def permissions_index(id):
collection = get_db_collection(id, request.authz.WRITE)
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role': role
})
return jsonify({
'total': len(permissions),
'results': PermissionSchema().dump(permissions, many=True)
})
def permissions_index(collection):
request.authz.require(request.authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
permissions = []
roles_seen = set()
for permission in q.all():
if check_visible(permission.role):
permissions.append(permission)
roles_seen.add(permission.role.id)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in Role.all_groups():
if check_visible(role):
if role.id not in roles_seen:
roles_seen.add(role.id)
permissions.append({
'write': False,
'read': False,
'role': role,
'role_id': role.id
})
return jsonify({'total': len(permissions), 'results': permissions})
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
roles = Role.all_groups(request.authz).all()
if request.authz.is_admin:
roles.extend(Role.all_system())
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({'total': len(permissions), 'results': permissions})
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
record_audit(Audit.ACT_COLLECTION, id=id)
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({
'total': len(permissions),
'results': permissions
})
def permissions_index(collection):
authz.require(authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
return jsonify({
'total': q.count(),
'results': q
})
def permissions_index(collection):
request.authz.require(request.authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
permissions = []
for permission in q.all():
if check_visible(permission.role):
permissions.append(permission)
return jsonify({'total': len(permissions), 'results': permissions})
def source_permissions_index(source=None):
authz.require(authz.source_write(source))
q = Permission.all()
q = q.filter(Permission.resource_type == Permission.SOURCE)
q = q.filter(Permission.resource_id == source)
return jsonify({
'total': q.count(),
'results': q
})
def collection_permissions_index(collection=None):
authz.require(authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.resource_type == Permission.COLLECTION)
q = q.filter(Permission.resource_id == collection)
return jsonify({
'total': q.count(),
'results': q
})
def sources(action):
if not hasattr(request, 'auth_sources'):
request.auth_sources = {READ: set(), WRITE: set()}
if is_admin():
for source_id, in Source.all_ids():
request.auth_sources[READ].add(source_id)
request.auth_sources[WRITE].add(source_id)
else:
q = Permission.all()
q = q.filter(Permission.role_id.in_(request.auth_roles))
q = q.filter(Permission.resource_type == Permission.SOURCE)
for perm in q:
if perm.read:
request.auth_sources[READ].add(perm.resource_id)
if perm.write and request.logged_in:
request.auth_sources[WRITE].add(perm.resource_id)
return list(request.auth_sources.get(action, []))
def sources(action):
if not hasattr(request, 'auth_sources'):
request.auth_sources = {READ: set(), WRITE: set()}
if is_admin():
for source_id, in Source.all_ids():
request.auth_sources[READ].add(source_id)
request.auth_sources[WRITE].add(source_id)
else:
q = Permission.all()
q = q.filter(Permission.role_id.in_(request.auth_roles))
q = q.filter(Permission.resource_type == Permission.SOURCE)
for perm in q:
if perm.read:
request.auth_sources[READ].add(perm.resource_id)
if perm.write and request.logged_in:
request.auth_sources[WRITE].add(perm.resource_id)
return list(request.auth_sources.get(action, []))
def collections(action):
if not hasattr(request, 'auth_collections'):
request.auth_collections = {READ: set(), WRITE: set()}
if is_admin():
q = Collection.all_ids().filter(Collection.deleted_at == None) # noqa
for col_id, in q:
request.auth_collections[READ].add(col_id)
request.auth_collections[WRITE].add(col_id)
else:
q = Permission.all()
q = q.filter(Permission.role_id.in_(request.auth_roles))
q = q.filter(Permission.collection_id != None) # noqa
for perm in q:
if perm.read or perm.write:
request.auth_collections[READ].add(perm.collection_id)
if perm.write and request.logged_in:
request.auth_collections[WRITE].add(perm.collection_id)
return list(request.auth_collections.get(action, []))
def collections(action):
if not hasattr(request, 'auth_collections'):
request.auth_collections = {READ: set(), WRITE: set()}
if is_admin():
q = Collection.all_ids().filter(
Collection.deleted_at == None) # noqa
for col_id, in q:
request.auth_collections[READ].add(col_id)
request.auth_collections[WRITE].add(col_id)
else:
q = Permission.all()
q = q.filter(Permission.role_id.in_(request.auth_roles))
q = q.filter(Permission.collection_id != None) # noqa
for perm in q:
if perm.read or perm.write:
request.auth_collections[READ].add(perm.collection_id)
if perm.write and request.logged_in:
request.auth_collections[WRITE].add(perm.collection_id)
return list(request.auth_collections.get(action, []))
def index(collection_id):
"""
---
get:
summary: Get permissions for a collection
description: >-
Get the list of all permissions for the collection with id
`collection_id`
parameters:
- in: path
name: collection_id
required: true
schema:
type: integer
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Permission'
tags:
- Permission
- Collection
"""
collection = get_db_collection(collection_id, request.authz.WRITE)
roles = Role.all_groups(request.authz).all()
if request.authz.is_admin:
roles.extend(Role.all_system())
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
"collection_id": collection.id,
"write": False,
"read": False,
"role_id": str(role.id),
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({"total": len(permissions), "results": permissions})
def permissions_index(collection):
authz.require(authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
return jsonify({'total': q.count(), 'results': q})
