that tests policy.`
			`Subcategories are mapping key -> lookup function, ordered by highest`
			`priority first.`
			`"""`
			`# None, False, empty dict`
			`if not policy:`
Black 2019-07-31 19:25:30 +00:00
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`def apply_policy_deny_all(entity_id: str, key: str) -> bool:`
			`"""Decline all."""`
			`return False`

			`return apply_policy_deny_all`

			`if policy is True:`
Black 2019-07-31 19:25:30 +00:00
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`def apply_policy_allow_all(entity_id: str, key: str) -> bool:`
			`"""Approve all."""`
			`return True`

			`return apply_policy_allow_all`

			`assert isinstance(policy, dict)`

Optional and Union simplifications (#25365) 2019-07-21 17:59:51 +00:00			`funcs = [] # type: List[Callable[[str, str], Optional[bool]]]`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00
			`for key, lookup_func in subcategories.items():`
			`lookup_value = policy.get(key)`

			# If any lookup value is `True`, it will always be positive
			`if isinstance(lookup_value, bool):`
			`return lambda object_id, key: True`

			`if lookup_value is not None:`
Black 2019-07-31 19:25:30 +00:00			`funcs.append(_gen_dict_test_func(perm_lookup, lookup_func, lookup_value))`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00
			`if len(funcs) == 1:`
			`func = funcs[0]`

			`@wraps(func)`
			`def apply_policy_func(object_id: str, key: str) -> bool:`
			`"""Apply a single policy function."""`
			`return func(object_id, key) is True`

			`return apply_policy_func`

			`def apply_policy_funcs(object_id: str, key: str) -> bool:`
			`"""Apply several policy functions."""`
			`for func in funcs:`
			`result = func(object_id, key)`
			`if result is not None:`
			`return result`
			`return False`

			`return apply_policy_funcs`


			`def _gen_dict_test_func(`
Black 2019-07-31 19:25:30 +00:00			`perm_lookup: PermissionLookup, lookup_func: LookupFunc, lookup_dict: SubCategoryDict`
			`) -> Callable[[str, str], Optional[bool]]: # noqa`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`"""Generate a lookup function."""`
Black 2019-07-31 19:25:30 +00:00
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00			`def test_value(object_id: str, key: str) -> Optional[bool]:`
			`"""Test if permission is allowed based on the keys."""`
Black 2019-07-31 19:25:30 +00:00			`schema = lookup_func(perm_lookup, lookup_dict, object_id) # type: ValueType`
Add area permission check (#21835) 2019-03-11 18:02:37 +00:00
			`if schema is None or isinstance(schema, bool):`
			`return schema`

			`assert isinstance(schema, dict)`

			`return schema.get(key)`

			`return test_value`
Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00

			`def test_all(policy: CategoryType, key: str) -> bool:`
			`"""Test if a policy has an ALL access for a specific key."""`
			`if not isinstance(policy, dict):`
			`return bool(policy)`

			`all_policy = policy.get(SUBCAT_ALL)`

			`if not isinstance(all_policy, dict):`
			`return bool(all_policy)`

			`return all_policy.get(key, False)`