async def sharing_post(context, request): """Change permissions""" lroles = local_roles() data = await request.json() if 'prinrole' not in data and \ 'roleperm' not in data and \ 'prinperm' not in data: raise AttributeError('prinrole or roleperm or prinperm missing') if 'type' not in data: raise AttributeError('type missing') setting = data['type'] # we need to check if we are changing any info changed = False if 'prinrole' in data: if setting not in PermissionMap['prinrole']: raise AttributeError('Invalid Type') manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) for user, roles in data['prinrole'].items(): for role in roles: if role in lroles: changed = True func(role, user) else: raise KeyError('No valid local role') if 'prinperm' in data: if setting not in PermissionMap['prinperm']: raise AttributeError('Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) for user, permissions in data['prinperm'].items(): for permision in permissions: changed = True func(permision, user) if 'roleperm' in data: if setting not in PermissionMap['roleperm']: raise AttributeError('Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) for role, permissions in data['roleperm'].items(): for permission in permissions: changed = True func(permission, role) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
def get_principals_with_access_content(obj, request=None): if obj is None: return [] roles = cached_roles(obj, "guillotina.AccessContent", "o") result = [] all_roles = role.global_roles() + role.local_roles() for r in roles.keys(): if r in all_roles: result.append(r) users = cached_principals(obj, result, "guillotina.AccessContent", "o") return list(users.keys())
def get_roles_with_access_content(obj, request=None): """ Return the roles that has access to the content that are global roles""" if obj is None: return [] roles = cached_roles(obj, "guillotina.AccessContent", "o") result = [] all_roles = role.global_roles() + role.local_roles() for r in roles.keys(): if r in all_roles: result.append(r) return result
async def apply_sharing(context, data): lroles = role.local_roles() changed = False for perminhe in data.get('perminhe') or []: setting = perminhe.get('setting') if setting not in PermissionMap['perminhe']: raise PreconditionFailed( context, 'Invalid Type {}'.format(setting)) manager = IInheritPermissionManager(context) operation = PermissionMap['perminhe'][setting] func = getattr(manager, operation) changed = True func(perminhe['permission']) for prinrole in data.get('prinrole') or []: setting = prinrole.get('setting') if setting not in PermissionMap['prinrole']: raise PreconditionFailed( context, 'Invalid Type {}'.format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) if prinrole['role'] in lroles: changed = True func(prinrole['role'], prinrole['principal']) else: raise PreconditionFailed( context, 'No valid local role') for prinperm in data.get('prinperm') or []: setting = prinperm['setting'] if setting not in PermissionMap['prinperm']: raise PreconditionFailed( context, 'Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) changed = True func(prinperm['permission'], prinperm['principal']) for roleperm in data.get('roleperm') or []: setting = roleperm['setting'] if setting not in PermissionMap['roleperm']: raise PreconditionFailed( context, 'Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) changed = True func(roleperm['permission'], roleperm['role']) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data): lroles = role.local_roles() changed = False for perminhe in data.get('perminhe') or []: setting = perminhe.get('setting') if setting not in PermissionMap['perminhe']: raise PreconditionFailed(context, 'Invalid Type {}'.format(setting)) manager = IInheritPermissionManager(context) operation = PermissionMap['perminhe'][setting] func = getattr(manager, operation) changed = True func(perminhe['permission']) for prinrole in data.get('prinrole') or []: setting = prinrole.get('setting') if setting not in PermissionMap['prinrole']: raise PreconditionFailed(context, 'Invalid Type {}'.format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) if prinrole['role'] in lroles: changed = True func(prinrole['role'], prinrole['principal']) else: raise PreconditionFailed(context, 'No valid local role') for prinperm in data.get('prinperm') or []: setting = prinperm['setting'] if setting not in PermissionMap['prinperm']: raise PreconditionFailed(context, 'Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) changed = True func(prinperm['permission'], prinperm['principal']) for roleperm in data.get('roleperm') or []: setting = roleperm['setting'] if setting not in PermissionMap['roleperm']: raise PreconditionFailed(context, 'Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) changed = True func(roleperm['permission'], roleperm['role']) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def addPerms(obj, perms, changed=False): """apply some permissions. Copied almost verbatim from sharingPOST service """ lroles = local_roles() groles = global_roles() if ("prinrole" not in perms and "roleperm" not in perms and "prinperm" not in perms): raise PreconditionFailed(obj, "prinrole or roleperm or prinperm missing") for prinrole in perms.get("prinrole") or []: setting = prinrole.get("setting") if setting not in PermissionMap["prinrole"]: raise PreconditionFailed(obj, "Invalid Type {}".format(setting)) manager = IPrincipalRoleManager(obj) operation = PermissionMap["prinrole"][setting] func = getattr(manager, operation) if (obj.type_name == "Container" and prinrole["role"] not in groles + lroles): raise PreconditionFailed( obj, "Not a valid role: {}".format(prinrole["role"])) if obj.type_name != "Container" and prinrole["role"] not in lroles: raise PreconditionFailed( obj, "Not a valid local role: {}".format(prinrole["role"])) changed = True func(prinrole["role"], prinrole["principal"]) for prinperm in perms.get("prinperm") or []: setting = prinperm["setting"] if setting not in PermissionMap["prinperm"]: raise PreconditionFailed(obj, "Invalid Type") manager = IPrincipalPermissionManager(obj) operation = PermissionMap["prinperm"][setting] func = getattr(manager, operation) changed = True func(prinperm["permission"], prinperm["principal"]) for roleperm in perms.get("roleperm") or []: setting = roleperm["setting"] if setting not in PermissionMap["roleperm"]: raise PreconditionFailed(obj, "Invalid Type") manager = IRolePermissionManager(obj) operation = PermissionMap["roleperm"][setting] func = getattr(manager, operation) changed = True func(roleperm["permission"], roleperm["role"]) if changed: obj._p_register() # make sure data is saved
def get_roles_with_access_content(obj, request=None): """ Return the roles that has access to the content that are global roles""" if obj is None: return [] if request is None: request = get_current_request() interaction = IInteraction(request) roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o') result = [] all_roles = role.global_roles() + role.local_roles() for r in roles.keys(): if r in all_roles: result.append(r) return result
def get_principals_with_access_content(obj, request=None): if obj is None: return {} if request is None: request = get_current_request() interaction = IInteraction(request) roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o') result = [] all_roles = role.global_roles() + role.local_roles() for r in roles.keys(): if r in all_roles: result.append(r) users = interaction.cached_principals(obj, result, 'guillotina.AccessContent', 'o') return list(users.keys())
async def __call__(self, changed=False): """Change permissions""" context = self.context request = self.request lroles = local_roles() data = await request.json() if 'prinrole' not in data and \ 'roleperm' not in data and \ 'prinperm' not in data: raise PreconditionFailed( self.context, 'prinrole or roleperm or prinperm missing') for prinrole in data.get('prinrole') or []: setting = prinrole.get('setting') if setting not in PermissionMap['prinrole']: raise PreconditionFailed(self.context, 'Invalid Type {}'.format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) if prinrole['role'] in lroles: changed = True func(prinrole['role'], prinrole['principal']) else: raise PreconditionFailed(self.context, 'No valid local role') for prinperm in data.get('prinperm') or []: setting = prinperm['setting'] if setting not in PermissionMap['prinperm']: raise PreconditionFailed(self.context, 'Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) changed = True func(prinperm['permission'], prinperm['principal']) for roleperm in data.get('roleperm') or []: setting = roleperm['setting'] if setting not in PermissionMap['roleperm']: raise PreconditionFailed(self.context, 'Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) changed = True func(roleperm['permission'], roleperm['role']) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def __call__(self): roles = global_roles() + local_roles() return roles
