def patch(self):
result = super(ProtectedResource, self).patch()
object_id = authorization.get_object_id(self.request.path)
self._store_permissions(object_id=object_id)
result['permissions'] = self._build_permissions(object_id=object_id)
return result
def delete(self):
group = self._get_record_or_404(self.record_id)
permission = self.request.registry.permission
body = super(Group, self).delete()
object_id = get_object_id(self.request.path)
for member in group['members']:
# Remove the group's principal from all members of the group.
permission.remove_user_principal(member, object_id)
return body
def delete(self):
group = self._get_record_or_404(self.record_id)
permission = self.request.registry.permission
body = super(Group, self).delete()
object_id = get_object_id(self.request.path)
for member in group['members']:
# Remove the group's principal from all members of the group.
permission.remove_user_principal(member, object_id)
return body
def process_record(self, new, old=None):
if old is None:
existing_record_members = set([])
else:
existing_record_members = set(old['members'])
new_record_members = set(new['members'])
new_members = new_record_members - existing_record_members
removed_members = existing_record_members - new_record_members
permission = self.request.registry.permission
for member in new_members:
# Add the group to the member principal.
group_id = get_object_id(self.request.path)
permission.add_user_principal(member, group_id)
for member in removed_members:
# Remove the group from the member principal.
group_id = get_object_id(self.request.path)
permission.remove_user_principal(member, group_id)
return new
def collection_delete(self):
filters = self._extract_filters()
groups, _ = self.collection.get_records(filters=filters)
body = super(Group, self).collection_delete()
permission = self.request.registry.permission
for group in groups:
# Remove the group's principal from all members of the group.
for member in group['members']:
group_id = '%s/%s' % (get_object_id(
self.request.path), group['id'])
permission.remove_user_principal(member, group_id)
return body
def collection_post(self):
"""Override the collection POST endpoint to store the permissions
specified for the newly created record.
"""
result = super(ProtectedResource, self).collection_post()
record_id = result['data'][self.collection.id_field]
record_uri = self._record_uri_from_collection(record_id)
object_id = authorization.get_object_id(record_uri)
result['permissions'] = self._store_permissions(object_id=object_id)
return result
def process_record(self, new, old=None):
if old is None:
existing_record_members = set([])
else:
existing_record_members = set(old.get('members', []))
new_record_members = set(new['members'])
new_members = new_record_members - existing_record_members
removed_members = existing_record_members - new_record_members
permission = self.request.registry.permission
for member in new_members:
# Add the group to the member principal.
group_id = get_object_id(self.request.path)
permission.add_user_principal(member, group_id)
for member in removed_members:
# Remove the group from the member principal.
group_id = get_object_id(self.request.path)
permission.remove_user_principal(member, group_id)
return new
def collection_delete(self):
filters = self._extract_filters()
groups, _ = self.collection.get_records(filters=filters)
body = super(Group, self).collection_delete()
permission = self.request.registry.permission
for group in groups:
# Remove the group's principal from all members of the group.
for member in group['members']:
group_id = '%s/%s' % (get_object_id(self.request.path),
group['id'])
permission.remove_user_principal(
member,
group_id)
return body
def collection_delete(self):
"""Override the collection DELETE endpoint to clear the permissions
of the delete records.
"""
result = super(ProtectedResource, self).collection_delete()
for record in result['data']:
record_id = record[self.collection.id_field]
record_uri = self._record_uri_from_collection(record_id)
# XXX: inefficient within loop.
object_id = authorization.get_object_id(record_uri)
self._delete_permissions(object_id)
return result
def collection_post(self):
"""Override the collection POST endpoint to store the permissions
specified for the newly created record.
"""
result = super(ProtectedResource, self).collection_post()
record_id = result['data'][self.collection.id_field]
# Since the current request is on a collection, the record URI must
# be found out by inspecting the collection service and its sibling
# record service.
service = current_service(self.request)
record_service = service.name.replace('-collection', '-record')
matchdict = self.request.matchdict.copy()
matchdict['id'] = record_id
record_uri = self.request.route_path(record_service, **matchdict)
object_id = authorization.get_object_id(record_uri)
result['permissions'] = self._store_permissions(object_id=object_id)
return result
def delete(self):
result = super(ProtectedResource, self).delete()
object_id = authorization.get_object_id(self.request.path)
self._delete_permissions(object_id=object_id)
return result
