core/homeassistant/auth/permissions/__init__.py

"""Permissions for Home Assistant."""
import logging
from typing import (  # noqa: F401
    cast,
    Any,
    Callable,
    Dict,
    List,
    Mapping,
    Optional,
    Set,
    Tuple,
    Union,
    TYPE_CHECKING,
)

import voluptuous as vol

from .const import CAT_ENTITIES
from .models import PermissionLookup
from .types import PolicyType
from .entities import ENTITY_POLICY_SCHEMA, compile_entities
from .merge import merge_policies  # noqa
from .util import test_all


POLICY_SCHEMA = vol.Schema({vol.Optional(CAT_ENTITIES): ENTITY_POLICY_SCHEMA})

_LOGGER = logging.getLogger(__name__)


class AbstractPermissions:
    """Default permissions class."""

    _cached_entity_func: Optional[Callable[[str, str], bool]] = None

    def _entity_func(self) -> Callable[[str, str], bool]:
        """Return a function that can test entity access."""
        raise NotImplementedError

    def access_all_entities(self, key: str) -> bool:
        """Check if we have a certain access to all entities."""
        raise NotImplementedError

    def check_entity(self, entity_id: str, key: str) -> bool:
        """Check if we can access entity."""
        entity_func = self._cached_entity_func

        if entity_func is None:
            entity_func = self._cached_entity_func = self._entity_func()

        return entity_func(entity_id, key)


class PolicyPermissions(AbstractPermissions):
    """Handle permissions."""

    def __init__(self, policy: PolicyType, perm_lookup: PermissionLookup) -> None:
        """Initialize the permission class."""
        self._policy = policy
        self._perm_lookup = perm_lookup

    def access_all_entities(self, key: str) -> bool:
        """Check if we have a certain access to all entities."""
        return test_all(self._policy.get(CAT_ENTITIES), key)

    def _entity_func(self) -> Callable[[str, str], bool]:
        """Return a function that can test entity access."""
        return compile_entities(self._policy.get(CAT_ENTITIES), self._perm_lookup)

    def __eq__(self, other: Any) -> bool:
        """Equals check."""
        # pylint: disable=protected-access
        return isinstance(other, PolicyPermissions) and other._policy == self._policy


class _OwnerPermissions(AbstractPermissions):
    """Owner permissions."""

    # pylint: disable=no-self-use

    def access_all_entities(self, key: str) -> bool:
        """Check if we have a certain access to all entities."""
        return True

    def _entity_func(self) -> Callable[[str, str], bool]:
        """Return a function that can test entity access."""
        return lambda entity_id, key: True


OwnerPermissions = _OwnerPermissions()  # pylint: disable=invalid-name
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00			`"""Permissions for Home Assistant."""`
			`import logging`
			`from typing import ( # noqa: F401`
Black 2019-07-31 19:25:30 +00:00			`cast,`
			`Any,`
			`Callable,`
			`Dict,`
			`List,`
			`Mapping,`
Type check various base components (#25878) * Type check various component base classes, disabling bunch of checks for now * Type hint fixes * Help mypy out some * Add more type hints 2019-08-12 03:38:18 +00:00			`Optional,`
Black 2019-07-31 19:25:30 +00:00			`Set,`
			`Tuple,`
			`Union,`
			`TYPE_CHECKING,`
			`)`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
			`import voluptuous as vol`

System groups (#18303) * Add read only and admin policies * Migrate to 2 system groups * Add system groups * Add system groups admin & read only * Dont' mutate parameters * Fix types 2018-11-08 11:57:00 +00:00			`from .const import CAT_ENTITIES`
Allow checking entity permissions based on devices (#19007) * Allow checking entity permissions based on devices * Fix tests 2018-12-05 10:41:00 +00:00			`from .models import PermissionLookup`
Add permission checks to Rest API (#18639) * Add permission checks to Rest API * Clean up unnecessary method * Remove all the tuple stuff from entity check * Simplify perms * Correct param name for owner permission * Hass.io make/update user to be admin * Types 2018-11-25 17:04:48 +00:00			`from .types import PolicyType`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00			`from .entities import ENTITY_POLICY_SCHEMA, compile_entities`
			`from .merge import merge_policies # noqa`
Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00			`from .util import test_all`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
Allow checking entity permissions based on devices (#19007) * Allow checking entity permissions based on devices * Fix tests 2018-12-05 10:41:00 +00:00
Black 2019-07-31 19:25:30 +00:00			`POLICY_SCHEMA = vol.Schema({vol.Optional(CAT_ENTITIES): ENTITY_POLICY_SCHEMA})`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
			`_LOGGER = logging.getLogger(__name__)`


