Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/jupyter_server/auth/authorizer.py: 79%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

14 statements  

1"""An Authorizer for use in the Jupyter server. 

2 

3The default authorizer (AllowAllAuthorizer) 

4allows all authenticated requests 

5 

6.. versionadded:: 2.0 

7""" 

8 

9# Copyright (c) Jupyter Development Team. 

10# Distributed under the terms of the Modified BSD License. 

11from __future__ import annotations 

12 

13from typing import TYPE_CHECKING, Awaitable 

14 

15from traitlets import Instance 

16from traitlets.config import LoggingConfigurable 

17 

18from .identity import IdentityProvider, User 

19 

20if TYPE_CHECKING: 

21 from jupyter_server.base.handlers import JupyterHandler 

22 

23 

24class Authorizer(LoggingConfigurable): 

25 """Base class for authorizing access to resources 

26 in the Jupyter Server. 

27 

28 All authorizers used in Jupyter Server 

29 should inherit from this base class and, at the very minimum, 

30 implement an ``is_authorized`` method with the 

31 same signature as in this base class. 

32 

33 The ``is_authorized`` method is called by the ``@authorized`` decorator 

34 in JupyterHandler. If it returns True, the incoming request 

35 to the server is accepted; if it returns False, the server 

36 returns a 403 (Forbidden) error code. 

37 

38 The authorization check will only be applied to requests 

39 that have already been authenticated. 

40 

41 .. versionadded:: 2.0 

42 """ 

43 

44 identity_provider = Instance(IdentityProvider) 

45 

46 def is_authorized( 

47 self, handler: JupyterHandler, user: User, action: str, resource: str 

48 ) -> Awaitable[bool] | bool: 

49 """A method to determine if ``user`` is authorized to perform ``action`` 

50 (read, write, or execute) on the ``resource`` type. 

51 

52 Parameters 

53 ---------- 

54 user : jupyter_server.auth.User 

55 An object representing the authenticated user, 

56 as returned by :meth:`jupyter_server.auth.IdentityProvider.get_user`. 

57 

58 action : str 

59 the category of action for the current request: read, write, or execute. 

60 

61 resource : str 

62 the type of resource (i.e. contents, kernels, files, etc.) the user is requesting. 

63 

64 Returns 

65 ------- 

66 bool 

67 True if user authorized to make request; False, otherwise 

68 """ 

69 raise NotImplementedError 

70 

71 

72class AllowAllAuthorizer(Authorizer): 

73 """A no-op implementation of the Authorizer 

74 

75 This authorizer allows all authenticated requests. 

76 

77 .. versionadded:: 2.0 

78 """ 

79 

80 def is_authorized( 

81 self, handler: JupyterHandler, user: User, action: str, resource: str 

82 ) -> bool: 

83 """This method always returns True. 

84 

85 All authenticated users are allowed to do anything in the Jupyter Server. 

86 """ 

87 return True