def before_inserting_nodes(items): """Before inserting a node in the collection we check if the user is allowed and we append the project id to it. """ from pillar.auth import current_user nodes_collection = current_app.data.driver.db['nodes'] def find_parent_project(node): """Recursive function that finds the ultimate parent of a node.""" if node and 'parent' in node: parent = nodes_collection.find_one({'_id': node['parent']}) return find_parent_project(parent) if node: return node else: return None for item in items: check_permissions('nodes', item, 'POST') if 'parent' in item and 'project' not in item: parent = nodes_collection.find_one({'_id': item['parent']}) project = find_parent_project(parent) if project: item['project'] = project['_id'] # Default the 'user' property to the current user. item.setdefault('user', current_user.user_id)
def share_node(node_id): """Shares a node, or returns sharing information.""" node_id = str2id(node_id) nodes_coll = current_app.data.driver.db['nodes'] node = nodes_coll.find_one({'_id': node_id}, projection={ 'project': 1, 'node_type': 1, 'short_code': 1 }) if not node: raise wz_exceptions.NotFound('Node %s does not exist.' % node_id) check_permissions('nodes', node, request.method) log.info('Sharing node %s', node_id) short_code = node.get('short_code') status = 200 if not short_code: if request.method == 'POST': short_code = generate_and_store_short_code(node) make_world_gettable(node) status = 201 else: return '', 204 return jsonify(eve_hooks.short_link_info(short_code), status=status)
def before_returning_node(node): # Run validation process, since GET on nodes entry point is public check_permissions('nodes', node, 'GET', append_allowed_methods=True) # Embed short_link_info if the node has a short_code. short_code = node.get('short_code') if short_code: node['short_link'] = short_link_info(short_code)['short_link']
def project_quotas(project_id): """Returns information about the project's limits.""" # Check that the user has GET permissions on the project itself. project = mongo.find_one_or_404('projects', project_id) check_permissions('projects', project, 'GET') file_size_used = utils.project_total_file_size(project_id) info = { 'file_size_quota': None, # TODO: implement this later. 'file_size_used': file_size_used, } return jsonify(info)
def project_node_type_has_method(response): """Check for a specific request arg, and check generate the allowed_methods list for the required node_type. """ node_type_name = request.args.get('node_type', '') # Proceed only node_type has been requested if not node_type_name: return # Look up the node type in the project document if not any(node_type.get('name') == node_type_name for node_type in response['node_types']): return abort(404) # Check permissions and append the allowed_methods to the node_type check_permissions('projects', response, 'GET', append_allowed_methods=True, check_node_type=node_type_name)
def before_delete_project(document): """Checks permissions before we allow deletion""" check_permissions('projects', document, request.method) log.info('Deleting project %s on behalf of user %s', document['_id'], current_user)
def before_edit_check_permissions(document, original): check_permissions('projects', original, request.method)
def before_returning_project_permissions(response): # Run validation process, since GET on nodes entry point is public check_permissions('projects', response, 'GET', append_allowed_methods=True)
def before_delete_project(document): """Checks permissions before we allow deletion""" check_permissions('projects', document, request.method)
def before_deleting_node(node: dict): check_permissions('nodes', node, 'DELETE')
def before_replacing_node(item, original): check_permissions('nodes', original, 'PUT') update_file_name(item)
def before_deleting_node(node: dict): check_permissions('nodes', node, 'DELETE') remove_project_references(node)