def put(self, id, permission_id):
self.check_permission('update:user@{}'.format(id))
parser = reqparse.RequestParser()
parser.add_argument('action', type=str, location='json')
parser.add_argument('resource_class', type=str, location='json')
parser.add_argument('resource_id', type=int, location='json')
parser.add_argument('granted', type=bool, location='json')
args = parser.parse_args()
user_dao = UserDao(self.db_session())
user = user_dao.retrieve(id=id)
permission_dao = PermissionDao(self.db_session())
permission = permission_dao.retrieve(id=permission_id)
if permission.principal != user:
raise PermissionNotAssignedToUserException(permission.to_str(),
user.username)
if args['action'] != permission.action:
permission.action = args['action']
if args['resource_class'] != permission.resource_class:
permission.resource_class = args['resource_class']
if args['resource_id'] != permission.resource_id:
permission.resource_id = args['resource_id']
if args['granted'] != permission.granted:
permission.granted = args['granted']
permission_dao.save(permission)
return permission.to_dict(), 200
def get(self, id, permission_id):
self.check_admin()
user_dao = UserDao(self.db_session())
user = user_dao.retrieve(id=id)
permission_dao = PermissionDao(self.db_session())
permission = permission_dao.retrieve(id=permission_id)
if permission.principal != user:
raise PermissionNotAssignedToUserException(permission.to_str(),
user.username)
return permission.to_dict(), 200
def delete(self, id, permission_id):
self.check_admin()
user_group_dao = UserGroupDao(self.db_session())
user_group = user_group_dao.retrieve(id=id)
permission_dao = PermissionDao(self.db_session())
permission = permission_dao.retrieve(id=permission_id)
if permission.principal != user_group:
raise PermissionNotAssignedToUserGroupException(
permission.to_str(), user_group.name)
permission_dao.delete(permission_dao)
return {}, 204
def post(self, id):
self.check_admin()
parser = reqparse.RequestParser()
parser.add_argument('action', type=str, required=True, location='json')
parser.add_argument('resource_class',
type=str,
required=True,
location='json')
parser.add_argument('resource_id', type=int, location='json')
parser.add_argument('granted', type=bool, location='json')
args = parser.parse_args()
user_dao = UserDao(self.db_session())
user = user_dao.retrieve(id=id)
args['principal'] = user
permission_dao = PermissionDao(self.db_session())
permission = permission_dao.create(**args)
return permission.to_dict(), 201
def add_permission(principal, permission):
# First check whether principal already has this permission or
# a permission with wider scope. If so, there's no need to create
# smaller-scope permission.
if has_permission(principal, permission):
return
# Extract permission fields from permission string
resource_id = None
action, resource_class = permission.split(':')
if '@' in resource_class:
resource_class, resource_id = resource_class.split('@')
# Create argument dictionary
args = dict()
args['action'] = action
args['resource_class'] = resource_class
args['resource_id'] = resource_id
args['principal'] = principal
# Create permission
permission_dao = PermissionDao(g.db_session)
permission_dao.create(**args)