From 0b9bd1a842aebe2111876e7107eaab9be29ea687 Mon Sep 17 00:00:00 2001
From: Jan Mach <jan.mach@cesnet.cz>
Date: Wed, 10 Jun 2020 09:40:06 +0200
Subject: [PATCH] Removed unnecessary authorization checks.
Requiring any user role is the same as requiring user to be authenticated, so these checks were unnecessary.
---
lib/hawat/blueprints/dbstatus/__init__.py | 6 ------
lib/hawat/blueprints/dnsr/__init__.py | 2 --
lib/hawat/blueprints/events/__init__.py | 10 ----------
lib/hawat/blueprints/geoip/__init__.py | 2 --
lib/hawat/blueprints/nerd/__init__.py | 2 --
lib/hawat/blueprints/pdnsr/__init__.py | 2 --
lib/hawat/blueprints/performance/__init__.py | 6 ------
lib/hawat/blueprints/reports/__init__.py | 6 ------
lib/hawat/blueprints/timeline/__init__.py | 4 ----
lib/hawat/blueprints/whois/__init__.py | 2 --
10 files changed, 42 deletions(-)
diff --git a/lib/hawat/blueprints/dbstatus/__init__.py b/lib/hawat/blueprints/dbstatus/__init__.py
index 18fde464..a0952508 100644
--- a/lib/hawat/blueprints/dbstatus/__init__.py
+++ b/lib/hawat/blueprints/dbstatus/__init__.py
@@ -163,8 +163,6 @@ class MyQueriesView(HTMLMixin, PsycopgMixin, SimpleView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'queries_my'
@@ -226,8 +224,6 @@ class QueryStatusView(AJAXMixin, PsycopgMixin, RenderableView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'query-status'
@@ -286,8 +282,6 @@ class AbstractQueryStopView(PsycopgMixin, RenderableView): # pylint: disable=lo
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_icon(cls):
return 'action-stop'
diff --git a/lib/hawat/blueprints/dnsr/__init__.py b/lib/hawat/blueprints/dnsr/__init__.py
index aa919fdc..a4cc0774 100644
--- a/lib/hawat/blueprints/dnsr/__init__.py
+++ b/lib/hawat/blueprints/dnsr/__init__.py
@@ -74,8 +74,6 @@ class AbstractSearchView(RenderableView): # pylint: disable=locally-disabled,ab
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search DNS')
diff --git a/lib/hawat/blueprints/events/__init__.py b/lib/hawat/blueprints/events/__init__.py
index 09ea9ae4..bd71ddc6 100644
--- a/lib/hawat/blueprints/events/__init__.py
+++ b/lib/hawat/blueprints/events/__init__.py
@@ -78,8 +78,6 @@ class AbstractSearchView(PsycopgMixin, BaseSearchView): # pylint: disable=local
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search event database')
@@ -173,8 +171,6 @@ class AbstractShowView(PsycopgMixin, ItemShowView): # pylint: disable=locally-d
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Show event')
@@ -231,8 +227,6 @@ class DownloadView(PsycopgMixin, BaseView):
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'download'
@@ -293,8 +287,6 @@ class AbstractDashboardView(SQLAlchemyMixin, BaseSearchView): # pylint: disable
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_icon(cls):
return 'module-{}'.format(BLUEPRINT_NAME)
@@ -407,8 +399,6 @@ class APIMetadataView(AJAXMixin, SimpleView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
methods = ['GET','POST']
@classmethod
diff --git a/lib/hawat/blueprints/geoip/__init__.py b/lib/hawat/blueprints/geoip/__init__.py
index f6c42d8a..02dd10c8 100644
--- a/lib/hawat/blueprints/geoip/__init__.py
+++ b/lib/hawat/blueprints/geoip/__init__.py
@@ -78,8 +78,6 @@ class AbstractSearchView(RenderableView): # pylint: disable=locally-disabled,ab
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search GeoIP')
diff --git a/lib/hawat/blueprints/nerd/__init__.py b/lib/hawat/blueprints/nerd/__init__.py
index be96f1f3..07b9e450 100644
--- a/lib/hawat/blueprints/nerd/__init__.py
+++ b/lib/hawat/blueprints/nerd/__init__.py
@@ -75,8 +75,6 @@ class AbstractSearchView(RenderableView): # pylint: disable=locally-disabled,ab
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search NERD')
diff --git a/lib/hawat/blueprints/pdnsr/__init__.py b/lib/hawat/blueprints/pdnsr/__init__.py
index ae38a490..83dc4d78 100644
--- a/lib/hawat/blueprints/pdnsr/__init__.py
+++ b/lib/hawat/blueprints/pdnsr/__init__.py
@@ -75,8 +75,6 @@ class AbstractSearchView(RenderableView): # pylint: disable=locally-disabled,ab
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search PassiveDNS')
diff --git a/lib/hawat/blueprints/performance/__init__.py b/lib/hawat/blueprints/performance/__init__.py
index 2a2f92d9..39e597b7 100644
--- a/lib/hawat/blueprints/performance/__init__.py
+++ b/lib/hawat/blueprints/performance/__init__.py
@@ -41,8 +41,6 @@ class ViewView(HTMLMixin, SimpleView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'view'
@@ -98,8 +96,6 @@ class DataView(FileNameView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'data'
@@ -119,8 +115,6 @@ class RRDDBView(FileNameView):
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'rrds'
diff --git a/lib/hawat/blueprints/reports/__init__.py b/lib/hawat/blueprints/reports/__init__.py
index 7bd2075c..df705246 100644
--- a/lib/hawat/blueprints/reports/__init__.py
+++ b/lib/hawat/blueprints/reports/__init__.py
@@ -105,8 +105,6 @@ class SearchView(HTMLMixin, SQLAlchemyMixin, BaseSearchView): # pylint: disable
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_icon(cls):
return 'module-{}'.format(cls.module_name)
@@ -387,8 +385,6 @@ class DashboardView(HTMLMixin, SQLAlchemyMixin, BaseSearchView): # pylint: disa
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'dashboard'
@@ -523,8 +519,6 @@ class FeedbackView(AJAXMixin, RenderableView):
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_name(cls):
return 'feedback'
diff --git a/lib/hawat/blueprints/timeline/__init__.py b/lib/hawat/blueprints/timeline/__init__.py
index 765a8f81..56445bf2 100644
--- a/lib/hawat/blueprints/timeline/__init__.py
+++ b/lib/hawat/blueprints/timeline/__init__.py
@@ -102,8 +102,6 @@ class AbstractSearchView(PsycopgMixin, CustomSearchView): # pylint: disable=loc
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
url_params_unsupported = ('page', 'sortby')
@classmethod
@@ -380,8 +378,6 @@ class AbstractLegacySearchView(PsycopgMixin, BaseSearchView): # pylint: disable
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
url_params_unsupported = ('page', 'limit', 'sortby')
@classmethod
diff --git a/lib/hawat/blueprints/whois/__init__.py b/lib/hawat/blueprints/whois/__init__.py
index 4c7244d3..6d4be189 100644
--- a/lib/hawat/blueprints/whois/__init__.py
+++ b/lib/hawat/blueprints/whois/__init__.py
@@ -81,8 +81,6 @@ class AbstractSearchView(RenderableView): # pylint: disable=locally-disabled,ab
"""
authentication = True
- authorization = [vial.acl.PERMISSION_ANY]
-
@classmethod
def get_view_title(cls, **kwargs):
return lazy_gettext('Search local WHOIS')
--
GitLab