def test_remove_all(self):
original = invert_permissions_matrix({"alexis": PERMISSIONS_SET})
specified = {"alexis": ["-ALL"]}
result = merge_permissions(original, specified)
result = invert_permissions_matrix(result)
self.assertDictEqual(result, {})
def test_remove_all(self):
original = invert_permissions_matrix({
"alexis": PERMISSIONS_SET
})
specified = {
"alexis": ["-ALL"]
}
result = merge_permissions(original, specified)
result = invert_permissions_matrix(result)
self.assertDictEqual(result, {})
def test_add_all(self):
original = invert_permissions_matrix(
{"alexis": ["create_record", "read_permissions"]})
specified = {"remy": ["ALL"]}
result = merge_permissions(original, specified)
result = invert_permissions_matrix(result)
self.assertDictEqual(
result, {
"alexis": ["create_record", "read_permissions"],
"remy": sorted(PERMISSIONS_SET)
})
def test_add_all(self):
original = invert_permissions_matrix({
"alexis": ["create_record", "read_permissions"]
})
specified = {
"remy": ["ALL"]
}
result = merge_permissions(original, specified)
result = invert_permissions_matrix(result)
self.assertDictEqual(result, {
"alexis": ["create_record", "read_permissions"],
"remy": sorted(PERMISSIONS_SET)
})
def get_model(request):
"""Retrieves the full model, definition and records."""
model_id = request.matchdict['model_id']
try:
definition = request.db.get_model_definition(model_id)
except ModelNotFound:
request.errors.add('path', model_id, "model not found")
request.errors.status = "404 Not Found"
return
if "read_all_records" not in request.permissions:
records = request.db.get_records_with_authors(model_id)
records = [
r["record"] for r in records
if set(request.principals).intersection(r["authors"])
]
else:
records = request.db.get_records(model_id)
permissions = request.db.get_model_permissions(model_id)
return {
'definition': definition,
'records': records,
'permissions': invert_permissions_matrix(permissions)
}
def test_remove(self):
original = invert_permissions_matrix(
{"alexis": ["create_record", "read_permissions"]})
specified = {"alexis": ["-read_permissions"]}
result = merge_permissions(original, specified)
self.assertNotIn('alexis', result['read_permissions'])
self.assertIn('alexis', result['create_record'])
def test_remove_not_present(self):
original = invert_permissions_matrix(
{"alexis": ["create_record", "read_permissions"]})
specified = {"alexis": ["-update_permissions"]}
result = merge_permissions(original, specified)
self.assertEqual(result['create_record'], ['alexis'])
self.assertEqual(result['read_permissions'], ['alexis'])
def put_permissions(request):
"""Update a model permissions."""
model_id = request.matchdict['model_id']
definition = request.db.get_model_definition(model_id)
permissions = merge_permissions({}, request.data_clean)
request.db.put_model(definition, permissions, model_id)
return invert_permissions_matrix(permissions)
def put_permissions(request):
"""Update a model permissions."""
model_id = request.matchdict['model_id']
definition = request.db.get_model_definition(model_id)
permissions = merge_permissions({}, request.data_clean)
request.db.put_model(definition, permissions, model_id)
return invert_permissions_matrix(permissions)
def get_permissions(request):
"""Retrieves a model permissions."""
model_id = request.matchdict['model_id']
try:
permissions = request.db.get_model_permissions(model_id)
return invert_permissions_matrix(permissions)
except ModelNotFound:
request.errors.add('path', model_id, "model not found")
request.errors.status = "404 Not Found"
def get_permissions(request):
"""Retrieves a model permissions."""
