def create_or_update(collection=None, source=None):
if collection is not None:
authz.require(authz.collection(authz.WRITE, collection))
if source is not None:
authz.require(authz.source(authz.WRITE, source))
resource_type = Permission.COLLECTION if collection else Permission.SOURCE
resource_id = collection or source
data = request_data()
validate(data, permissions_schema)
# check that the role exists.
rq = session.query(Role).filter(Role.id == data['role'])
if rq.first() is None:
raise BadRequest()
q = session.query(Permission)
q = q.filter(Permission.role_id == data['role'])
q = q.filter(Permission.resource_type == resource_type)
q = q.filter(Permission.resource_id == resource_id)
permission = q.first()
if permission is None:
permission = Permission()
permission.role_id = data['role']
permission.resource_type = resource_type
permission.resource_id = resource_id
permission.read = data['read']
permission.write = data['write']
session.add(permission)
session.commit()
return jsonify({
'status': 'ok',
'updated': permission
})
def index(collection=None, source=None):
q = session.query(Permission)
if collection is not None:
authz.require(authz.collection(authz.WRITE, collection))
q = q.filter(Permission.resource_type == Permission.COLLECTION)
q = q.filter(Permission.resource_id == collection)
elif source is not None:
authz.require(authz.source(authz.WRITE, source))
q = q.filter(Permission.resource_type == Permission.SOURCE)
q = q.filter(Permission.resource_id == source)
return jsonify({
'total': q.count(),
'results': q
})
def get_collection(id, right):
collection = session.query(Collection).filter(Collection.id == id).first()
collection = obj_or_404(collection)
authz.require(authz.collection(right, collection.id))
return collection
