Ejemplo n.º 1
0
def members_add(actor, group_id=None, group_key=None, group=None, user_id=None, user_key=None, user=None):
    permission_verify(actor, "member", "update")

    user_key  = user_key  or build_user_key( user_id ) or user.key
    group_key = group_key or build_group_key(group_id) or group.key

    user  = user  or user_key.get()
    group = group or group_key.get()

    if not group.users:
        group.users = [ user_key ]
    else:
        users = set(group.users)
        users.add(user_key)
        group.users = users

    group.put()

    if user:
        if not user.groups:
            user.groups = [ group.key ]
        else:
            groups = set(user.groups)
            groups.add(group.key)
            user.groups = groups

        user.put()
Ejemplo n.º 2
0
def members_add(actor,
                group_id=None,
                group_key=None,
                group=None,
                user_id=None,
                user_key=None,
                user=None):
    permission_verify(actor, "member", "update")

    user_key = user_key or build_user_key(user_id) or user.key
    group_key = group_key or build_group_key(group_id) or group.key

    user = user or user_key.get()
    group = group or group_key.get()

    if not group.users:
        group.users = [user_key]
    else:
        users = set(group.users)
        users.add(user_key)
        group.users = users

    group.put()

    if user:
        if not user.groups:
            user.groups = [group.key]
        else:
            groups = set(user.groups)
            groups.add(group.key)
            user.groups = groups

        user.put()
Ejemplo n.º 3
0
def create(actor,
           alias_key=None,
           alias_id=None,
           user_id=None,
           user_key=None,
           user=None,
           group_id=None,
           group_key=None,
           group=None,
           **kwargs):
    permission_verify(actor, "alias", "create")

    user_key = user_key or build_user_key(user or user_id)
    group_key = group_key or build_group_key(group or group_id)

    if not user_key and not group_key:
        raise IllegalError("Aliases must specify either a user or a group")
    if user_key and group_key:
        raise IllegalError("Aliases must specify either a user or a group")

    alias_key = alias_key or key(alias_id)
    alias = Alias(key=alias_key)
    alias.alias = users.User(alias_key.id())
    alias.user = user_key
    alias.group = group_key
    alias.created_by = build_user_key(actor)
    alias.put()

    return alias
Ejemplo n.º 4
0
def permission_get(type, action, target, user, groups, keys_only=True):
    if user and groups:
        return Permission.query().filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target,
                    ndb.OR(Permission.user == build_user_key(user),
                           Permission.group.IN([build_group_key(group) for group in groups])))).get(keys_only=keys_only)
    elif user:
        return Permission.query(ancestor=build_user_key(user)).filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target)).get(keys_only=keys_only)
    elif groups:
        return Permission.query().filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target,
                    Permission.group.IN([build_group_key(group) for group in groups]))).get(keys_only=keys_only)
Ejemplo n.º 5
0
def permission_get(type, action, target, user, groups, keys_only=True):
    if user and groups:
        return Permission.query().filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target,
                    ndb.OR(Permission.user == build_user_key(user),
                           Permission.group.IN([build_group_key(group) for group in groups])))).get(keys_only=keys_only)
    elif user:
        return Permission.query(ancestor=build_user_key(user)).filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target)).get(keys_only=keys_only)
    elif groups:
        return Permission.query().filter( \
            ndb.AND(Permission.type == type,
                    Permission.action == action,
                    Permission.target == target,
                    Permission.group.IN([build_group_key(group) for group in groups]))).get(keys_only=keys_only)
Ejemplo n.º 6
0
def members_clear(actor, group_id=None, group_key=None, group=None):
    permission_verify(actor, "member", "update")

    group = group or (group_key or build_group_key(group_id)).get()
    for user_key in group.users:
        user = user_key.get()
        if user and user.groups and group.key in user.groups:
            user.groups.remove(group.key)
            user.put()

    group.users = []
    group.put()
Ejemplo n.º 7
0
def members_clear(actor, group_id=None, group_key=None, group=None):
    permission_verify(actor, "member", "update")

