def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwargs):
logger.debug("Received m2m_changed from group %s permissions with action %s" % (instance, action))
if instance.pk and (action == "post_remove" or action == "post_clear"):
logger.debug("Checking if service permission changed for group {}".format(instance))
# As validating an entire groups service could lead to many thousands of permission checks
# first we check that one of the permissions changed is, in fact, a service permission.
perms = Permission.objects.filter(pk__in=pk_set)
got_change = False
service_perms = [svc.access_perm for svc in ServicesHook.get_services()]
for perm in perms:
natural_key = perm.natural_key()
path_perm = "{}.{}".format(natural_key[1], natural_key[0])
if path_perm not in service_perms:
# Not a service permission, keep searching
continue
for svc in ServicesHook.get_services():
if svc.access_perm == path_perm:
logger.debug("Permissions changed for group {} on "
"service {}, re-validating services for groups users".format(instance, svc))
def validate_all_groups_users_for_service():
logger.debug("Performing validation for service {}".format(svc))
for user in instance.user_set.all():
svc.validate_user(user)
transaction.on_commit(validate_all_groups_users_for_service)
got_change = True
break # Found service, break out of services iteration and go back to permission iteration
if not got_change:
logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwargs):
logger.debug("Received m2m_changed from group %s permissions with action %s" % (instance, action))
if instance.pk and (action == "post_remove" or action == "post_clear"):
logger.debug("Checking if service permission changed for group {}".format(instance))
# As validating an entire groups service could lead to many thousands of permission checks
# first we check that one of the permissions changed is, in fact, a service permission.
perms = Permission.objects.filter(pk__in=pk_set)
got_change = False
service_perms = [svc.access_perm for svc in ServicesHook.get_services()]
for perm in perms:
natural_key = perm.natural_key()
path_perm = "{}.{}".format(natural_key[1], natural_key[0])
if path_perm not in service_perms:
# Not a service permission, keep searching
continue
for svc in ServicesHook.get_services():
if svc.access_perm == path_perm:
logger.debug("Permissions changed for group {} on "
"service {}, re-validating services for groups users".format(instance, svc))
def validate_all_groups_users_for_service():
logger.debug("Performing validation for service {}".format(svc))
for user in instance.user_set.all():
svc.validate_user(user)
transaction.on_commit(validate_all_groups_users_for_service)
got_change = True
break # Found service, break out of services iteration and go back to permission iteration
if not got_change:
logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
def validate_all_services():
logger.debug("Validating all services for user {}".format(instance))
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
except:
logger.exception(
'Exception running validate_user for services module {} on user {}'.format(svc, instance))
def validate_services(self, user):
logger.debug('Ensuring user %s has permissions for active services'.format(user))
# Iterate through services hooks and have them check the validity of the user
for svc in ServicesHook.get_services():
try:
svc.validate_user(user)
except:
logger.exception('Exception running validate_user for services module %s on user %s' % (svc, user))
def validate_all_services():
logger.debug("Validating all services for user {}".format(instance))
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
except:
logger.exception(
'Exception running validate_user for services module {} on user {}'.format(svc, user))
def trigger_service_group_update():
logger.debug("Triggering service group update for %s" % instance)
# Iterate through Service hooks
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
svc.update_groups(instance)
except:
logger.exception('Exception running update_groups for services module %s on user %s' % (svc, instance))
def trigger_service_group_update():
logger.debug("Triggering service group update for %s" % instance)
# Iterate through Service hooks
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
svc.update_groups(instance)
except:
logger.exception('Exception running update_groups for services module %s on user %s' % (svc, instance))
def validate_services(self, user):
logger.debug(
'Ensuring user %s has permissions for active services'.format(user))
# Iterate through services hooks and have them check the validity of the user
for svc in ServicesHook.get_services():
try:
svc.validate_user(user)
except:
logger.exception(
'Exception running validate_user for services module %s on user %s'
% (svc, user))
