Coverage for /pythoncovmergedfiles/medio/medio/src/jupyter_server/jupyter_server/auth/authorizer.py: 75%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

16 statements  

1"""An Authorizer for use in the Jupyter server. 

2 

3The default authorizer (AllowAllAuthorizer) 

4allows all authenticated requests 

5 

6.. versionadded:: 2.0 

7""" 

8 

9# Copyright (c) Jupyter Development Team. 

10# Distributed under the terms of the Modified BSD License. 

11from __future__ import annotations 

12 

13from typing import TYPE_CHECKING 

14 

15from traitlets import Instance 

16from traitlets.config import LoggingConfigurable 

17 

18from .identity import IdentityProvider, User 

19 

20if TYPE_CHECKING: 

21 from collections.abc import Awaitable 

22 

23 from jupyter_server.base.handlers import JupyterHandler 

24 

25 

26class Authorizer(LoggingConfigurable): 

27 """Base class for authorizing access to resources 

28 in the Jupyter Server. 

29 

30 All authorizers used in Jupyter Server 

31 should inherit from this base class and, at the very minimum, 

32 implement an ``is_authorized`` method with the 

33 same signature as in this base class. 

34 

35 The ``is_authorized`` method is called by the ``@authorized`` decorator 

36 in JupyterHandler. If it returns True, the incoming request 

37 to the server is accepted; if it returns False, the server 

38 returns a 403 (Forbidden) error code. 

39 

40 The authorization check will only be applied to requests 

41 that have already been authenticated. 

42 

43 .. versionadded:: 2.0 

44 """ 

45 

46 identity_provider = Instance(IdentityProvider) 

47 

48 def is_authorized( 

49 self, handler: JupyterHandler, user: User, action: str, resource: str 

50 ) -> Awaitable[bool] | bool: 

51 """A method to determine if ``user`` is authorized to perform ``action`` 

52 (read, write, or execute) on the ``resource`` type. 

53 

54 Parameters 

55 ---------- 

56 user : jupyter_server.auth.User 

57 An object representing the authenticated user, 

58 as returned by :meth:`jupyter_server.auth.IdentityProvider.get_user`. 

59 

60 action : str 

61 the category of action for the current request: read, write, or execute. 

62 

63 resource : str 

64 the type of resource (i.e. contents, kernels, files, etc.) the user is requesting. 

65 

66 Returns 

67 ------- 

68 bool 

69 True if user authorized to make request; False, otherwise 

70 """ 

71 raise NotImplementedError 

72 

73 

74class AllowAllAuthorizer(Authorizer): 

75 """A no-op implementation of the Authorizer 

76 

77 This authorizer allows all authenticated requests. 

78 

79 .. versionadded:: 2.0 

80 """ 

81 

82 def is_authorized( 

83 self, handler: JupyterHandler, user: User, action: str, resource: str 

84 ) -> bool: 

85 """This method always returns True. 

86 

87 All authenticated users are allowed to do anything in the Jupyter Server. 

88 """ 

89 return True