Example #1
0
def grant_permission_to_tag(session, tag_id, permission_id, argument=''):
    # type: (Session, int, int, str) -> bool
    """
    Grant a permission to this tag. This will fail if the (permission, argument) has already
    been granted to this tag.

    Args:
        session(models.base.session.Sessioan): database session
        tag_id(int): the id of the tag we're granting the permission to
        permission_id(int): the id of the permission to be granted
        argument(str): must match constants.ARGUMENT_VALIDATION

    Throws:
        AssertError if argument does not match ARGUMENT_VALIDATION regex

    Returns:
        bool indicating whether the function succeeded or not
    """
    assert re.match(ARGUMENT_VALIDATION + r"$", argument), \
        'Permission argument does not match regex.'

    try:
        mapping = TagPermissionMap(permission_id=permission_id, tag_id=tag_id, argument=argument)
        mapping.add(session)

        Counter.incr(session, "updates")
    except IntegrityError:
        session.rollback()
        return False

    session.commit()
    return True
    def get(self, name=None, mapping_id=None):

        mapping = TagPermissionMap.get(self.session, id=mapping_id)
        if not mapping:
            return self.notfound()

        if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name):
            return self.forbidden()

        self.render("permission-revoke-tag.html", mapping=mapping)
    def post(self, name=None, mapping_id=None):
        mapping = TagPermissionMap.get(self.session, id=mapping_id)
        if not mapping:
            return self.notfound()

        if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name):
            return self.forbidden()

        permission = mapping.permission
        tag = mapping.tag

        mapping.delete(self.session)
        Counter.incr(self.session, "updates")
        self.session.commit()

        AuditLog.log(self.session, self.current_user.id, 'revoke_tag_permission',
                     'Revoked permission with argument: {}'.format(mapping.argument),
                     on_tag_id=tag.id, on_permission_id=permission.id)

        return self.redirect('/tags/{}?refresh=yes'.format(tag.name))