model_id = request.matchdict['model_id']
try:
permissions = request.db.get_model_permissions(model_id)
return invert_permissions_matrix(permissions)
except ModelNotFound:
request.errors.add('path', model_id, "model not found")
request.errors.status = "404 Not Found"
def test_put_model_definition_with_permissions(self):
model = MODEL_DEFINITION.copy()
model['permissions'] = {'Everyone': ['ALL']}
self.app.put_json('/models/test', model,
headers=self.headers)
permissions = self.db.get_model_permissions("test")
self.assertEquals(invert_permissions_matrix(permissions),
{self.credentials['id']: MODEL_PERMISSIONS,
u'system.Everyone': MODEL_PERMISSIONS})
def test_remove_not_present(self):
original = invert_permissions_matrix({
"alexis": ["create_record", "read_permissions"]
})
specified = {
"alexis": ["-update_permissions"]
}
result = merge_permissions(original, specified)
self.assertEqual(result['create_record'], ['alexis'])
self.assertEqual(result['read_permissions'], ['alexis'])
def test_remove(self):
original = invert_permissions_matrix({
"alexis": ["create_record", "read_permissions"]
})
specified = {
"alexis": ["-read_permissions"]
}
result = merge_permissions(original, specified)
self.assertNotIn('alexis', result['read_permissions'])
self.assertIn('alexis', result['create_record'])
def test_put_model_definition_with_permissions(self):
model = MODEL_DEFINITION.copy()
model['permissions'] = {'Everyone': ['ALL']}
self.app.put_json('/models/test', model, headers=self.headers)
permissions = self.db.get_model_permissions("test")
self.assertEquals(
invert_permissions_matrix(permissions), {
self.credentials['id']: MODEL_PERMISSIONS,
u'system.Everyone': MODEL_PERMISSIONS
})
def test_post_model_definition_with_permissions(self):
model = MODEL_DEFINITION.copy()
model['permissions'] = {"Everyone": ["ALL"]}
resp = self.app.post_json('/models', model,
headers=self.headers)
model_id = resp.json['id']
definition = self.db.get_model_definition(model_id)
self.assertEquals(definition, MODEL_DEFINITION['definition'])
permissions = self.db.get_model_permissions(model_id)
self.assertEquals(invert_permissions_matrix(permissions),
{self.credentials['id']: MODEL_PERMISSIONS,
u'system.Everyone': MODEL_PERMISSIONS})
def test_post_model_definition_with_permissions(self):
model = MODEL_DEFINITION.copy()
model['permissions'] = {"Everyone": ["ALL"]}
resp = self.app.post_json('/models', model, headers=self.headers)
model_id = resp.json['id']
definition = self.db.get_model_definition(model_id)
self.assertEquals(definition, MODEL_DEFINITION['definition'])
permissions = self.db.get_model_permissions(model_id)
self.assertEquals(
invert_permissions_matrix(permissions), {
self.credentials['id']: MODEL_PERMISSIONS,
u'system.Everyone': MODEL_PERMISSIONS
})
def delete_model(request):
"""Deletes a model and its records."""
model_id = request.matchdict['model_id']
try:
model = request.db.delete_model(model_id)
except ModelNotFound:
request.errors.status = "404 Not Found"
request.errors.add('path', model_id, "model not found")
return
request.notify('ModelDeleted', model_id)
model["permissions"] = invert_permissions_matrix(model["permissions"])
return model
def delete_model(request):
"""Deletes a model and its records."""
model_id = request.matchdict['model_id']
try:
model = request.db.delete_model(model_id)
except ModelNotFound:
request.errors.status = "404 Not Found"
request.errors.add('path', model_id, "model not found")
return
request.notify('ModelDeleted', model_id)
model["permissions"] = invert_permissions_matrix(model["permissions"])
return model
def test_invert_permissions_matrix(self):
model_permissions = {
'read_permissions': ['admin', 'alexis'],
'update_definition': ['admin'],
'read_all_records': ['admin', 'remy'],
'update_my_record': ['admin'],
}
credentials_ids_permissions = {
'admin': ['read_all_records', 'read_permissions',
'update_definition', 'update_my_record'],
'alexis': ['read_permissions'],
'remy': ['read_all_records']
}
self.assertDictEqual(invert_permissions_matrix(model_permissions),
credentials_ids_permissions)
def test_invert_permissions_matrix(self):
model_permissions = {
'read_permissions': ['admin', 'alexis'],
'update_definition': ['admin'],
'read_all_records': ['admin', 'remy'],
'update_my_record': ['admin'],
}
credentials_ids_permissions = {
'admin': [
'read_all_records', 'read_permissions', 'update_definition',
'update_my_record'
],
'alexis': ['read_permissions'],
'remy': ['read_all_records']
}
self.assertDictEqual(invert_permissions_matrix(model_permissions),
credentials_ids_permissions)
def put_definition(request):
"""Create or update a model definition."""
model_id = request.matchdict['model_id']
try:
permissions = request.db.get_model_permissions(model_id)
permissions = invert_permissions_matrix(permissions)
except ModelNotFound:
permissions = {}
model = {
'permissions': permissions,
'definition': request.data_clean,
'records': [] # Won't erase existing records
}
request.data_clean = model
handle_put_model(request, create=(not permissions))
return model['definition']
def get_model(request):
"""Retrieves the full model, definition and records."""
model_id = request.matchdict["model_id"]
try:
definition = request.db.get_model_definition(model_id)
except ModelNotFound:
request.errors.add("path", model_id, "model not found")
request.errors.status = "404 Not Found"
return
if "read_all_records" not in request.permissions:
records = request.db.get_records_with_authors(model_id)
records = [r["record"] for r in records if set(request.principals).intersection(r["authors"])]
else:
records = request.db.get_records(model_id)
permissions = request.db.get_model_permissions(model_id)
return {"definition": definition, "records": records, "permissions": invert_permissions_matrix(permissions)}
def put_definition(request):
"""Create or update a model definition."""
model_id = request.matchdict["model_id"]
try:
permissions = request.db.get_model_permissions(model_id)
permissions = invert_permissions_matrix(permissions)
except ModelNotFound:
permissions = {}
model = {
"permissions": permissions,
"definition": request.data_clean,
"records": [], # Won't erase existing records
}
request.data_clean = model
handle_put_model(request, create=(not permissions))
return model["definition"]
