findig.tools.protector.scopeutil — tools for working with auth scopes

These functions are used protectors to implement scoping.

findig.tools.protector.scopeutil.check_encapsulates(root, child, sep='/')[source]

Check that one scope item encapsulates of another.

A scope item encapsulates when it is a super-scope of the other, and when its permissions are a superset of the other’s permissions.

This is used to implement sub-scopes, where permissions granted on a broad scope can be used to imply permissions for a sub-scope. By default, sub-scopes are denoted by a preceeding ‘/’.

For example, a scope permission if user+r is granted to an agent, then that agent is also implied to have been granted user/emails+r, user/friends+r and so on.

Parameters:
  • root – A super-scope
  • child – A potential sub-scope
  • sep – The separator that is used to denote sub-scopes.
findig.tools.protector.scopeutil.compress_scope_items(scopes, default_mode='r')[source]

Return a set of equivalent scope items that may be smaller in size.

Input scope items must be a normalized set of scope items.

findig.tools.protector.scopeutil.normalize_scope_items(scopes, default_mode='r', raise_err=True)[source]

Return a set of scope items that have been normalized.

A normalized set of scope items is one where every item is in the format:

norm_scope ::=  scope_name+permission

Input scope items are assumed to be ‘r’ by default. Example, the scope item user will normalize to user+r.

Input scope items that contain more than one permission are expanded to multiple scope items. For example the scope item user+ud is expanded to (user+u, user+d).

Note that permissions are atomic, and none implies another. For example, user+u will expand to user+u and NOT (user+r, user+u).

Parameters:
  • scopes – A list of scope items.
  • default_mode – The permission that should be assumed if one is omitted.
  • raise_err – If True, malformed scopes will raise a ValueError. Otherwise they are omitted.
findig.tools.protector.scopeutil.ANY = {'$^&#THISISGARBAGE#*@&@#$*@$&DFDF#&#@&@&##*&@DHJGDJH#@&*^@#*+crud'}

A special scope item that implicitly encapsulates all other scope items