def patch(self): result = super(ProtectedResource, self).patch() object_id = authorization.get_object_id(self.request.path) self._store_permissions(object_id=object_id) result['permissions'] = self._build_permissions(object_id=object_id) return result
def delete(self): group = self._get_record_or_404(self.record_id) permission = self.request.registry.permission body = super(Group, self).delete() object_id = get_object_id(self.request.path) for member in group['members']: # Remove the group's principal from all members of the group. permission.remove_user_principal(member, object_id) return body
def process_record(self, new, old=None): if old is None: existing_record_members = set([]) else: existing_record_members = set(old['members']) new_record_members = set(new['members']) new_members = new_record_members - existing_record_members removed_members = existing_record_members - new_record_members permission = self.request.registry.permission for member in new_members: # Add the group to the member principal. group_id = get_object_id(self.request.path) permission.add_user_principal(member, group_id) for member in removed_members: # Remove the group from the member principal. group_id = get_object_id(self.request.path) permission.remove_user_principal(member, group_id) return new
def collection_delete(self): filters = self._extract_filters() groups, _ = self.collection.get_records(filters=filters) body = super(Group, self).collection_delete() permission = self.request.registry.permission for group in groups: # Remove the group's principal from all members of the group. for member in group['members']: group_id = '%s/%s' % (get_object_id( self.request.path), group['id']) permission.remove_user_principal(member, group_id) return body
def collection_post(self): """Override the collection POST endpoint to store the permissions specified for the newly created record. """ result = super(ProtectedResource, self).collection_post() record_id = result['data'][self.collection.id_field] record_uri = self._record_uri_from_collection(record_id) object_id = authorization.get_object_id(record_uri) result['permissions'] = self._store_permissions(object_id=object_id) return result
def process_record(self, new, old=None): if old is None: existing_record_members = set([]) else: existing_record_members = set(old.get('members', [])) new_record_members = set(new['members']) new_members = new_record_members - existing_record_members removed_members = existing_record_members - new_record_members permission = self.request.registry.permission for member in new_members: # Add the group to the member principal. group_id = get_object_id(self.request.path) permission.add_user_principal(member, group_id) for member in removed_members: # Remove the group from the member principal. group_id = get_object_id(self.request.path) permission.remove_user_principal(member, group_id) return new
def collection_delete(self): filters = self._extract_filters() groups, _ = self.collection.get_records(filters=filters) body = super(Group, self).collection_delete() permission = self.request.registry.permission for group in groups: # Remove the group's principal from all members of the group. for member in group['members']: group_id = '%s/%s' % (get_object_id(self.request.path), group['id']) permission.remove_user_principal( member, group_id) return body
def collection_delete(self): """Override the collection DELETE endpoint to clear the permissions of the delete records. """ result = super(ProtectedResource, self).collection_delete() for record in result['data']: record_id = record[self.collection.id_field] record_uri = self._record_uri_from_collection(record_id) # XXX: inefficient within loop. object_id = authorization.get_object_id(record_uri) self._delete_permissions(object_id) return result
def collection_post(self): """Override the collection POST endpoint to store the permissions specified for the newly created record. """ result = super(ProtectedResource, self).collection_post() record_id = result['data'][self.collection.id_field] # Since the current request is on a collection, the record URI must # be found out by inspecting the collection service and its sibling # record service. service = current_service(self.request) record_service = service.name.replace('-collection', '-record') matchdict = self.request.matchdict.copy() matchdict['id'] = record_id record_uri = self.request.route_path(record_service, **matchdict) object_id = authorization.get_object_id(record_uri) result['permissions'] = self._store_permissions(object_id=object_id) return result
def delete(self): result = super(ProtectedResource, self).delete() object_id = authorization.get_object_id(self.request.path) self._delete_permissions(object_id=object_id) return result