Ejemplo n.º 1
0
    def assign_to(self,user):
        """
        Assigns this role to a user
        """
        sessionmanager = self._core.get_session_manager()
        session_user = sessionmanager.get_current_session_user()

        db = self._core.get_db()
        
        #check if sessionuser has role
        
        has_role = session_user.has_role(self)

        stmnt = "SELECT COUNT(URI_RIG_ID) AS CNT FROM USERRIGHTS WHERE URI_RIG_ID IN \
            (SELECT RRI_RIG_ID FROM ROLERIGHTS WHERE RRI_ROL_ID = ? ) ;"
        cur = db.query(self._core,stmnt,(self._id,))
        res = cur.fetchone()[0]

        has_all_permissions_of_role = res == len(self.get_permissions())

        if not has_role and not has_all_permissions_of_role:
            raise PermissionException(PermissionException.get_msg(7))

        for role in user.get_grantable_roles():
            if role["name"] == self._name:
                stmnt = "UPDATE OR INSERT INTO USERROLES (URO_USR_ID, URO_ROL_ID) \
                    VALUES (?,?) MATCHING (URO_USR_ID, URO_ROL_ID) ;";
                db.query(self._core,stmnt, (user.get_id(),self._id),commit=True)
                self._core.get_poke_manager().add_activity(ActivityType.USER)
                return
        raise PermissionException(PermissionException.get_msg(8))
Ejemplo n.º 2
0
    def check_permission(cls, permission, user):
        """
        checks whether a user has a specific permission
        """
        if user.__class__.__name__ == "User":
            user_id = user.get_id()
        elif type(user) != int:
            raise PermissionException(PermissionException.get_msg(9))

        db = cls._core.get_db()
        stmnt = "select 1 as RESULT from RDB$DATABASE  where CAST( ? AS VARCHAR(64)) in(select rig_name \
                from USERROLES \
                left join ROLES \
                  on rol_id = uro_rol_id \
                left join ROLERIGHTS \
                  on rri_rol_id = rol_id \
                left join RIGHTS \
                  on rig_id = rri_rig_id \
                where uro_usr_id = ? \
                union \
                select rig_name \
                from USERRIGHTS \
                left join RIGHTS \
                  on rig_id = uri_rig_id \
                where uri_usr_id = ?) ; " \
        
        cur = db.query(cls._core,stmnt,(permission,user_id,user_id))

        res = cur.fetchone()
        if res is None:
            return False
        res = res[0]
        return res == 1
Ejemplo n.º 3
0
 def get_role(cls, role_id):
     """
     Get a role from the database by a given roleId. returns a role object
     """
     db = cls._core.get_db()
     stmnt = "SELECT ROL_ID, ROL_NAME FROM ROLES WHERE ROL_ID = ? ;"
     cur = db.query(cls._core,stmnt,(role_id,))
     res = cur.fetchonemap()
     if res is None:
         raise PermissionException(PermissionException.get_msg(14, role_id))
     role = Role(cls._core)
     role.set_id(res["ROL_ID"])
     role.set_name(res["ROL_NAME"])
     return role 
Ejemplo n.º 4
0
    def remove_permission(self, permission):
        """
        removes a given permission from this role
        """
        sessionmanager = self._core.get_session_manager()
        session_user = sessionmanager.get_current_session_user()
        
        if not session_user.check_permission(permission):
            raise PermissionException(PermissionException.get_msg(3))

        db = self._core.get_db()
        stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); "
        db.query(self._core,stmnt,(self._id,permission),commit=True)
        self._core.get_poke_manager().add_activity(ActivityType.ROLE)
Ejemplo n.º 5
0
    def store(self):
        """
        Stores the current state of the role into the database
        """
        if self._id is None:
            raise PermissionException(PermissionException.get_msg(0))

        if self._name == "":
            raise PermissionException(PermissionException.get_msg(1))


        db = Database()
        stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;"
        db.query(stmnt,(self._id,self._name),commit=True)
        PokeManager.add_activity(ActivityType.ROLE)
Ejemplo n.º 6
0
    def add_permission(self, permission):
        """
        adds a given permission to this role
        """
        sessionmanager = self._core.get_session_manager()
        session_user = sessionmanager.get_current_session_user()

