def permits(self, context, principals, permission):
"""Returns True or False depending if the user with the specified
principals has access to the given permission.
"""
allowed = 0
permissions_required = VIEWS_PERMISSIONS_REQUIRED[permission]
mask = get_binary_mask(permissions_required)
if context.model_id:
try:
policy = context.db.get_model_policy(context.model_id)
except ModelNotFound:
# In case the model doesn't exist, you have access to it.
return True
else:
policy = context.db.get_policy(context.default_policy)
for role, permissions_given in policy.items():
permissions = get_binary_mask(permissions_given)
if role in principals:
allowed |= permissions
logger.debug("(%s, %s) => %x & %x = %x" % (permission, principals,
allowed, mask,
allowed & mask))
result = (allowed & mask) == mask
return result
def on_model_updated(self, event):
logger.debug("Update mapping of model '%s'" % event.model_id)
try:
self.client.indices.delete_mapping(index=self.prefix(
event.model_id),
doc_type=event.model_id)
except ElasticsearchException as e:
logger.error(e)
definition = event.request.db.get_model_definition(event.model_id)
self.__put_mapping(event.model_id, definition)
def on_record_deleted(self, event):
logger.debug("Unindex record %s of model '%s'" %
(event.record_id, event.model_id))
try:
self.client.delete(index=self.prefix(event.model_id),
doc_type=event.model_id,
id=event.record_id,
refresh=True)
except ElasticsearchException as e:
logger.error(e)
def on_record_deleted(self, event):
logger.debug("Unindex record %s of model '%s'" % (event.record_id,
event.model_id))
try:
self.client.delete(index=self.prefix(event.model_id),
doc_type=event.model_id,
id=event.record_id,
refresh=True)
except ElasticsearchException as e:
logger.error(e)
def delete_indices(self):
logger.debug("Drop the index on database deleted event.")
try:
fullnames = self.client.cat.indices().split('\n')[:-1]
indices = [x.split()[1] for x in fullnames]
prefixed_indices = [indice for indice in indices
if indice.startswith(self.prefix(''))]
if len(prefixed_indices) > 0:
self.client.indices.delete(index=','.join(prefixed_indices))
except ElasticsearchException as e:
logger.error(e)
def on_model_updated(self, event):
logger.debug("Update mapping of model '%s'" % event.model_id)
try:
self.client.indices.delete_mapping(
index=self.prefix(event.model_id),
doc_type=event.model_id
)
except ElasticsearchException as e:
logger.error(e)
definition = event.request.db.get_model_definition(event.model_id)
self.__put_mapping(event.model_id, definition)
def permits(self, context, principals, permission):
"""Returns True or False depending if the token with the specified
principals has access to the given permission.
"""
principals = set(principals)
permissions_required = VIEWS_PERMISSIONS_REQUIRED[permission]
current_permissions = set()
if principals.intersection(self.model_creators):
current_permissions.add("create_model")
if principals.intersection(self.token_creators):
current_permissions.add("create_token")
if principals.intersection(self.token_managers):
current_permissions.add("manage_token")
model_id = context.model_id
if model_id is not None:
try:
model_permissions = context.db.get_model_permissions(model_id)
except backend_exceptions.ModelNotFound:
model_permissions = {}
if permission != 'post_model':
# Prevent unauthorized error to shadow 404 responses
return True
finally:
for perm_name, credentials_ids in iteritems(model_permissions):
# If one of the principals is in the valid credentials_ids
# for this permission, grant the permission.
if principals.intersection(credentials_ids):
current_permissions.add(perm_name)
# Remove author's permissions if a record is involved, and if it
# does not belong to the token.
record_id = context.record_id
if record_id is not None:
try:
authors = context.db.get_record_authors(model_id, record_id)
except backend_exceptions.RecordNotFound:
authors = []
finally:
if not principals.intersection(authors):
current_permissions -= AUTHORS_PERMISSIONS
logger.debug("Current permissions: %s", current_permissions)
# Expose permissions and principals for in_view checks
context.request.permissions = current_permissions
context.request.principals = principals
# Check view permission matches token permissions.
return permissions_required.matches(current_permissions)
def permits(self, context, principals, permission):
"""Returns True or False depending if the token with the specified
principals has access to the given permission.
