def url_script(request):
"""
Returns to a mist authenticated user,
a self-auth/signed url for fetching a script's file.
READ permission required on script.
---
script_id:
in: path
required: true
type: string
"""
auth_context = auth_context_from_request(request)
script_id = request.matchdict['script_id']
try:
Script.objects.get(owner=auth_context.owner,
id=script_id, deleted=None)
except Script.DoesNotExist:
raise NotFoundError('Script does not exist.')
# SEC require READ permission on script
auth_context.check_perm('script', 'read', script_id)
# build HMAC and inject into the `curl` command
hmac_params = {'action': 'fetch_script', 'object_id': script_id}
expires_in = 60 * 15
mac_sign(hmac_params, expires_in)
url = "%s/api/v1/fetch" % config.CORE_URI
encode_params = urllib.urlencode(hmac_params)
r_url = url + '?' + encode_params
return r_url
评论列表
文章目录