        if not session_user.check_permission(permission):
            raise PermissionException(PermissionException.get_msg(3))

        db = self._core.get_db()
        stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \
                        VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \
                      MATCHING (RRI_ROL_ID, RRI_RIG_ID);";
        db.query(self._core,stmnt,(self._id, permission),commit=True)
        self._core.get_poke_manager().add_activity(ActivityType.ROLE)
Ejemplo n.º 7
0
    def store(self):
        """
        Stores the current state of the role into the database
        """
        sessionmanager = self._core.get_session_manager()

        if self._id is None:
            raise PermissionException(PermissionException.get_msg(0))

        if self._name == "":
            raise PermissionException(PermissionException.get_msg(1))


        db = self._core.get_db()
        stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;"
        db.query(self._core,stmnt,(self._id,self._name),commit=True)
        self._core.get_poke_manager().add_activity(ActivityType.ROLE)
Ejemplo n.º 8
0
    def create_role(cls, data=None):
        if data is None:
            raise PermissionException(PermissionException.get_msg(10))
        if data["name"] is None:
            raise PermissionException(PermissionException.get_msg(11))

        db = cls._core.get_db()

        stmnt = "SELECT ROL_ID FROM ROLES WHERE ROL_NAME = ? ;"
        cur = db.query(cls._core,stmnt,(data["name"],))
        res = cur.fetchonemap()
        if res is not None:
            raise PermissionException(PermissionException.get_msg(13, data["name"]))
        
        role_id = db.get_seq_next("ROL_GEN")
        role = Role(cls._core)
        role.set_id(role_id)
        role.set_name(data["name"])
        role.store()

        if data.has_key("rights"):
            for permission in data["rights"]:
                if permission["granted"]:
                    role.add_permission(permission["name"])
                else:
                    role.remove_permission(permission["name"])
            role.store()

        return role
Ejemplo n.º 9
0
    def remove_permission(self, permission):
        """
        removes a given permission from this role
        """
        session_user = Session.get_current_session_user()
        
        if not session_user.check_permission(permission):
            raise PermissionException(PermissionException.get_msg(3))

        db = Database()
        stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); "
        db.query(stmnt,(self._id,permission),commit=True)
        PokeManager.add_activity(ActivityType.ROLE)
Ejemplo n.º 10
0
    def get_permissions_for_user(cls, user):
        """
        Returns all permissions of the given user as a
        list of strings
        """
        if user.__class__.__name__ == "User":
            user_id = user.get_id()
        elif type(user) != int:
            raise PermissionException(PermissionException.get_msg(9))

        db = cls._core.get_db()
        stmnt = "SELECT RIG_NAME \
                  FROM USERRIGHTS \
                    INNER JOIN RIGHTS ON RIG_ID = URI_RIG_ID \
                  WHERE URI_USR_ID = ? \
                  UNION SELECT RIG_NAME \
                  FROM USERROLES \
                    INNER JOIN ROLERIGHTS ON URO_ROL_ID = RRI_ROL_ID \
                    INNER JOIN RIGHTS ON RRI_RIG_ID = RIG_ID \
                  WHERE URO_USR_ID = ?;"
        cur = db.query(cls._core, stmnt, (user.get_id(),user.get_id()))
        res = cur.fetchall()
        return [row[0] for row in res]
Ejemplo n.º 11
0
    def add_permission(self, permission):
        """
        adds a given permission to this role
        """
        session_user = Session.get_current_session_user()

        if not session_user.check_permission(permission):
            raise PermissionException(PermissionException.get_msg(3))

        db = Database()
        stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \
                        VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \
                      MATCHING (RRI_ROL_ID, RRI_RIG_ID);";
        db.query(stmnt,(self._id, permission),commit=True)
        PokeManager.add_activity(ActivityType.ROLE)
Ejemplo n.º 12
0
 def tortilla(*args,**kwargs):
     current_user = Session.get_current_session_user()
     if not cls.check_permission(permission, current_user):
         raise PermissionException(PermissionException.get_msg(15, info=permission))
     func(*args, **kwargs)