관리-도구
편집 파일: permissions.py
import logging from pathlib import Path from typing import Optional from defence360agent.contracts.config import MyImunifyConfig, PermissionsConfig from defence360agent.contracts.license import LicenseCLN from defence360agent.feature_management.constants import AV_REPORT, FULL from defence360agent.feature_management.model import FeatureManagementPerms from defence360agent.myimunify.model import MyImunify logger = logging.getLogger(__name__) PERMISSIONS = ( MS_VIEW, MS_CLEAN, MS_CLEAN_REQUIRES_MYIMUNIFY_PROTECTION, MS_ON_DEMAND_SCAN, MS_ON_DEMAND_SCAN_WITHOUT_RATE_LIMIT, MS_IGNORE_LIST_EDIT, MS_CONFIG_DEFAULT_ACTION_EDIT, PD_VIEW, PD_CONFIG_MODE_EDIT, ) = ( "malware_scanner.view", "malware_scanner.clean", "malware_scanner.clean_requires_myimunify_protection", "malware_scanner.on_demand.scan", "malware_scanner.on_demand.scan_without_rate_limit", "malware_scanner.ignore_list.edit", "malware_scanner.config.default_action.edit", "proactive_defense.view", "proactive_defense.config.mode.edit", ) GLOBAL_CONFDIR = Path("/etc/sysconfig/imunify360") def myimunify_protection_enabled(user: Optional[str] = None) -> bool: return MyImunify.get_protection(user) def ms_view(user: Optional[str] = None): if user is None: return True return FeatureManagementPerms.get_perm(user).av in ( AV_REPORT, FULL, ) def ms_clean(user: Optional[str] = None): if LicenseCLN.is_free() or not LicenseCLN.is_valid(): return False if user is None: return True return FeatureManagementPerms.get_perm(user).av == FULL def ms_clean_requires_myimunify_protection(user: Optional[str] = None): if MyImunifyConfig.ENABLED: return myimunify_protection_enabled(user) return ms_clean(user) def ms_on_demand_scan(user: Optional[str] = None): if user is None: return True if MyImunifyConfig.ENABLED: # on-demand scan is available for both Basic and Pro subscriptions return True return PermissionsConfig.ALLOW_MALWARE_SCAN def ms_on_demand_scan_without_rate_limit( user: Optional[str] = None, ): if MyImunifyConfig.ENABLED: return myimunify_protection_enabled(user) return PermissionsConfig.ALLOW_MALWARE_SCAN def ms_ignore_list_edit(user: Optional[str] = None): if user is None: return True if MyImunifyConfig.ENABLED: # so far, MyImunify doesn't allow to the user editing ignore list return False return PermissionsConfig.USER_IGNORE_LIST def ms_config_default_action_edit(user: Optional[str] = None): if user is None: return True if MyImunifyConfig.ENABLED: # so far, MyImunify doesn't allow to the user # editing default malware action return False return PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS def pd_view(user: Optional[str] = None): if user is None: return True return FeatureManagementPerms.get_perm(user).proactive == FULL def pd_config_mode_edit(user: Optional[str] = None): if user is None: return True if MyImunifyConfig.ENABLED: return False return PermissionsConfig.USER_OVERRIDE_PROACTIVE_DEFENSE HAS_PERMISSION = { MS_VIEW: ms_view, MS_CLEAN: ms_clean, MS_CLEAN_REQUIRES_MYIMUNIFY_PROTECTION: ( ms_clean_requires_myimunify_protection ), MS_ON_DEMAND_SCAN: ms_on_demand_scan, MS_ON_DEMAND_SCAN_WITHOUT_RATE_LIMIT: ms_on_demand_scan_without_rate_limit, MS_IGNORE_LIST_EDIT: ms_ignore_list_edit, MS_CONFIG_DEFAULT_ACTION_EDIT: ms_config_default_action_edit, PD_VIEW: pd_view, PD_CONFIG_MODE_EDIT: pd_config_mode_edit, } def has_permission(permission, user): return HAS_PERMISSION[permission](user) def check_permission(permission, user) -> None: if not HAS_PERMISSION[permission](user): raise PermissionError("notifications.generalPermissionError") def permissions_list(user): return [ permission for permission in PERMISSIONS if has_permission(permission, user) ]