			`class AbstractPermissions:`
			`"""Default permissions class."""`

Type check various base components (#25878) * Type check various component base classes, disabling bunch of checks for now * Type hint fixes * Help mypy out some * Add more type hints 2019-08-12 03:38:18 +00:00			`_cached_entity_func: Optional[Callable[[str, str], bool]] = None`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
Add permission checks to Rest API (#18639) * Add permission checks to Rest API * Clean up unnecessary method * Remove all the tuple stuff from entity check * Simplify perms * Correct param name for owner permission * Hass.io make/update user to be admin * Types 2018-11-25 17:04:48 +00:00			`def _entity_func(self) -> Callable[[str, str], bool]:`
			`"""Return a function that can test entity access."""`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00			`raise NotImplementedError`

Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00			`def access_all_entities(self, key: str) -> bool:`
			`"""Check if we have a certain access to all entities."""`
			`raise NotImplementedError`

Add permission checks to Rest API (#18639) * Add permission checks to Rest API * Clean up unnecessary method * Remove all the tuple stuff from entity check * Simplify perms * Correct param name for owner permission * Hass.io make/update user to be admin * Types 2018-11-25 17:04:48 +00:00			`def check_entity(self, entity_id: str, key: str) -> bool:`
			`"""Check if we can access entity."""`
			`entity_func = self._cached_entity_func`

			`if entity_func is None:`
			`entity_func = self._cached_entity_func = self._entity_func()`

			`return entity_func(entity_id, key)`

Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
			`class PolicyPermissions(AbstractPermissions):`
			`"""Handle permissions."""`

Black 2019-07-31 19:25:30 +00:00			`def __init__(self, policy: PolicyType, perm_lookup: PermissionLookup) -> None:`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00			`"""Initialize the permission class."""`
			`self._policy = policy`
Allow checking entity permissions based on devices (#19007) * Allow checking entity permissions based on devices * Fix tests 2018-12-05 10:41:00 +00:00			`self._perm_lookup = perm_lookup`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00			`def access_all_entities(self, key: str) -> bool:`
			`"""Check if we have a certain access to all entities."""`
			`return test_all(self._policy.get(CAT_ENTITIES), key)`

Add permission checks to Rest API (#18639) * Add permission checks to Rest API * Clean up unnecessary method * Remove all the tuple stuff from entity check * Simplify perms * Correct param name for owner permission * Hass.io make/update user to be admin * Types 2018-11-25 17:04:48 +00:00			`def _entity_func(self) -> Callable[[str, str], bool]:`
			`"""Return a function that can test entity access."""`
Black 2019-07-31 19:25:30 +00:00			`return compile_entities(self._policy.get(CAT_ENTITIES), self._perm_lookup)`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00
			`def __eq__(self, other: Any) -> bool:`
			`"""Equals check."""`
			`# pylint: disable=protected-access`
Black 2019-07-31 19:25:30 +00:00			`return isinstance(other, PolicyPermissions) and other._policy == self._policy`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00

			`class _OwnerPermissions(AbstractPermissions):`
			`"""Owner permissions."""`

			`# pylint: disable=no-self-use`

Add get_states faster (#23315) 2019-04-23 10:46:23 +00:00			`def access_all_entities(self, key: str) -> bool:`
			`"""Check if we have a certain access to all entities."""`
			`return True`

Add permission checks to Rest API (#18639) * Add permission checks to Rest API * Clean up unnecessary method * Remove all the tuple stuff from entity check * Simplify perms * Correct param name for owner permission * Hass.io make/update user to be admin * Types 2018-11-25 17:04:48 +00:00			`def _entity_func(self) -> Callable[[str, str], bool]:`
			`"""Return a function that can test entity access."""`
			`return lambda entity_id, key: True`
Permissions improv (#17811) * Break up permissions file. * Granular entity permissions * Add "all" entity permission * Lint * Fix types 2018-10-29 10:28:04 +00:00

			`OwnerPermissions = _OwnerPermissions() # pylint: disable=invalid-name`