def parse_item(self):
""" get parent object """
# pylint: disable=protected-access
if self.raw_value == "":
self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name)
return None
slug = self.raw_value
obj = self.new_objects.get(self.parent, {}).get(slug)
if obj is None:
obj = self.parent.query.filter(self.parent.slug == slug).first()
if obj is None:
self.add_error(errors.UNKNOWN_OBJECT,
object_type=self.parent._inflector.human_singular.title(),
slug=slug)
return None
context_id = None
if hasattr(obj, "context_id") and \
hasattr(self.row_converter.obj, "context_id"):
context_id = obj.context_id
if context_id is not None:
name = self.row_converter.obj.__class__.__name__
if not permissions.is_allowed_create(name, None, context_id) \
and not permissions.has_conditions('create', name):
self.add_error(errors.MAPPING_PERMISSION_ERROR,
object_type=obj.type, slug=slug)
return None
return obj
def parse_item(self):
""" get parent object """
# pylint: disable=protected-access
if self.raw_value == "":
self.add_error(errors.MISSING_VALUE_ERROR,
column_name=self.display_name)
return None
slug = self.raw_value
obj = self.new_objects.get(self.parent, {}).get(slug)
if obj is None:
obj = self.parent.query.filter(self.parent.slug == slug).first()
if obj is None:
self.add_error(
errors.UNKNOWN_OBJECT,
object_type=self.parent._inflector.human_singular.title(),
slug=slug)
return None
context_id = None
if hasattr(obj, "context_id") and \
hasattr(self.row_converter.obj, "context_id"):
context_id = obj.context_id
if context_id is not None:
name = self.row_converter.obj.__class__.__name__
if not permissions.is_allowed_create(name, None, context_id) \
and not permissions.has_conditions('create', name):
self.add_error(errors.MAPPING_PERMISSION_ERROR,
object_type=obj.type,
slug=slug)
return None
return obj
def contribute_to_program_view(sender, obj=None, context=None):
if obj.context_id != None and \
permissions.is_allowed_read('Role', 1) and \
permissions.is_allowed_read('UserRole', obj.context_id) and \
permissions.is_allowed_create('UserRole', obj.context_id) and \
permissions.is_allowed_update('UserRole', obj.context_id) and \
permissions.is_allowed_delete('UserRole', obj.context_id):
return 'permissions/programs/_role_assignments.haml'
return None
def contribute_to_program_view(sender, obj=None, context=None):
if obj.context_id is not None and \
rbac_permissions.is_allowed_read('Role', None, 1) and \
rbac_permissions.is_allowed_read('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_create('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_update('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_delete('UserRole', None, obj.context_id):
return 'permissions/programs/_role_assignments.haml'
return None
def handle_model_clone(cls, query):
"""Process cloning of objects.
Args:
query: Dict with parameters for cloning procedure. It should have
following structure:
{
"sourceObjectIds": [1, 2],
"destination": {"type": "Audit", "id": 2}, # optional
"mappedObjects":[] # optional
}.
Returns:
Response with status code 200 in case of success and 400 if provided
parameters are invalid.
