def get_auditors_group(settings, session):
"""Retrieve the group for auditors
Arg(s):
settings (settings): settings, to get the `auditors_group` name
session (session): database session
Return:
Group object for the group for Grouper auditors, whose name is
specified with `auditors_group` settings.
Raise:
Raise NoSuchGroup exception if either the name for the
auditors group is not configured, or the group does not exist
in the database. Raise GroupDoesNotHaveAuditPermission if the group
does not actually have the PERMISSION_AUDITOR permission.
"""
# TODO: switch to exc.NoSuchGroup to remove one source dependency
# on graph.py
group_name = get_auditors_group_name(settings)
if not group_name:
raise NoSuchGroup("Please ask your admin to configure the `auditors_group` settings")
group = Group.get(session, name=group_name)
if not group:
raise NoSuchGroup("Please ask your admin to configure the default group for auditors")
if not any([p.name == PERMISSION_AUDITOR for p in group.my_permissions()]):
raise GroupDoesNotHaveAuditPermission()
return group
def get_auditors_group(settings, session):
# type: (Settings, Session) -> Group
"""Retrieve the group for auditors
Arg(s):
settings (settings): settings, to get the `auditors_group` name
session (session): database session
Return:
Group object for the group for Grouper auditors, whose name is
specified with `auditors_group` settings.
Raise:
Raise NoSuchGroup exception if either the name for the
auditors group is not configured, or the group does not exist
in the database. Raise GroupDoesNotHaveAuditPermission if the group
does not actually have the PERMISSION_AUDITOR permission.
"""
# TODO: switch to exc.NoSuchGroup to remove one source dependency
# on graph.py
group_name = get_auditors_group_name(settings)
if not group_name:
raise NoSuchGroup("Please ask your admin to configure the `auditors_group` settings")
group = Group.get(session, name=group_name)
if not group:
raise NoSuchGroup("Please ask your admin to configure the default group for auditors")
if not any([p.name == PERMISSION_AUDITOR for p in group.my_permissions()]):
raise GroupDoesNotHaveAuditPermission()
return group
def get_auditors_group(settings: Settings, session: Session) -> Group:
"""Retrieve the group for auditors
Return:
Group object for the group for Grouper auditors, whose name is specified with the
auditors_group setting.
Raise:
NoSuchGroup: Either the name for the auditors group is not configured, or
the group does not exist in the database
GroupDoesNotHaveAuditPermission: Group does not actually have the PERMISSION_AUDITOR
permission
"""
# TODO(rra): Use a different exception to avoid a dependency on grouper.graph
group_name = get_auditors_group_name(settings)
if not group_name:
raise NoSuchGroup("Please ask your admin to configure the `auditors_group` settings")
group = Group.get(session, name=group_name)
if not group:
raise NoSuchGroup("Please ask your admin to configure the default group for auditors")
if not any([p.name == PERMISSION_AUDITOR for p in group.my_permissions()]):
raise GroupDoesNotHaveAuditPermission()
return group
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported here
from grouper.models.perf_profile import PerfProfile # noqa: F401
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = get_permission(session, name)
if test:
continue
try:
create_permission(session, name, description)
session.flush()
except IntegrityError:
session.rollback()
raise Exception("Failed to create permission: %s" % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception("Failed to create group: grouper-administrators")
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = get_permission(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()
auditors_group_name = get_auditors_group_name(settings)
auditors_group = Group.get(session, name=auditors_group_name)
if not auditors_group:
auditors_group = Group(
groupname=auditors_group_name,
description=
"Group for auditors, who can be owners of audited groups.",
canjoin="canjoin",
)
try:
auditors_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception(
"Failed to create group: {}".format(auditors_group_name))
permission = get_permission(session, PERMISSION_AUDITOR)
assert permission, "Permission should have been created earlier!"
grant_permission(session, auditors_group.id, permission.id)
session.commit()