def bulk_children_gen_allowed(obj): """Check if user has permissions to synchronize issuetracker issue. Args: obj: Assessment instance for which issue should be generated/updated. Returns: True if it's allowed, False if not allowed. """ return all([ permissions.is_allowed_update_for(obj), permissions.is_allowed_update_for(obj.audit) ])
def _get_objects(self, object_query): """Get a set of objects described in the filters.""" object_name = object_query["object_name"] expression = object_query.get("filters", {}).get("expression") if expression is None: return set() object_class = self.object_map[object_name] query = object_class.query filter_expression = self._build_expression( expression, object_class, object_query.get('fields', []), ) if filter_expression is not None: query = query.filter(filter_expression) if object_query.get("order_by"): query = self._apply_order_by( object_class, query, object_query["order_by"], ) requested_permissions = object_query.get("permissions", "read") if requested_permissions == "update": objs = [o for o in query if permissions.is_allowed_update_for(o)] else: objs = [o for o in query if permissions.is_allowed_read_for(o)] return objs
def parse_item(self): """Parse a list of slugs to be mapped. Parse a new line separated list of slugs and check if they are valid objects. Returns: list of objects. During dry_run, the list can contain a slug instead of an actual object if that object will be generated in the current import. """ # pylint: disable=protected-access class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: is_allowed_by_type = self._is_allowed_mapping_by_type( source_type=self.row_converter.obj.__class__.__name__, destination_type=class_.__name__, ) if not is_allowed_by_type: self._add_mapping_warning( source=self.row_converter.obj, destination=obj, ) continue if not permissions.is_allowed_update_for(obj): self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) continue if isinstance(self.row_converter.obj, WithCustomRestrictions): if self.row_converter.obj.is_mapping_restricted(obj): self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title( ), slug=slug, ) continue objects.append(obj) elif slug in self.new_slugs and not self.dry_run: objects.append(self.new_slugs[slug]) elif slug in self.new_slugs and self.dry_run: objects.append(slug) else: self.add_warning( errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug) if self.mandatory and not objects and self.row_converter.is_new: self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return objects
def parse_item(self): """Parse a list of slugs to be mapped. Parse a new line separated list of slugs and check if they are valid objects. Returns: list of objects. During dry_run, the list can contain a slug instead of an actual object if that object will be generated in the current import. """ class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: if permissions.is_allowed_update_for(obj): objects.append(obj) else: self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) elif slug in self.new_slugs and self.dry_run: objects.append(slug) else: self.add_warning(errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug) if self.mandatory and not objects: self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return objects
def get_object_by_key(self, key="slug"): """ Get object if the slug is in the system or return a new object """ value = self.get_value(key) self.is_new = False if value: obj = self.find_by_key(key, value) if not value or not obj: # We assume that 'get_importables()' returned value contains # names of the objects that cannot be created via import but # can be updated. if self.block_converter.class_name.lower() not in get_importables( ): self.add_error(errors.CREATE_INSTANCE_ERROR) obj = self.object_class() self.is_new = True elif not permissions.is_allowed_update_for(obj): self.ignore = True self.add_error(errors.PERMISSION_ERROR) elif self._has_readonly_access(obj): self._is_obj_readonly = True self.initial_state = dump_attrs(obj) return obj
def get_object_by_key(self, key="slug"): """ Get object if the slug is in the system or return a new object """ value = self.get_value(key) self.is_new = False if value: obj = self.find_by_key(key, value) if not value or not obj: # We assume that 'get_importables()' returned value contains # names of the objects that cannot be created via import but # can be updated. if self.block_converter.class_name.lower() not in get_importables() and \ not self._check_object_is_external(): self.add_error(errors.CREATE_INSTANCE_ERROR) obj = self.object_class() self.is_new = True elif not permissions.is_allowed_update_for(obj): self.ignore = True self.add_error(errors.PERMISSION_ERROR) elif self._has_readonly_access(obj): self._is_obj_readonly = True self.initial_state = dump_attrs(obj) return obj
def bulk_sync_allowed(obj): """Check if user has permissions to synchronize issuetracker issue. Args: obj: instance for which issue should be generated/updated. Returns: True if it's allowed, False if not allowed. """ return permissions.is_allowed_update_for(obj)
