def search_resources_perms_principals(self, resource, resources_actions, scope_id=None): UserModel = get_user_model() user_ids = UserModel.objects.all().values_list('username', falt=True) principals = [{ 'principal_type': 'user', 'principal_id': uid } for uid in user_ids] actions = [] for resource_action in resources_actions: action = { 'action_id': resource_action['action_id'], 'resource_type': resource.rtype, 'principals': principals } instance = resource_action.get('instance') if instance: action['resource_id'] = utils.resource_id_for( resource, instance) actions.append(action) return AuthOperationResult(result=True, code=0, message='success', data=actions)
def update_instance(self, resource, instance, scope_id=None): return self.client.update_resource( scope_type=resource.scope_type, scope_id=self.__real_scope_id(resource, instance, scope_id), resource_type=resource.rtype, resource_id=resource_id_for(resource, instance), resource_name=resource.resource_name(instance))
def register_instance(self, resource, instance, scope_id=None): return self.client.register_resource( creator_type=resource.creator_type(instance), creator_id=resource.creator_id(instance), scope_type=resource.scope_type, scope_id=self.__real_scope_id(resource, instance, scope_id), resource_type=resource.rtype, resource_name=resource.resource_name(instance), resource_id=resource_id_for(resource, instance))
def test_resource_id_for__no_parent(self): resource = MagicMock() resource.parent = None resource.rtype = 'child' resource.resource_id = MagicMock(return_value='child_id') instance = MagicMock() self.assertEqual(utils.resource_id_for(resource, instance), [{'resource_type': 'child', 'resource_id': 'child_id'}])
def test_resource_id_for__with_parent(self): parent_resource = MagicMock() parent_resource.parent = None parent_resource.rtype = 'parent' parent_resource.resource_id = MagicMock(return_value='parent_id') child_resource = MagicMock() child_resource.parent = parent_resource child_resource.rtype = 'child' child_resource.resource_id = MagicMock(return_value='child_id') instance = MagicMock() self.assertEqual(utils.resource_id_for(child_resource, instance), [{'resource_type': 'parent', 'resource_id': 'parent_id'}, {'resource_type': 'child', 'resource_id': 'child_id'}])
def batch_delete_instance(self, resource, instances, scope_id=None): if not instances: raise ValueError('can not batch delete a empty instances list') iam_resources = [{ 'scope_type': resource.scope_type, 'scope_id': self.__real_scope_id(resource, instance, scope_id), 'resource_type': resource.rtype, 'resource_id': resource_id_for(resource, instance), 'resource_name': resource.resource_name(instance) } for instance in instances] return self.client.batch_delete_resource(resources=iam_resources)
def verify_perms(self, resource, principal_type, principal_id, action_ids, instance=None, scope_id=None): actions = [] for action_id in action_ids: action = {'action_id': action_id, 'resource_type': resource.rtype} if resource.is_instance_related_action(action_id) and instance: action['resource_id'] = resource_id_for(resource, instance) actions.append(action) return self.client.batch_verify_resources_perms( principal_type=principal_type, principal_id=principal_id, scope_type=resource.scope_type, scope_id=self.__real_scope_id(resource, instance, scope_id), resources_actions=actions)
def batch_register_instance(self, resource, instances, scope_id=None): if not instances: raise ValueError('can not batch register a empty instances list') iam_resources = [{ 'scope_type': resource.scope_type, 'scope_id': self.__real_scope_id(resource, instance, scope_id), 'resource_type': resource.rtype, 'resource_id': resource_id_for(resource, instance), 'resource_name': resource.resource_name(instance) } for instance in instances] return self.client.batch_register_resource( creator_type=resource.creator_type(instances[0]), creator_id=resource.creator_id(instances[0]), resources=iam_resources)
def search_resources_perms_principals(self, resource, resources_actions, scope_id=None): actions = [] for resource_action in resources_actions: action = { 'action_id': resource_action['action_id'], 'resource_type': resource.rtype } instance = resource_action.get('instance') if instance: action['resource_id'] = resource_id_for(resource, instance) scope_id = self.__real_scope_id(resource, instance, scope_id) actions.append(action) return self.client.search_resources_perms_principals( scope_type=resource.scope_type, scope_id=scope_id, resources_actions=actions)
def delete_instance(self, resource, instance, scope_id=None): return self.client.delete_resource( scope_type=resource.scope_type, scope_id=self.__real_scope_id(resource, instance, scope_id), resource_type=resource.rtype, resource_id=resource_id_for(resource, instance))