def permissions_index(id):
collection = get_db_collection(id, request.authz.WRITE)
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role': role
})
return jsonify({
'total': len(permissions),
'results': PermissionSchema().dump(permissions, many=True)
})
def permissions_update(id):
# TODO: consider using a list to bundle permission writes
collection = get_db_collection(id, request.authz.WRITE)
data = parse_request(schema=PermissionSchema)
role = Role.all().filter(Role.id == data['role']['id']).first()
if role is None or not check_visible(role, request.authz):
raise BadRequest()
perm = update_permission(role, collection, data['read'], data['write'])
return jsonify({'status': 'ok', 'updated': PermissionSchema().dump(perm)})