async def grantinfo(context, request): """ principals -> roles """ search = request.query.get("search") if search is not None: search = search.lower() result = {"available_roles": [], "entries": []} # Inherit inheritMap = IInheritPermissionMap(context) permissions = inheritMap.get_locked_permissions() if len(permissions) > 0: blocked_permissions = permissions result["inherit"] = False else: result["inherit"] = True # Roles roles = local_roles() valid_roles = [ role for role in roles if role in app_settings.get("available_roles", []) ] for role in valid_roles: role_obj = get_utility(IRole, name=role) result["available_roles"].append({ "id": role, "title": role_obj.title, "description": role_obj.description }) prinrole = IPrincipalRoleMap(context) settings = [ setting for setting in prinrole.get_principals_and_roles() if setting[0] in valid_roles ] valid_settings = {} default_roles = {role: None for role in valid_roles} try: container = get_current_container() users = await container.async_get("users") groups = await container.async_get("groups") except (AttributeError, KeyError, ContainerNotFound): return None for data in settings: if data[1] not in valid_settings: user = await users.async_get(data[1]) if user: valid_settings[data[1]] = { "id": data[1], "disabled": user.disabled, "login": None, "roles": deepcopy(default_roles), "title": user.name, "type": "user", "origin": "dbusers", } else: group = await groups.async_get(data[1]) if group: valid_settings[data[1]] = { "id": data[1], "disabled": group.disabled, "login": None, "roles": deepcopy(default_roles), "title": group.name, "type": "group", "origin": "dbusers", } else: valid_settings[data[1]] = { "id": data[1], "disabled": False, "login": None, "roles": deepcopy(default_roles), "title": data[1], "type": "user", "origin": "system", } valid_settings[data[1]]["roles"].update({data[0]: data[2]}) result["entries"] = list(valid_settings.values()) if search is not None: catalog = query_utility(ICatalogUtility) query_result = await catalog.search(container, {"type_name": ["User", "Group"]}) for obj in query_result["items"]: ident = obj.get("id", "") if search in ident.lower() and ident not in valid_settings: result["entries"].append({ "id": ident, "disabled": False, "login": None, "roles": deepcopy(default_roles), "title": obj.get("title", ""), "type": obj.get("type_name").lower(), }) return result
async def apply_sharing(context, data): lroles = role.local_roles() changed = False for perminhe in data.get("perminhe") or []: if not isinstance(perminhe, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(perminhe)) setting = perminhe.get("setting") if setting not in PermissionMap["perminhe"]: raise PreconditionFailed(context, "Invalid Type {}".format(setting)) manager = IInheritPermissionManager(context) operation = PermissionMap["perminhe"][setting] func = getattr(manager, operation) changed = True func(perminhe["permission"]) for prinrole in data.get("prinrole") or []: if not isinstance(prinrole, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(prinrole)) setting = prinrole.get("setting") if setting not in PermissionMap["prinrole"]: raise PreconditionFailed(context, "Invalid Type {}".format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap["prinrole"][setting] func = getattr(manager, operation) if prinrole["role"] in lroles: changed = True func(prinrole["role"], prinrole["principal"]) else: raise PreconditionFailed(context, "No valid local role") for prinperm in data.get("prinperm") or []: if not isinstance(prinperm, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(prinperm)) setting = prinperm["setting"] if setting not in PermissionMap["prinperm"]: raise PreconditionFailed(context, "Invalid Type") manager = IPrincipalPermissionManager(context) operation = PermissionMap["prinperm"][setting] func = getattr(manager, operation) changed = True func(prinperm["permission"], prinperm["principal"]) for roleperm in data.get("roleperm") or []: if not isinstance(roleperm, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(roleperm)) setting = roleperm["setting"] if setting not in PermissionMap["roleperm"]: raise PreconditionFailed(context, "Invalid Type") manager = IRolePermissionManager(context) operation = PermissionMap["roleperm"][setting] func = getattr(manager, operation) changed = True func(roleperm["permission"], roleperm["role"]) if changed: context.register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))