def group_acl_report(group_name):
"""
Display a table of items and permissions, where the ACL rule specifies any
WikiGroup or ConfigGroup name.
"""
query = And([
Term(WIKINAME, app.cfg.interwikiname),
Not(Term(NAMESPACE, NAMESPACE_USERPROFILES))
])
all_metas = flaskg.storage.search_meta(query,
idx_name=LATEST_REVS,
sortedby=[NAMESPACE, NAME],
limit=None)
group_items = []
for meta in all_metas:
acl_iterator = ACLStringIterator(ACL_RIGHTS_CONTENTS,
meta.get(ACL, ''))
for modifier, entries, rights in acl_iterator:
if group_name in entries:
fqname = gen_fqnames(meta)
group_items.append(
dict(name=meta.get(NAME),
itemid=meta.get(ITEMID),
namespace=meta.get(NAMESPACE),
fqname=fqname,
rights=rights))
return render_template('admin/group_acl_report.html',
title_name=_('Group ACL Report'),
group_items=group_items,
group_name=group_name)
def item_acl_report():
"""
Return a sorted list of all items in the wiki along with the ACL Meta-data.
Item names are prefixed with the namespace, if there is a non-default namespace.
If there are multiple names, the first name is used for sorting.
"""
query = And([
Term(WIKINAME, app.cfg.interwikiname),
Not(Term(NAMESPACE, NAMESPACE_USERPROFILES)),
])
all_metas = flaskg.storage.search_meta(query,
idx_name=LATEST_REVS,
sortedby=[NAMESPACE, NAME],
limit=None)
items_acls = []
for meta in all_metas:
item_namespace = meta.get(NAMESPACE)
item_id = meta.get(ITEMID)
if item_namespace:
item_name = [
item_namespace + '/' + name for name in meta.get(NAME)
]
else:
item_name = meta.get(NAME)
item_acl = meta.get(ACL)
acl_default = item_acl is None
if acl_default:
for namespace, acl_config in app.cfg.acl_mapping:
if item_namespace == namespace:
item_acl = acl_config['default']
fqnames = gen_fqnames(meta)
fqname = fqnames[0]
items_acls.append({
'name': item_name,
'name_old': meta.get('name_old', []),
'itemid': item_id,
'fqnames': fqnames,
'fqname': fqnames[0],
'acl': item_acl,
'acl_default': acl_default
})
# deleted items have no names; this sort places deleted items on top of the report;
# the display name may be similar to: "9cf939f ~(DeletedItemName)"
items_acls = sorted(items_acls, key=lambda k: (k['name'], k['name_old']))
return render_template('admin/item_acl_report.html',
title_name=_('Item ACL Report'),
number_items=len(items_acls),
items_acls=items_acls)
def user_acl_report(uid):
query = And([
Term(WIKINAME, app.cfg.interwikiname),
Not(Term(NAMESPACE, NAMESPACE_USERPROFILES))
])
all_metas = flaskg.storage.search_meta(query,
idx_name=LATEST_REVS,
sortedby=[NAMESPACE, NAME],
limit=None)
theuser = user.User(uid=uid)
itemwise_acl = []
for meta in all_metas:
fqname = gen_fqnames(meta)
acl_parts = {
'name': meta.get(NAME),
'namespace': meta.get(NAMESPACE),
'itemid': meta.get(ITEMID),
'fqname': fqname
}
parentnames = tuple(parent_names(meta[NAME]))
usernames = tuple(theuser.name)
acl = meta.get(ACL, None)
last_item_result = {
'read':
flaskg.storage.allows(usernames, acl, parentnames, meta[NAMESPACE],
READ),
'write':
flaskg.storage.allows(usernames, acl, parentnames, meta[NAMESPACE],
WRITE),
'create':
flaskg.storage.allows(usernames, acl, parentnames, meta[NAMESPACE],
CREATE),
'admin':
flaskg.storage.allows(usernames, acl, parentnames, meta[NAMESPACE],
ADMIN),
'destroy':
flaskg.storage.allows(usernames, acl, parentnames, meta[NAMESPACE],
DESTROY)
}
itemwise_acl.append({**acl_parts, **last_item_result})
return render_template('admin/user_acl_report.html',
title_name=_('User ACL Report'),
user_names=theuser.name,
itemwise_acl=itemwise_acl)