    group = group or (group_key or build_group_key(group_id)).get()
    for user_key in group.users:
        user = user_key.get()
        if user and user.groups and group.key in user.groups:
            user.groups.remove(group.key)
            user.put()

    group.users = []
    group.put()
Ejemplo n.º 8
0
def permission_revoke(viewer, type, action, target=None, user=None, group=None):
    permission_verify(viewer, "permissions", "revoke")

    key = permission_get(type, action, target, user, [group] if group else None)
    if key:
        key.delete()
        log.debug("Permission Revoked: %s - %s.%s (%s)" % (build_user_key(user) or build_group_key(group), type, action, target))
        if user:
            memcache.delete(build_user_key(user).id())
        else:
            memcache.flush_all()
    else:
        log.debug("Permission wasn't granted")
Ejemplo n.º 9
0
def members_remove(actor, group_id=None, group_key=None, group=None, user_id=None, user_key=None, user=None):
    permission_verify(actor, "member", "update")

    user_key  = user_key  or build_user_key( user_id ) or user.key
    group_key = group_key or build_group_key(group_id) or group.key

    user  = user  or user_key.get()
    group = group or group_key.get()

    if group.users: group.users.remove(user_key)
    if user and user.groups: user.groups.remove(group_key)

    group.put()
    user.put()
Ejemplo n.º 10
0
def permission_grant(viewer, type, action, target=None, user=None, group=None):
    permission_verify(viewer, "permissions", "grant")

    if not permission_get(type, action, target, user, [group] if group else None):
        user = build_user_key(user)
        group = build_group_key(group)

        permission = Permission(parent=user or group)
        permission.user = user
        permission.group = group
        permission.type = type or target.kind()
        permission.action = action
        permission.target = target
        permission.granted_by = build_user_key(viewer)
        permission.put()

        log.debug("Permission Granted: %s - %s.%s (%s)" % (user or group, type, action, target))
    else:
        log.warn("Permission already granted")
Ejemplo n.º 11
0
def members_remove(actor,
                   group_id=None,
                   group_key=None,
                   group=None,
                   user_id=None,
                   user_key=None,
                   user=None):
    permission_verify(actor, "member", "update")

    user_key = user_key or build_user_key(user_id) or user.key
    group_key = group_key or build_group_key(group_id) or group.key

    user = user or user_key.get()
    group = group or group_key.get()

    if group.users: group.users.remove(user_key)
    if user and user.groups: user.groups.remove(group_key)

    group.put()
    user.put()
Ejemplo n.º 12
0
def permission_revoke(viewer,
                      type,
                      action,
                      target=None,
                      user=None,
                      group=None):
    permission_verify(viewer, "permissions", "revoke")

    key = permission_get(type, action, target, user,
                         [group] if group else None)
    if key:
        key.delete()
        log.debug("Permission Revoked: %s - %s.%s (%s)" %
                  (build_user_key(user)
                   or build_group_key(group), type, action, target))
        if user:
            memcache.delete(build_user_key(user).id())
        else:
            memcache.flush_all()
    else:
        log.debug("Permission wasn't granted")
Ejemplo n.º 13
0
def permission_grant(viewer, type, action, target=None, user=None, group=None):
    permission_verify(viewer, "permissions", "grant")

    if not permission_get(type, action, target, user,
                          [group] if group else None):
        user = build_user_key(user)
        group = build_group_key(group)

        permission = Permission(parent=user or group)
        permission.user = user
        permission.group = group
        permission.type = type or target.kind()
        permission.action = action
        permission.target = target
        permission.granted_by = build_user_key(viewer)
        permission.put()

        log.debug("Permission Granted: %s - %s.%s (%s)" %
                  (user or group, type, action, target))
    else:
        log.warn("Permission already granted")
Ejemplo n.º 14
0
def members_user_list(actor, group_id=None, group_key=None, group=None):
    group = group or (group_key or build_group_key(group_id)).get()
    return [key.get() for key in group.users]
Ejemplo n.º 15
0
def members_user_list(actor, group_id=None, group_key=None, group=None):
    group = group or (group_key or build_group_key(group_id)).get()
    return [key.get() for key in group.users]