def run(): namespaces = SecureNamespaceAPI(session.auth.user) try: result = namespaces.get([path], withDescriptions=returnDescription, withNamespaces=returnNamespaces, withTags=returnTags) except UnknownPathError as error: unknownPath = error.paths.pop() raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(path_, category, action) if not result: raise TNonexistentNamespace(path.encode('utf-8')) else: namespace = TNamespace() namespace.objectId = str(result[path]['id']) namespace.path = path if returnDescription: namespace.description = result[path]['description'] if returnNamespaces: namespace.namespaces = result[path]['namespaceNames'] if returnTags: namespace.tags = result[path]['tagNames'] return namespace
def run(): permissions = SecurePermissionAPI(session.auth.user) try: permissions.set([(path, operation, policy, exceptions)]) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] if operation in Operation.TAG_OPERATIONS: raise TNonexistentTag(unknownPath.encode('utf-8')) if operation in Operation.NAMESPACE_OPERATIONS: raise TNonexistentNamespace(unknownPath.encode('utf-8')) raise except UnknownUserError as error: # FIXME There could be more than one unknown username, but # TNoSuchUser can only be passed a single username, so we'll # only pass the first one. Ideally, we'd be able to pass all # of them. raise TNoSuchUser(error.usernames[0].encode('utf-8')) except UserNotAllowedInExceptionError as error: raise TInvalidUsername(str(error)) except PermissionDeniedError as error: session.log.exception(error) deniedPath, deniedOperation = error.pathsAndOperations[0] deniedCategory, deniedAction = getCategoryAndAction( deniedOperation) raise TPathPermissionDenied(deniedPath, deniedCategory, deniedAction)
def run(): tagValues = SecureTagValueAPI(session.auth.user) objects = SecureObjectAPI(session.auth.user) objectIDs = self._resolveQuery(session, objects, parsedQuery) values = [] if tags is None: # delete all tags user has permissions for result = objects.getTagsByObjects(objectIDs, Operation.DELETE_TAG_VALUE) for objectID, paths in result.iteritems(): for path in paths: values.append((objectID, path)) else: # delete only tags requested by user result = objects.getTagsByObjects(objectIDs) for objectID, paths in result.iteritems(): for path in paths: if tags is None or path in tags: values.append((objectID, path)) if values: try: tagValues.delete(values) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def run(): objects = SecureObjectAPI(session.auth.user) try: searchQueries = objects.search(valuesByQuery.keys()) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentTag(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] if operation == Operation.CREATE_OBJECT: raise TUnauthorized() else: raise TNonexistentTag(path_) # Run queries. try: with session.timer.track('index-search'): result = blockingCallFromThread(reactor, searchQueries.get) except SearchError as error: session.log.exception(error) raise TParseError(query, error.message) # Build a result set from the searches. values = {} for parsedQuery, objectIDs in result.iteritems(): for objectID in objectIDs: for tagAndValue in valuesByQuery[parsedQuery]: value = guessValue(tagAndValue.value) # FIXME: this code sucks, but I rather not having # to modify guessValue to return a list, as that # would break other code. # Hopefully, we'll be able to remove this pretty # soon. if isinstance(value, list): value = [item.decode('utf-8') for item in value] if objectID not in values: values[objectID] = {} values[objectID][tagAndValue.path] = value # Update values. if values: tagValues = SecureTagValueAPI(session.auth.user) try: result = tagValues.set(values) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except MalformedPathError as error: # FIXME: Modify MalformedPathError to have a path field. raise TInvalidPath(str(error).encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def run(): try: SecureTagValueAPI(session.auth.user).delete(values) except UnknownPathError as error: session.log.exception(error) raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def run(): value = {path: description} try: SecureTagAPI(session.auth.user).set(value) except UnknownPathError as error: session.log.exception(error) raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath)
def run(): namespaces = SecureNamespaceAPI(session.auth.user) try: namespaces.set({path: description}) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) path_ = path_.encode('utf-8') raise TPathPermissionDenied(path_, category, action)
def run(): try: [(objectID, _)] = SecureUserAPI(session.auth.user).set( [(info.username, info.password, info.name, info.email, info.role)]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(info.username.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) return str(objectID)