def get_object_by_key(self, key="slug"): """ Get object if the slug is in the system or return a new object """ value = self.get_value(key) self.is_new = False obj = self.find_by_key(key, value) if not obj: obj = self.object_class() self.is_new = True elif not permissions.is_allowed_update_for(obj): self.ignore = True self.add_error(errors.PERMISSION_ERROR) return obj
def parse_item(self): """Parse a list of slugs to be mapped. Parse a new line separated list of slugs and check if they are valid objects. Returns: list of objects. During dry_run, the list can contain a slug instead of an actual object if that object will be generated in the current import. """ # pylint: disable=protected-access class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: is_allowed_by_type = self._is_allowed_mapping_by_type( source_type=self.row_converter.obj.__class__.__name__, destination_type=class_.__name__, ) if not is_allowed_by_type: self._add_mapping_warning( source=self.row_converter.obj, destination=obj, ) continue if not permissions.is_allowed_update_for(obj): self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) continue objects.append(obj) elif slug in self.new_slugs and not self.dry_run: objects.append(self.new_slugs[slug]) elif slug in self.new_slugs and self.dry_run: objects.append(slug) else: self.add_warning( errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug ) if self.mandatory and not objects and self.row_converter.is_new: self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return objects
def parse_item(self): """Parse a list of slugs to be mapped. Parse a new line separated list of slugs and check if they are valid objects. Returns: list of objects. During dry_run, the list can contain a slug instead of an actual object if that object will be generated in the current import. """ # pylint: disable=protected-access from ggrc.snapshotter.rules import Types # TODO add a proper warning here! # This is just a hack to prevent wrong mappings to assessments or issues. if self.mapping_object.__name__ in Types.scoped | Types.parents and \ not self.allow: if self.raw_value: self.add_warning(errors.EXPORT_ONLY_WARNING, column_name=self.display_name) return [] class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: if permissions.is_allowed_update_for(obj): objects.append(obj) else: self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) elif slug in self.new_slugs and not self.dry_run: objects.append(self.new_slugs[slug]) elif slug in self.new_slugs and self.dry_run: objects.append(slug) else: self.add_warning( errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug) if self.mandatory and not objects and self.row_converter.is_new: self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return objects
def _ensure_has_permissions(obj): """Ensure user has permissions, otherwise raise error""" model_name = obj.__class__.__name__ if permissions.is_allowed_update(model_name, obj.id, obj.context_id): return if permissions.has_conditions('update', model_name): return if permissions.is_allowed_update_for(obj): return raise exceptions.Forbidden()
def _ensure_has_permissions(obj): """Ensure user has permissions, otherwise raise error""" model_name = obj.__class__.__name__ if permissions.is_allowed_update(model_name, obj.id, obj.context_id): return if permissions.has_conditions('update', model_name): return if permissions.is_allowed_update_for(obj): return raise exceptions.Forbidden()
def parse_item(self): """Parse a list of slugs to be mapped. Parse a new line separated list of slugs and check if they are valid objects. Returns: list of objects. During dry_run, the list can contain a slug instead of an actual object if that object will be generated in the current import. """ # pylint: disable=protected-access from ggrc.snapshotter.rules import Types # TODO add a proper warning here! # This is just a hack to prevent wrong mappings to assessments or issues. if self.mapping_object.__name__ in Types.scoped | Types.parents and \ not self.allow: if self.raw_value: self.add_warning(errors.EXPORT_ONLY_WARNING, column_name=self.display_name) return [] class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: if permissions.is_allowed_update_for(obj): objects.append(obj) else: self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) elif slug in self.new_slugs and not self.dry_run: objects.append(self.new_slugs[slug]) elif slug in self.new_slugs and self.dry_run: objects.append(slug) else: self.add_warning(errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug) if self.mandatory and not objects and self.row_converter.is_new: self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return objects
def parse_item(self): """ Remove multiple spaces and new lines from text """ class_ = self.mapping_object lines = set(self.raw_value.splitlines()) slugs = set([slug.lower() for slug in lines if slug.strip()]) objects = [] for slug in slugs: obj = class_.query.filter_by(slug=slug).first() if obj: if permissions.is_allowed_update_for(obj): objects.append(obj) else: self.add_warning( errors.MAPPING_PERMISSION_ERROR, object_type=class_._inflector.human_singular.title(), slug=slug, ) elif not (slug in self.new_slugs and self.dry_run): self.add_warning(errors.UNKNOWN_OBJECT, object_type=class_._inflector.human_singular.title(), slug=slug) return objects