Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/defence360agent/contracts/permissions.py |
import logging
from pathlib import Path
from typing import Optional
from defence360agent.contracts.config import MyImunifyConfig, PermissionsConfig
from defence360agent.contracts.license import LicenseCLN
from defence360agent.feature_management.constants import AV_REPORT, FULL
from defence360agent.feature_management.model import FeatureManagementPerms
from defence360agent.myimunify.model import MyImunify
logger = logging.getLogger(__name__)
PERMISSIONS = (
MS_VIEW,
MS_CLEAN,
MS_CLEAN_REQUIRES_MYIMUNIFY_PROTECTION,
MS_ON_DEMAND_SCAN,
MS_ON_DEMAND_SCAN_WITHOUT_RATE_LIMIT,
MS_IGNORE_LIST_EDIT,
MS_CONFIG_DEFAULT_ACTION_EDIT,
PD_VIEW,
PD_CONFIG_MODE_EDIT,
) = (
"malware_scanner.view",
"malware_scanner.clean",
"malware_scanner.clean_requires_myimunify_protection",
"malware_scanner.on_demand.scan",
"malware_scanner.on_demand.scan_without_rate_limit",
"malware_scanner.ignore_list.edit",
"malware_scanner.config.default_action.edit",
"proactive_defense.view",
"proactive_defense.config.mode.edit",
)
GLOBAL_CONFDIR = Path("/etc/sysconfig/imunify360")
def myimunify_protection_enabled(user: Optional[str] = None) -> bool:
return MyImunify.get_protection(user)
def ms_view(user: Optional[str] = None):
if user is None:
return True
return FeatureManagementPerms.get_perm(user).av in (
AV_REPORT,
FULL,
)
def ms_clean(user: Optional[str] = None):
if LicenseCLN.is_free() or not LicenseCLN.is_valid():
return False
if user is None:
return True
return FeatureManagementPerms.get_perm(user).av == FULL
def ms_clean_requires_myimunify_protection(user: Optional[str] = None):
if MyImunifyConfig.ENABLED:
return myimunify_protection_enabled(user)
return ms_clean(user)
def ms_on_demand_scan(user: Optional[str] = None):
if user is None:
return True
if MyImunifyConfig.ENABLED:
# on-demand scan is available for both Basic and Pro subscriptions
return True
return PermissionsConfig.ALLOW_MALWARE_SCAN
def ms_on_demand_scan_without_rate_limit(
user: Optional[str] = None,
):
if MyImunifyConfig.ENABLED:
return myimunify_protection_enabled(user)
return PermissionsConfig.ALLOW_MALWARE_SCAN
def ms_ignore_list_edit(user: Optional[str] = None):
if user is None:
return True
if MyImunifyConfig.ENABLED:
# so far, MyImunify doesn't allow to the user editing ignore list
return False
return PermissionsConfig.USER_IGNORE_LIST
def ms_config_default_action_edit(user: Optional[str] = None):
if user is None:
return True
if MyImunifyConfig.ENABLED:
# so far, MyImunify doesn't allow to the user
# editing default malware action
return False
return PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS
def pd_view(user: Optional[str] = None):
if user is None:
return True
return FeatureManagementPerms.get_perm(user).proactive == FULL
def pd_config_mode_edit(user: Optional[str] = None):
if user is None:
return True
if MyImunifyConfig.ENABLED:
return False
return PermissionsConfig.USER_OVERRIDE_PROACTIVE_DEFENSE
HAS_PERMISSION = {
MS_VIEW: ms_view,
MS_CLEAN: ms_clean,
MS_CLEAN_REQUIRES_MYIMUNIFY_PROTECTION: (
ms_clean_requires_myimunify_protection
),
MS_ON_DEMAND_SCAN: ms_on_demand_scan,
MS_ON_DEMAND_SCAN_WITHOUT_RATE_LIMIT: ms_on_demand_scan_without_rate_limit,
MS_IGNORE_LIST_EDIT: ms_ignore_list_edit,
MS_CONFIG_DEFAULT_ACTION_EDIT: ms_config_default_action_edit,
PD_VIEW: pd_view,
PD_CONFIG_MODE_EDIT: pd_config_mode_edit,
}
def has_permission(permission, user):
return HAS_PERMISSION[permission](user)
def check_permission(permission, user) -> None:
if not HAS_PERMISSION[permission](user):
raise PermissionError("notifications.generalPermissionError")
def permissions_list(user):
return [
permission
for permission in PERMISSIONS
if has_permission(permission, user)
]