def test_permissions_revoke_permissions_by_key(self):
key = ps.add_file_permissions(ndb.Key("fk","rpbk"),ndb.Key("uk","rpbk"),Permissions(True,True,True))
ps.revoke_permissions_by_key(key)
self.assertIsNone(ps.get_permissions_by_key(key))
def file_permissions_edit(request):
authed_user = auth.get_current_user()
if authed_user is None:
return __unauthed_response()
user_key = ps.get_user_key_by_id(authed_user.user_id())
json_response = {
'success' : False
}
action_responses = []
try:
permissions_request = json.loads(request.raw_post_data)
except ValueError:
json_response.update( {'error' : 'Invalid request payload.'} )
return HttpResponse(json.dumps(json_response), content_type="application/json")
if ( ('actions' not in permissions_request)
or ('filename' not in permissions_request)):
json_response.update( {'error' : 'Incomplete request.'} )
return HttpResponse(json.dumps(json_response), content_type="application/json")
filename = permissions_request['filename']
actions = permissions_request['actions']
if not isinstance(actions, list):
json_response.update( {'error' : 'Actions list is not a list.'} )
return HttpResponse(json.dumps(json_response), content_type="application/json")
file_entry = ps.get_file_by_name(DATA_BUCKET + '/' + filename)
if file_entry is None:
json_response.update( { 'error' : 'File does not exist.' } )
return HttpResponse(json.dumps(json_response), content_type="application/json")
fp_entry = ps.get_user_file_permissions(file_entry.key, user_key)
if fp_entry is None:
json_response.update( { 'error' : 'Permission denied.' } )
return HttpResponse(json.dumps(json_response), content_type="application/json")
res = []
for action in actions:
if ( ('action' in action) # Can't do anything without an action name
and ('userEmail' in action)): # Or a user for that matter
user_email = action['userEmail']
action_name = action['action']
response_part = {
'success' : False,
'action' : action,
'userEmail' : user_email
}
share_user_key = ps.get_user_key_by_email(user_email)
if share_user_key is None:
response_part.update( { 'error' : 'User not found.' } )
action_responses.append(response_part)
continue
else:
response_part = {
'success' : False,
'error' : 'Incomplete request.'
}
continue
edit_permissions = ps.get_user_file_permissions(file_entry.key, share_user_key)
if action_name == 'dropUser':
if edit_permissions is None:
response_part.update( { 'error' : 'User does not have permissions for this file.' } )
else:
remove_action = ps.revoke_permissions_by_key(edit_permissions.key)
if remove_action:
response_part.update( { 'success' : True } )
else:
response_part.update( { 'error' : 'Could not revoke permissions.' } )
elif action_name == 'addUser':
if edit_permissions is None:
if ( ('read' not in action)
or ('write' not in action)
or ('fullControl' not in action)):
response_part.update( { 'error' : 'Incomplete action - permissions not specified.'} )
else:
add_action = ps.add_file_permissions(file_entry.key, share_user_key,
Permissions(
action['read'],
action['write'],
action['fullControl']
) )
if add_action:
response_part.update( { 'success' : True } )
else:
response_part.update( { 'error' : 'Could not add user to file.' } )
else:
response_part.update( { 'error' : 'User already has permissions for this file.' } )
elif action_name == 'editUser':
if edit_permissions is not None:
if ( ('read' not in action)
or ('write' not in action)
or ('fullControl' not in action)):
response_part.update( { 'error' : 'Incomplete action - permissions not specified.'} )
else:
edit_action = ps.modify_file_permissions_by_key(edit_permissions.key,
Permissions(
action['read'],
action['write'],
action['fullControl']
) )
if edit_action:
response_part.update( { 'success' : True } )
else:
response_part.update( { 'error' : 'Could not update user permissions.' } )
else:
response_part.update( { 'error' : 'User does not have a permissions entry for this file.' } )
else:
response_part.update( { 'error' : "Action '%s' not recognised."%action_name } )
action_responses.append(response_part)
json_response.update( { 'success' : True, 'actions' : action_responses } )
return HttpResponse(json.dumps(json_response), content_type="application/json")