"""
principals = set(principals)
permissions_required = VIEWS_PERMISSIONS_REQUIRED[permission]
current_permissions = set()
if principals.intersection(self.model_creators):
current_permissions.add("create_model")
if principals.intersection(self.token_creators):
current_permissions.add("create_token")
if principals.intersection(self.token_managers):
current_permissions.add("manage_token")
model_id = context.model_id
if model_id is not None:
try:
model_permissions = context.db.get_model_permissions(model_id)
except backend_exceptions.ModelNotFound:
model_permissions = {}
if permission != 'post_model':
# Prevent unauthorized error to shadow 404 responses
return True
finally:
for perm_name, credentials_ids in iteritems(model_permissions):
# If one of the principals is in the valid credentials_ids
# for this permission, grant the permission.
if principals.intersection(credentials_ids):
current_permissions.add(perm_name)
# Remove author's permissions if a record is involved, and if it
# does not belong to the token.
record_id = context.record_id
if record_id is not None:
try:
authors = context.db.get_record_authors(model_id, record_id)
except backend_exceptions.RecordNotFound:
authors = []
finally:
if not principals.intersection(authors):
current_permissions -= AUTHORS_PERMISSIONS
logger.debug("Current permissions: %s", current_permissions)
# Expose permissions and principals for in_view checks
context.request.permissions = current_permissions
context.request.principals = principals
# Check view permission matches token permissions.
return permissions_required.matches(current_permissions)
def on_model_created(self, event):
indexname = self.prefix(event.model_id)
try:
if not self.client.indices.exists(index=indexname):
logger.debug("Create index for model '%s'" % event.model_id)
self.client.indices.create(index=self.prefix(event.model_id))
except ElasticsearchException as e:
logger.error(e)
logger.debug("Create mapping for model '%s'" % event.model_id)
definition = event.request.db.get_model_definition(event.model_id)
self.__put_mapping(event.model_id, definition)
def on_model_created(self, event):
indexname = self.prefix(event.model_id)
try:
if not self.client.indices.exists(index=indexname):
logger.debug("Create index for model '%s'" % event.model_id)
self.client.indices.create(index=self.prefix(event.model_id))
except ElasticsearchException as e:
logger.error(e)
logger.debug("Create mapping for model '%s'" % event.model_id)
definition = event.request.db.get_model_definition(event.model_id)
self.__put_mapping(event.model_id, definition)
def delete_indices(self):
logger.debug("Drop the index on database deleted event.")
try:
fullnames = self.client.cat.indices().split('\n')[:-1]
indices = [x.split()[1] for x in fullnames]
prefixed_indices = [
indice for indice in indices
if indice.startswith(self.prefix(''))
]
if len(prefixed_indices) > 0:
self.client.indices.delete(index=','.join(prefixed_indices))
except ElasticsearchException as e:
logger.error(e)
def on_record_updated(self, event):
logger.debug("Reindex record %s of model '%s'" %
(event.record_id, event.model_id))
definition = event.request.db.get_model_definition(event.model_id)
record = event.request.db.get_record(event.model_id, event.record_id)
self.__index(event.model_id, definition, event.record_id, record)
def on_model_deleted(self, event):
logger.debug("Delete index of model '%s'" % event.model_id)
try:
self.client.indices.delete(index=self.prefix(event.model_id))
except ElasticsearchException as e:
logger.error(e)
def on_record_updated(self, event):
logger.debug("Reindex record %s of model '%s'" % (event.record_id,
event.model_id))
definition = event.request.db.get_model_definition(event.model_id)
record = event.request.db.get_record(event.model_id, event.record_id)
self.__index(event.model_id, definition, event.record_id, record)
def on_model_deleted(self, event):
logger.debug("Delete index of model '%s'" % event.model_id)
try:
self.client.indices.delete(index=self.prefix(event.model_id))
except ElasticsearchException as e:
logger.error(e)
