def post(self, *args: Any, **kwargs: Any) -> None:
mapping_id = int(self.get_path_argument("mapping_id"))
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
permission = mapping.permission
group = mapping.group
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"revoke_permission",
"Revoked permission with argument: {}".format(mapping.argument),
on_group_id=group.id,
on_permission_id=permission.id,
)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def test_get_auditors_group(session, standard_graph): # noqa: F811
with pytest.raises(NoSuchGroup) as exc:
get_auditors_group(Mock(auditors_group=None), session)
assert str(
exc.value
) == "Please ask your admin to configure the `auditors_group` settings"
with pytest.raises(NoSuchGroup) as exc:
get_auditors_group(Mock(auditors_group="do-not-exist"), session)
assert str(
exc.value
) == "Please ask your admin to configure the default group for auditors"
# now should be able to get the group
auditors_group = get_auditors_group(Mock(auditors_group="auditors"),
session)
assert auditors_group is not None
# revoke the permission and make sure we raise the
# GroupDoesNotHaveAuditPermission exception
perms = [
p for p in auditors_group.my_permissions()
if p.name == PERMISSION_AUDITOR
]
assert len(perms) == 1
mapping = PermissionMap.get(session, id=perms[0].mapping_id)
mapping.delete(session)
with pytest.raises(GroupDoesNotHaveAuditPermission):
get_auditors_group(Mock(auditors_group="auditors"), session)
def post(self, name=None, mapping_id=None):
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
permission = mapping.permission
group = mapping.group
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session,
self.current_user.id,
'revoke_permission',
'Revoked permission with argument: {}'.format(
mapping.argument),
on_group_id=group.id,
on_permission_id=permission.id)
return self.redirect('/groups/{}?refresh=yes'.format(group.name))
def post(self, name=None, mapping_id=None):
grantable = self.current_user.my_grantable_permissions()
if not grantable:
return self.forbidden()
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
allowed = False
for perm in grantable:
if perm[0].name == mapping.permission.name:
if matches_glob(perm[1], mapping.argument):
allowed = True
if not allowed:
return self.forbidden()
permission = mapping.permission
group = mapping.group
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'revoke_permission',
'Revoked permission with argument: {}'.format(mapping.argument),
on_group_id=group.id, on_permission_id=permission.id)
return self.redirect('/groups/{}?refresh=yes'.format(group.name))
def get(self, name=None, mapping_id=None):
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
self.render("permission-revoke.html", mapping=mapping)
def get(self, name=None, mapping_id=None):
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
self.render("permission-revoke.html", mapping=mapping)
def get(self, *args: Any, **kwargs: Any) -> None:
mapping_id = int(self.get_path_argument("mapping_id"))
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
self.render("permission-revoke.html", mapping=mapping)
def test_get_auditors_group(session, standard_graph): # noqa: F811
with pytest.raises(NoSuchGroup) as exc:
get_auditors_group(Mock(auditors_group=None), session)
assert str(exc.value) == "Please ask your admin to configure the `auditors_group` settings"
with pytest.raises(NoSuchGroup) as exc:
get_auditors_group(Mock(auditors_group="do-not-exist"), session)
assert str(exc.value) == "Please ask your admin to configure the default group for auditors"
# now should be able to get the group
auditors_group = get_auditors_group(Mock(auditors_group="auditors"), session)
assert auditors_group is not None
# revoke the permission and make sure we raise the
# GroupDoesNotHaveAuditPermission exception
perms = [p for p in auditors_group.my_permissions() if p.name == PERMISSION_AUDITOR]
assert len(perms) == 1
mapping = PermissionMap.get(session, id=perms[0].mapping_id)
mapping.delete(session)
with pytest.raises(GroupDoesNotHaveAuditPermission):
get_auditors_group(Mock(auditors_group="auditors"), session)
def get(self, name=None, mapping_id=None):
grantable = self.current_user.my_grantable_permissions()
if not grantable:
return self.forbidden()
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
allowed = False
for perm in grantable:
if perm[0].name == mapping.permission.name:
if matches_glob(perm[1], mapping.argument):
allowed = True
if not allowed:
return self.forbidden()
self.render("permission-revoke.html", mapping=mapping)
def post(self, name=None, mapping_id=None):
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not self.check_access(self.session, mapping, self.current_user):
return self.forbidden()
permission = mapping.permission
group = mapping.group
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'revoke_permission',
'Revoked permission with argument: {}'.format(mapping.argument),
on_group_id=group.id, on_permission_id=permission.id)
return self.redirect('/groups/{}?refresh=yes'.format(group.name))