def run(): try: SecureUserAPI(session.auth.user).delete([username]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(username) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) except NotEmptyError as error: session.log.exception(error) raise TBadRequest("Can't delete user %r because they have " 'data.' % username)
def run(): try: [(objectID, _)] = SecureUserAPI(session.auth.user).set([ (info.username, info.password, info.name, info.email, info.role) ]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(info.username.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) return str(objectID)
def run(): tags = SecureTagAPI(session.auth.user) path = u'/'.join([parentNamespace, name]) try: [(objectID, _)] = tags.create([(path, description)]) except DuplicatePathError as error: session.log.exception(error) raise TTagAlreadyExists(path.encode('utf-8')) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) except MalformedPathError as error: session.log.exception(error) raise TInvalidPath(path.encode('utf-8')) return str(objectID)
def run(): permissions = SecurePermissionAPI(session.auth.user) try: result = permissions.get([(path, operation)]) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] if operation in Operation.TAG_OPERATIONS: raise TNonexistentTag(unknownPath.encode('utf-8')) if operation in Operation.NAMESPACE_OPERATIONS: raise TNonexistentNamespace(unknownPath.encode('utf-8')) raise except PermissionDeniedError as error: session.log.exception(error) deniedPath, deniedOperation = error.pathsAndOperations[0] deniedCategory, deniedAction = getCategoryAndAction( deniedOperation) raise TPathPermissionDenied(deniedPath, deniedCategory, deniedAction) policy, exceptions = result[(path, operation)] policy = str(policy).lower() return TPolicyAndExceptions(policy=policy, exceptions=exceptions)
def run(): namespaces = SecureNamespaceAPI(session.auth.user) path = u'/'.join([parentNamespace, name]) try: result = namespaces.create([(path, description)]) [objectID] = [objectID for objectID, path_ in result if path_ == path] except DuplicatePathError as error: session.log.exception(error) raise TNamespaceAlreadyExists(path.encode('utf-8')) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) path = path.encode('utf-8') raise TPathPermissionDenied(path, category, action) except MalformedPathError as error: session.log.exception(error) raise TInvalidPath(path.encode('utf-8')) return str(objectID)
def run(): namespaces = SecureNamespaceAPI(session.auth.user) path = u'/'.join([parentNamespace, name]) try: result = namespaces.create([(path, description)]) [objectID ] = [objectID for objectID, path_ in result if path_ == path] except DuplicatePathError as error: session.log.exception(error) raise TNamespaceAlreadyExists(path.encode('utf-8')) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) path = path.encode('utf-8') raise TPathPermissionDenied(path, category, action) except MalformedPathError as error: session.log.exception(error) raise TInvalidPath(path.encode('utf-8')) return str(objectID)
def testGetCategoryAndAction(self): """ L{getCategoryAndAction} returns the category and action for a given L{Operation} value. """ self.assertEqual((u'namespaces', u'create'), getCategoryAndAction(Operation.CREATE_NAMESPACE)) self.assertEqual((u'namespaces', u'update'), getCategoryAndAction(Operation.UPDATE_NAMESPACE)) self.assertEqual((u'namespaces', u'delete'), getCategoryAndAction(Operation.DELETE_NAMESPACE)) self.assertEqual((u'namespaces', u'list'), getCategoryAndAction(Operation.LIST_NAMESPACE)) self.assertEqual((u'namespaces', u'control'), getCategoryAndAction(Operation.CONTROL_NAMESPACE)) self.assertEqual((u'tags', u'update'), getCategoryAndAction(Operation.UPDATE_TAG)) self.assertEqual((u'tags', u'delete'), getCategoryAndAction(Operation.DELETE_TAG)) self.assertEqual((u'tags', u'control'), getCategoryAndAction(Operation.CONTROL_TAG)) self.assertEqual((u'tag-values', u'write'), getCategoryAndAction(Operation.WRITE_TAG_VALUE)) self.assertEqual((u'tag-values', u'read'), getCategoryAndAction(Operation.READ_TAG_VALUE)) self.assertEqual((u'tag-values', u'delete'), getCategoryAndAction(Operation.DELETE_TAG_VALUE)) self.assertEqual((u'tag-values', u'control'), getCategoryAndAction(Operation.CONTROL_TAG_VALUE)) self.assertEqual((u'users', 'create'), getCategoryAndAction(Operation.CREATE_USER)) self.assertEqual((u'users', 'delete'), getCategoryAndAction(Operation.DELETE_USER)) self.assertEqual((u'users', 'update'), getCategoryAndAction(Operation.UPDATE_USER)) self.assertEqual((u'objects', 'create'), getCategoryAndAction(Operation.CREATE_OBJECT))