"""
source_objs, destination, mapped_types = cls._parse_query(query)
clonned_objs = {}
for source_obj in source_objs:
if (
not permissions.is_allowed_read_for(source_obj) or
not permissions.is_allowed_create(
source_obj.type, source_obj.id, destination.context_id
)
):
raise exceptions.Forbidden()
clonned_objs[source_obj] = cls._copy_obj(source_obj, destination)
for target, mapped_obj in cls._collect_mapped(source_objs, mapped_types):
clonned_objs[mapped_obj] = cls._copy_obj(mapped_obj, target)
cls._set_parent_context(clonned_objs.values(), destination)
db.session.flush()
for source, clonned in clonned_objs.items():
cls._clone_cads(source, clonned)
if clonned_objs:
db.session.add(log_event(db.session, flush=False))
db.session.commit()
from ggrc.query import views
collections = []
if cls.RETURN_OBJ_JSON:
for obj in clonned_objs:
collections.append(
views.build_collection_representation(cls, obj.log_json())
)
return views.json_success_response(collections, datetime.datetime.utcnow())
def relationship_condition(instance, action, property_name, **_):
if getattr(instance, 'context') is not None:
context_id = getattr(instance.context, 'id')
else:
context_id = None
for prop in property_name.split(','):
obj = getattr(instance, prop)
if context_id is not None and \
getattr(obj, 'context') is not None and \
getattr(obj.context, 'id') == context_id and \
is_allowed_create('Relationship', None, context_id):
return True
# Mapping a person does not require a permission check on the Person object
if isinstance(obj, Person):
continue
if not find_permissions()._is_allowed_for(obj, action):
return False
return True
def relationship_condition(instance, action, property_name, **_):
if getattr(instance, 'context') is not None:
context_id = getattr(instance.context, 'id')
else:
context_id = None
for prop in property_name.split(','):
obj = getattr(instance, prop)
if context_id is not None and \
getattr(obj, 'context') is not None and \
getattr(obj.context, 'id') == context_id and \
is_allowed_create('Relationship', None, context_id):
return True
# Mapping a person does not require a permission check on the Person object
if isinstance(obj, Person):
continue
if not find_permissions()._is_allowed_for(obj, action):
return False
return True
def handle_create(self, obj, src):
"""Do NOTHING by default"""
pass
def collection_post(self):
if self.request.headers["Content-Type"] != "application/json":
return current_app.make_response(("Content-Type must be application/json", 415, []))
obj = self.model()
src = UnicodeSafeJsonWrapper(self.request.json)
root_attribute = self.model._inflector.table_singular
try:
src = src[root_attribute]
except KeyError, e:
return current_app.make_response(('Required attribute "{0}" not found'.format(root_attribute), 400, []))
if not permissions.is_allowed_create(self.model.__name__, self.get_context_id_from_json(src)):
raise Forbidden()
if src.get("private") == True and src.get("context") is not None and src["context"].get("id") is not None:
raise BadRequest('context MUST be "null" when creating a private resource.')
elif "context" not in src:
raise BadRequest("context MUST be specified.")
else:
if not permissions.is_allowed_create(self.model.__name__, self.get_context_id_from_json(src)):
raise Forbidden()
self.json_create(obj, src)
self.model_posted.send(obj.__class__, obj=obj, src=src, service=self)
obj.modified_by_id = get_current_user_id()
db.session.add(obj)
log_event(db.session, obj)
db.session.commit()
get_indexer().create_record(fts_record_for(obj))
def collection_post(self):
if self.request.headers['Content-Type'] != 'application/json':
return current_app.make_response((
'Content-Type must be application/json', 415,[]))
obj = self.model()
src = UnicodeSafeJsonWrapper(self.request.json)
root_attribute = self.model._inflector.table_singular
try:
src = src[root_attribute]
except KeyError, e:
return current_app.make_response((
'Required attribute "{0}" not found'.format(root_attribute), 400, []))
if 'context_id' not in src:
raise BadRequest('context_id MUST be specified.')
if not permissions.is_allowed_create(
self.model.__name__, src['context_id']):
raise Forbidden()
ggrc.builder.json.create(obj, src)
#FIXME Fake the modified_by_id until we have that information in session.
obj.modified_by_id = get_current_user_id()
db.session.add(obj)
db.session.commit()
get_indexer().create_record(fts_record_for(obj))
return self.json_success_response(
self.object_for_json(obj), self.modified_at(obj), id=obj.id, status=201)
@classmethod
def add_to(cls, app, url, model_class=None, decorators=()):
if model_class:
service_class = type(model_class.__name__, (Resource,), {
'_model': model_class,
def collection_post(self):
if self.request.headers['Content-Type'] != 'application/json':
return current_app.make_response(
('Content-Type must be application/json', 415, []))
obj = self.model()
src = UnicodeSafeJsonWrapper(self.request.json)
root_attribute = self.model._inflector.table_singular
try:
src = src[root_attribute]
except KeyError, e:
return current_app.make_response(
('Required attribute "{0}" not found'.format(root_attribute),
400, []))
if 'context_id' not in src:
raise BadRequest('context_id MUST be specified.')
if not permissions.is_allowed_create(self.model.__name__,
src['context_id']):
raise Forbidden()
ggrc.builder.json.create(obj, src)
#FIXME Fake the modified_by_id until we have that information in session.
obj.modified_by_id = get_current_user_id()
db.session.add(obj)
db.session.commit()
get_indexer().create_record(fts_record_for(obj))
return self.json_success_response(self.object_for_json(obj),
self.modified_at(obj),
id=obj.id,
status=201)
@classmethod
def add_to(cls, app, url, model_class=None, decorators=()):
if model_class:
