def obtain_groups_in(obj, request):
"""Shared function to get the groups the roles is in."""
scope_param = request.query_params.get("scope")
username_param = request.query_params.get("username")
policy_ids = list(obj.policies.values_list("id", flat=True))
if scope_param == "principal" or username_param:
principal = get_principal_from_request(request)
assigned_groups = Group.objects.filter(policies__in=policy_ids, principals__in=[principal])
return (assigned_groups | Group.platform_default_set()).distinct()
return Group.objects.filter(policies__in=policy_ids).distinct()
def get_object_principal_queryset(request, scope, clazz, **kwargs):
"""Get the query set for the specific object for principal scope."""
if scope not in VALID_SCOPES:
key = "detail"
message = "{} query parameter value {} is invalid. [{}] are valid inputs.".format(
SCOPE_KEY, scope, ", ".join(VALID_SCOPES))
raise serializers.ValidationError({key: _(message)})
if request.method not in permissions.SAFE_METHODS:
return clazz.objects.none()
object_principal_func = PRINCIPAL_QUERYSET_MAP.get(clazz.__name__)
principal = get_principal_from_request(request)
objects = object_principal_func(principal, **kwargs)
return queryset_by_id(objects, clazz, **kwargs)
def get(self, request):
"""Provide access data for principal."""
app = request.query_params.get(APPLICATION_KEY)
principal = get_principal_from_request(request)
cache = AccessCache(request.tenant.schema_name)
access_policy = cache.get_policy(principal.uuid, app)
if access_policy is None:
queryset = self.get_queryset()
access_policy = self.serializer_class(queryset, many=True).data
cache.save_policy(principal.uuid, app, access_policy)
page = self.paginate_queryset(access_policy)
if page is not None:
return self.get_paginated_response(access_policy)
return Response({"data": access_policy})
def get(self, request):
"""Provide access data for principal."""
validate_limit_and_offset(request.query_params)
sub_key = self.generate_sub_key(request)
principal = get_principal_from_request(request)
cache = AccessCache(request.tenant.schema_name)
access_policy = cache.get_policy(principal.uuid, sub_key)
if access_policy is None:
queryset = self.get_queryset()
page = self.paginate_queryset(queryset)
access_policy = self.serializer_class(page, many=True).data
cache.save_policy(principal.uuid, sub_key, access_policy)
if self.paginate_queryset(access_policy) is not None:
return self.get_paginated_response(access_policy)
return Response({"data": access_policy})
def get(self, request):
"""Provide access data for principal."""
# Parameter extraction
sub_key, ordering = self.validate_and_get_param(request.query_params)
principal = get_principal_from_request(request)
cache = AccessCache(request.tenant.schema_name)
access_policy = cache.get_policy(principal.uuid, sub_key)
if access_policy is None:
queryset = self.get_queryset(ordering)
access_policy = self.serializer_class(queryset, many=True).data
cache.save_policy(principal.uuid, sub_key, access_policy)
page = self.paginate_queryset(access_policy)
if page is not None:
return self.get_paginated_response(page)
return Response({"data": access_policy})
