deckhand.policy module¶

deckhand.policy.authorize(action)[source]¶

Verifies whether a policy action can be performed given the credentials found in the falcon request context.

Parameters:	action – The policy action to enforce.
Returns:	`True` if policy enforcement succeeded, else `False`.
Raises:	falcon.HTTPForbidden if policy enforcement failed or if the policy action isn’t registered under `deckhand.policies`.

deckhand.policy.conditional_authorize(action, context, do_raise=True)[source]¶

Conditionally authorize a policy action.

Parameters:	action – The policy action to enforce. context – The falcon request context object. do_raise – Whether to raise the exception if policy enforcement fails. `True` by default.
Raises:	falcon.HTTPForbidden if policy enforcement failed or if the policy action isn’t registered under `deckhand.policies`.

Example:

# If any requested documents' metadata.storagePolicy == 'cleartext'.
if cleartext_documents:
    policy.conditional_authorize('deckhand:create_cleartext_documents',
                                 req.context)

deckhand.policy.init(policy_file=None, rules=None, default_rule=None, use_conf=True)[source]¶

Init an Enforcer class.

Parameters:	policy_file – Custom policy file to use, if none is specified, `CONF.policy_file` will be used. rules – Default dictionary / Rules to use. It will be considered just in the first instantiation. default_rule – Default rule to use; `CONF.default_rule` will be used if none is specified. use_conf – Whether to load rules from config file.

deckhand.policy.register_rules(enforcer)[source]¶

deckhand.policy.reset()[source]¶