def from_role(cls, role):
roles = set([Role.load_id(Role.SYSTEM_GUEST)])
if role is None:
return cls(None, roles)
roles.add(role.id)
roles.add(Role.load_id(Role.SYSTEM_USER))
roles.update([g.id for g in role.roles])
return cls(role.id, roles, is_admin=role.is_admin)
def from_role(cls, role):
roles = set([Role.load_id(Role.SYSTEM_GUEST)])
if role is None:
return cls(None, roles)
roles.add(role.id)
roles.add(Role.load_id(Role.SYSTEM_USER))
roles.update([g.id for g in role.roles])
return cls(role.id, roles, is_admin=role.is_admin)
def __init__(self, role=None, override=False):
self.roles = set([Role.load_id(Role.SYSTEM_GUEST)])
self.role = role
self.logged_in = role is not None
self.override = self.is_admin = override
self.in_maintenance = get_config('MAINTENANCE')
if self.logged_in:
self.is_admin = role.is_admin
self.roles.add(role.id)
self.roles.add(Role.load_id(Role.SYSTEM_USER))
for group in role.roles:
self.roles.add(group.id)
# Pre-load collection authorisation info and cache the result.
# This is the core authorisation function, and is called at least once
# per request. It will query and cache the ID for all collections the
# current user is authorised to read or write.
self.collections = {
self.READ: set(),
self.WRITE: set(),
self.PUBLIC: set()
}
q = db.session.query(Permission.collection_id, Permission.role_id,
Permission.read, Permission.write)
q = q.filter(Permission.deleted_at == None) # noqa
q = q.filter(Permission.role_id.in_(self.roles))
q = q.filter(Permission.collection_id != None) # noqa
for collection_id, role_id, read, write in q:
if read or write:
self.collections[self.READ].add(collection_id)
if role_id in get_public_roles():
self.collections[self.PUBLIC].add(collection_id)
if write and self.logged_in:
self.collections[self.WRITE].add(collection_id)
if self.is_admin:
q = Collection.all_ids().filter(
Collection.deleted_at == None) # noqa
for collection_id, in q:
self.collections[self.READ].add(collection_id)
self.collections[self.WRITE].add(collection_id)
# Disable all in maintenance mode.
if self.in_maintenance:
self.collections[self.WRITE] = set()
self.collections_read = list(self.collections[self.READ])
self.collections_write = list(self.collections[self.WRITE])
def __init__(self, role=None, override=False):
self._cache = {}
self.roles = set([Role.load_id(Role.SYSTEM_GUEST)])
self.role = role
self.logged_in = role is not None
self.id = role.id if role is not None else None
self.is_admin = override
self.in_maintenance = settings.MAINTENANCE
self.session_write = not self.in_maintenance and self.logged_in
if self.logged_in and not self.is_admin:
self.is_admin = role.is_admin
self.roles.add(role.id)
self.roles.add(Role.load_id(Role.SYSTEM_USER))
for group in role.roles:
self.roles.add(group.id)
def login(self,
foreign_id='tester',
name=None,
email=None,
is_admin=False):
role = self.create_user(foreign_id=foreign_id,
name=name,
email=email,
is_admin=is_admin)
with self.client.session_transaction() as sess:
sess['roles'] = [
Role.load_id(Role.SYSTEM_GUEST),
Role.load_id(Role.SYSTEM_USER), role.id
]
sess['user'] = role.id
return role
def __init__(self, name, data):
self.name = six.text_type(name)
self.data = data
self.label = data.get('label', name)
self.info_url = data.get('info_url')
self.category = data.get('category')
self.roles = []
self.entities_count = None
self.public = False
for role in dict_list(data, 'roles', 'role'):
role_id = Role.load_id(role)
if role_id is not None:
self.roles.append(role_id)
else:
log.warning("Could not find role: %s", role)
if role_id in get_public_roles():
self.public = True
if not len(self.roles):
raise ValueError("No roles for dataset: %s" % self.name)
self._queries = dict_list(data, 'queries', 'query')
def get_public_roles():
"""Roles which make a collection to be considered public."""
return [
Role.load_id(Role.SYSTEM_GUEST),
Role.load_id(Role.SYSTEM_USER),
]
