def delRole(self, name):
'''
Delete a role from the auth system.
Args:
name (str): The user name to delete.
Returns:
True: True if the operation succeeded.
Raises:
s_exc.NoSuchRole: If the role does not exist.
'''
with self.lenv.begin(write=True) as xact:
role = self.roles.pop(name, None)
if role is None:
raise s_exc.NoSuchRole(name=name)
nenc = name.encode('utf8')
xact.delete(nenc, db=self._db_roles)
for user in self.users.values():
role = user.roles.pop(name, None)
if role is not None:
nenc = user.name.encode('utf8')
data = user._getAuthData()
data['vers'] = authver
byts = s_msgpack.en(data)
xact.put(nenc, byts, db=self._db_users)
return True
def addUserRole(self, username, rolename):
user = self.cell.auth.users.get(username)
if user is None:
raise s_exc.NoSuchUser(user=username)
role = self.cell.auth.roles.get(rolename)
if role is None:
raise s_exc.NoSuchRole(role=rolename)
user.addRole(rolename)
async def revoke(self, name):
role = self.auth.rolesbyname.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
roles = list(self.roles)
if role.iden not in roles:
return
roles.remove(role.iden)
await self.info.set('roles', roles)
async def revoke(self, name):
role = self.auth.rolesbyname.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
if role.name == 'all':
raise s_exc.CantRevokeAllRole(mesg='role "all" may not be revoked')
roles = list(self.info.get('roles'))
if role.iden not in roles:
return
roles.remove(role.iden)
await self.auth.setUserInfo(self.iden, 'roles', roles)
async def delRole(self, name):
role = self.rolesbyname.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
self.rolesbyiden.pop(role.iden)
self.rolesbyname.pop(role.name)
path = self.node.full + ('roles', role.iden)
for user in self._getUsersInRole(role):
await user.revokeRole(role)
# directly set the nodes value and let events prop
await self.node.hive.pop(path)
async def grant(self, name, indx=None):
role = self.auth.rolesbyname.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
roles = list(self.roles)
if role.iden in roles:
return
if indx is None:
roles.append(role.iden)
else:
roles.insert(indx, role.iden)
await self.info.set('roles', roles)
def reqRole(self, role):
'''
Get a role object.
Args:
role (str): Name of the role object to get.
Returns:
Role: Role object.
Raises:
s_exc.NoSuchRole: If the role does not exist.
'''
role = self.roles.get(role)
if not role:
raise s_exc.NoSuchRole(role=role)
return role
def addRole(self, name):
'''
Grant a role to a user.
Args:
name (str): The name of the role to grant.
Returns:
True:
Raises:
s_exc.NoSuchRole: If the role does not exist.
'''
role = self.auth.roles.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
self.roles[name] = role
self._saveAuthData()
return True
async def delRole(self, name):
if name == 'all':
raise s_exc.CantDelAllRole(mesg='role "all" may not be deleted')
role = self.rolesbyname.get(name)
if role is None:
raise s_exc.NoSuchRole(name=name)
for user in self._getUsersInRole(role):
await user.revoke(role.name)
for gate in self.authgates.values():
await gate._delGateRole(role.iden)
self.rolesbyiden.pop(role.iden)
self.rolesbyname.pop(role.name)
await role.fini()
# directly set the node's value and let events prop
path = self.node.full + ('roles', role.iden)
await self.node.hive.pop(path)
async def reqRoleByName(self, name):
role = await self.getRoleByName(name)
if role is None:
mesg = f'No role named {name}.'
raise s_exc.NoSuchRole(mesg=mesg)
return role
