|
2 | 2 | """ |
3 | 3 | # Copyright (c) Jupyter Development Team. |
4 | 4 | # Distributed under the terms of the Modified BSD License. |
| 5 | +import warnings |
5 | 6 | from functools import wraps |
6 | 7 | from typing import Callable |
7 | 8 | from typing import Optional |
|
13 | 14 | from .utils import HTTP_METHOD_TO_AUTH_ACTION |
14 | 15 |
|
15 | 16 |
|
| 17 | +def raise_no_authorizer_warning(): |
| 18 | + warnings.warn( |
| 19 | + "The Tornado web application does not have an 'authorizer' defined " |
| 20 | + "in its settings. In future releases of jupyter_server, this will " |
| 21 | + "be a required key for all subclasses of `JupyterHandler`. For an " |
| 22 | + "example, see the jupyter_server source code for how to " |
| 23 | + "add an authorizer to the tornado settings: " |
| 24 | + "https://github.com/jupyter-server/jupyter_server/blob/" |
| 25 | + "653740cbad7ce0c8a8752ce83e4d3c2c754b13cb/jupyter_server/serverapp.py" |
| 26 | + "#L234-L256", |
| 27 | + # stacklevel=2 |
| 28 | + ) |
| 29 | + |
| 30 | + |
16 | 31 | def authorized( |
17 | 32 | action: Optional[Union[str, Callable]] = None, |
18 | 33 | resource: Optional[str] = None, |
@@ -61,7 +76,11 @@ def inner(self, *args, **kwargs): |
61 | 76 | raise HTTPError(status_code=403, log_message=message) |
62 | 77 | # If the user is allowed to do this action, |
63 | 78 | # call the method. |
64 | | - if self.authorizer.is_authorized(self, user, action, resource): |
| 79 | + if not self.authorizer: |
| 80 | + with warnings.catch_warnings(): |
| 81 | + warnings.simplefilter("once") |
| 82 | + raise_no_authorizer_warning() |
| 83 | + elif self.authorizer.is_authorized(self, user, action, resource): |
65 | 84 | return method(self, *args, **kwargs) |
66 | 85 | # else raise an exception. |
67 | 86 | else: |
|
0 commit comments