def _has_permission(self, user: UserClass, model: Type[Model],
model_pk: int, permission_name: str):
"""Check if contributor has requested permissions.
:raises RuntimeError: with detailed explanation when check fails.
"""
full_permission_name = get_full_perm(permission_name, model)
object_ = model.objects.filter(pk=model_pk)
if not object_:
raise RuntimeError(
f"Object {model._meta.model_name} with id {model_pk} not found."
)
filtered_object = get_objects_for_user(
user,
[full_permission_name],
object_,
)
if not filtered_object:
if object_:
raise RuntimeError(
f"No edit permission for {model._meta.model_name} with id {model_pk}."
)
else:
raise RuntimeError(
f"Object {model._meta.model_name} with id {model_pk} not found."
)
def filter_objects(self, user: UserClass, queryset: QuerySet,
data: Data) -> QuerySet:
"""Filter the objects for the given user."""
inputs = queryset.filter(id__in=data.parents.all())
permission_name = get_full_perm("view", queryset.model)
return (get_objects_for_user(user, permission_name,
queryset).distinct().union(inputs))
def handle_get_relations(self, message: Message[int],
manager: "Processor") -> Response[List[dict]]:
"""Get relations for the given collection object."""
collection = get_objects_for_user(
manager.contributor,
get_full_perm("view", Collection),
Collection.objects.filter(id=message.message_data),
).get()
return message.respond_ok(serialize_collection_relations(collection))
def to_internal_value(self, data):
"""Convert to internal value."""
# Allow None values only in case field is not required.
if "id" in data and data["id"] is None and not self.required:
return
elif data.get("id", None) is not None:
kwargs = {"id": data["id"]}
elif data.get("slug", None) is not None:
if self.root.instance:
# ``self.root.instance != None`` means that an instance is
# already present, so this is not "create" request.
self.fail("slug_not_allowed")
kwargs = {"slug": data["slug"]}
else:
self.fail("null", name=self.field_name)
user = getattr(self.context.get("request"), "user")
queryset = self.get_queryset()
permission = get_full_perm(self.write_permission, queryset.model)
try:
return get_objects_for_user(
user, permission, queryset.filter(**kwargs)).latest("version")
except ObjectDoesNotExist:
# Differentiate between "user has no permission" and "object does not exist"
view_permission = get_full_perm("view", queryset.model)
if permission != view_permission:
try:
get_objects_for_user(
user, view_permission,
queryset.filter(**kwargs)).latest("version")
raise exceptions.PermissionDenied(
"You do not have {} permission for {}: {}.".format(
self.write_permission, self.model_name, data))
except ObjectDoesNotExist:
pass
self.fail("does_not_exist",
value=smart_text(data),
model_name=self.model_name)
def filter_objects(self, user: UserClass, queryset: QuerySet,
data: Data) -> QuerySet:
"""Filter the objects for the given user.
Snorage objects are special: we have to check if user has permission on
the data model. The permission name must be given in the form
'app_label.permission_name' otherwise wrong content type is infered
it the get_objects_for_user method.
"""
permission_name = "flow." + get_full_perm("view", Data)
perms_filter = "data__pk__in"
return (get_objects_for_user(
user, permission_name, queryset,
perms_filter=perms_filter).distinct().union(
queryset.filter(contributor=user)))
def to_internal_value(self, data):
"""Convert to internal value."""
user = getattr(self.context.get('request'), 'user')
queryset = self.get_queryset()
permission = get_full_perm('view', queryset.model)
try:
return get_objects_for_user(
user,
permission,
queryset.filter(**{self.slug_field: data}),
).latest()
except ObjectDoesNotExist:
self.fail(
'does_not_exist',
slug_name=self.slug_field,
value=smart_text(data),
model_name=queryset.model._meta.model_name, # pylint: disable=protected-access
)
except (TypeError, ValueError):
self.fail('invalid')
def handle_get_process_requirements(
self, message: Message[int],
manager: "Processor") -> Response[dict]:
"""Return the requirements for the process with the given id."""
process_id = message.message_data
filtered_process = get_objects_for_user(
manager.contributor,
get_full_perm("view", Process),
Process.objects.filter(pk=process_id),
)
process_requirements, process_slug = filtered_process.values_list(
"requirements", "slug").get()
resources = process_requirements.get("resources", {})
# Get limit defaults and overrides.
limit_defaults = getattr(settings, "FLOW_PROCESS_RESOURCE_DEFAULTS",
{})
limit_overrides = getattr(settings, "FLOW_PROCESS_RESOURCE_OVERRIDES",
{})
limits = {}
limits["cores"] = int(resources.get("cores", 1))
max_cores = getattr(settings, "FLOW_PROCESS_MAX_CORES", None)
if max_cores:
limits["cores"] = min(limits["cores"], max_cores)
memory = limit_overrides.get("memory", {}).get(process_slug, None)
if memory is None:
memory = int(
resources.get(
"memory",
# If no memory resource is configured, check settings.
limit_defaults.get("memory", 4096),
))
limits["memory"] = memory
process_requirements["resources"] = limits
return message.respond_ok(process_requirements)
def get_owner_names_value(self, obj):
"""Extract owners' names."""
return [
self._get_user(user)
for user in get_users_with_permission(obj, get_full_perm('owner', obj))
]
def get_owner_ids_value(self, obj):
"""Extract owners' ids."""
return [
user.pk
for user in get_users_with_permission(obj, get_full_perm('owner', obj))
]
def filter_objects(self, user: UserClass, queryset: QuerySet,
data: Data) -> QuerySet:
"""Filter the objects for the given user."""
permission_name = get_full_perm("view", queryset.model)
return get_objects_for_user(user, permission_name, queryset)
def test_get_full_perm(self):
self.assertEqual(get_full_perm('view', self.collection),
'view_collection')
self.assertEqual(get_full_perm('view', self.descriptor_schema),
'view_descriptorschema')
def get_owner_names_value(self, obj):
"""Extract owners' names."""
return [
self._get_user(user) for user in get_users_with_permission(
obj, get_full_perm('owner', obj))
]
def get_owner_ids_value(self, obj):
"""Extract owners' ids."""
return [
user.pk for user in get_users_with_permission(
obj, get_full_perm('owner', obj))
]
def filter_permission(self, queryset, name, value):
"""Filter queryset by permissions."""
user = self.request.user or AnonymousUser()
perm = get_full_perm(value, queryset.model)
return get_objects_for_user(user, perm, queryset)
def test_get_full_perm(self):
self.assertEqual(get_full_perm('view', self.collection), 'view_collection')
self.assertEqual(get_full_perm('view', self.descriptor_schema), 'view_descriptorschema')
def test_get_full_perm(self):
self.assertEqual(get_full_perm("view", self.collection),
"view_collection")
self.assertEqual(get_full_perm("view", self.descriptor_schema),
"view_descriptorschema")
