def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
permissions.set([(path, operation, policy, exceptions)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except UnknownUserError as error:
# FIXME There could be more than one unknown username, but
# TNoSuchUser can only be passed a single username, so we'll
# only pass the first one. Ideally, we'd be able to pass all
# of them.
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
except UserNotAllowedInExceptionError as error:
raise TInvalidUsername(str(error))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
def run():
tagValues = SecureTagValueAPI(session.auth.user)
objects = SecureObjectAPI(session.auth.user)
objectIDs = self._resolveQuery(session, objects, parsedQuery)
values = []
if tags is None:
# delete all tags user has permissions for
result = objects.getTagsByObjects(objectIDs,
Operation.DELETE_TAG_VALUE)
for objectID, paths in result.iteritems():
for path in paths:
values.append((objectID, path))
else:
# delete only tags requested by user
result = objects.getTagsByObjects(objectIDs)
for objectID, paths in result.iteritems():
for path in paths:
if tags is None or path in tags:
values.append((objectID, path))
if values:
try:
tagValues.delete(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
objects = SecureObjectAPI(session.auth.user)
try:
searchQueries = objects.search(valuesByQuery.keys())
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentTag(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
if operation == Operation.CREATE_OBJECT:
raise TUnauthorized()
else:
raise TNonexistentTag(path_)
# Run queries.
try:
with session.timer.track('index-search'):
result = blockingCallFromThread(reactor, searchQueries.get)
except SearchError as error:
session.log.exception(error)
raise TParseError(query, error.message)
# Build a result set from the searches.
values = {}
for parsedQuery, objectIDs in result.iteritems():
for objectID in objectIDs:
for tagAndValue in valuesByQuery[parsedQuery]:
value = guessValue(tagAndValue.value)
# FIXME: this code sucks, but I rather not having
# to modify guessValue to return a list, as that
# would break other code.
# Hopefully, we'll be able to remove this pretty
# soon.
if isinstance(value, list):
value = [item.decode('utf-8') for item in value]
if objectID not in values:
values[objectID] = {}
values[objectID][tagAndValue.path] = value
# Update values.
if values:
tagValues = SecureTagValueAPI(session.auth.user)
try:
result = tagValues.set(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except MalformedPathError as error:
# FIXME: Modify MalformedPathError to have a path field.
raise TInvalidPath(str(error).encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def createNamespace(self, *args, **kwargs):
"""
Make something (unspecified) appear to go wrong with perms
checking.
@param args: Positional arguments for the new namespace.
@param kwargs: Keyword arguments for the new namespace.
@raise C{TPathPermissionDenied} no matter what.
"""
raise TPathPermissionDenied()
def run():
try:
SecureTagValueAPI(session.auth.user).delete(values)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
value = {path: description}
try:
SecureTagAPI(session.auth.user).set(value)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def run():
try:
SecureUserAPI(session.auth.user).delete([username])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(username)
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except NotEmptyError as error:
session.log.exception(error)
raise TBadRequest("Can't delete user %r because they have "
'data.' % username)
def run():
try:
[(objectID, _)] = SecureUserAPI(session.auth.user).set([
(info.username, info.password, info.name, info.email,
info.role)
])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(info.username.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
return str(objectID)
def run():
secureUserAPI = SecureUserAPI(session.auth.user)
values = [(username, password, name, email)]
try:
[(objectID, _)] = secureUserAPI.create(values)
except MalformedUsernameError as error:
session.log.exception(error)
# This looks weird, but I think it's better to keep only one
# exception for bad usernames in the model layer.
if len(username) > 128:
raise TUsernameTooLong(username.encode('utf-8'))
else:
raise TInvalidUsername(username.encode('utf-8'))
except DuplicateUserError as error:
session.log.exception(error)
raise TUserAlreadyExists(username.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
raise TPathPermissionDenied()
return str(objectID)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
result = permissions.get([(path, operation)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
policy, exceptions = result[(path, operation)]
policy = str(policy).lower()
return TPolicyAndExceptions(policy=policy, exceptions=exceptions)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID
] = [objectID for objectID, path_ in result if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)