def client_list(viewer): if permission_check(viewer, "client", "read") or permission_is_root(viewer): result = [] for client in Client.query().filter(Client.active == True): result.append(to_model(client)) return result else: raise NotAllowedError()
def client_http_put(actor, client_id, **kwargs): key = client_key(client_id) client = key.get() if client: if permission_check(actor, "client", "update") or permission_is_root(actor): client_update(actor, client=client, **kwargs) else: raise NotAllowedError() else: client_http_post(actor, key=key, client_id=client_id, **kwargs)
def task_http_put(actor, task_ids, **kwargs): key = task_key(task_ids) task = key.get() if task: if permission_check(actor, "task", "update") or permission_is_root(actor): task_update(actor, task=task, **kwargs) else: raise NotAllowedError() else: task_http_post(actor, key=key, task_ids=task_ids, **kwargs)
def tag_http_put(actor, tag_ids, **kwargs): key = tag_key(tag_ids) tag = key.get() if tag: if permission_check(actor, "tag", "update") or permission_is_root(actor): tag_update(actor, tag=tag, **kwargs) else: raise NotAllowedError() else: tag_http_post(actor, key=key, tag_ids=tag_ids, **kwargs)
def project_http_put(actor, client_id, project_ids, **kwargs): key = project_key(client_id, project_ids) project = key.get() if project: if permission_check(actor, "project", "update") or permission_is_root(actor): project_update(actor, project=project, **kwargs) else: raise NotAllowedError() else: project_http_post(actor, key=key, project_ids=project_ids, **kwargs)
def check_permission(viewer, keys, **ignored): log.debug(keys) if "thing" in keys: key = build_thing_key(keys["kind"], keys["thing"]) else: key = build_thing_key(keys["kind"], []) if permission_check(keys["user"], keys["kind"], keys["action"], key): return { "allowed": True } else: return { "allowed": False }
def project_http_put(actor, client_id, project_ids, **kwargs): key = project_key(client_id, project_ids) project = key.get() if project: if permission_check(actor, "project", "update") or permission_is_root(actor): project_update(actor, project=project, **kwargs) else: raise NotAllowedError() else: project_http_post(actor, key=key, project_ids=project_ids, **kwargs)
def check_permission(viewer, keys, **ignored): log.debug(keys) if "thing" in keys: key = build_thing_key(keys["kind"], keys["thing"]) else: key = build_thing_key(keys["kind"], []) if permission_check(keys["user"], keys["kind"], keys["action"], key): return {"allowed": True} else: return {"allowed": False}
def tag_list(viewer, target): log.debug("Listing tags for %s" % target) if permission_check(viewer, "tag", "view") or permission_is_root(viewer): log.debug("Listing tags for %s" % target) result = [] for applied in AppliedTag.query(AppliedTag.target == target, ancestor=target).filter(): result.append(tag_key_to_path(applied.tag)) return result else: log.debug("Not allowed")
def tag_remove(viewer, target, tag, **ignored): if permission_check(viewer, "tag", "remove") or permission_is_root(viewer): key = tag_key(tag) applied = AppliedTag.query(AppliedTag.tag == key, AppliedTag.target == target, ancestor=target).get(keys_only=True) if applied: applied.delete() log.debug("Tag removed") else: log.debug("Tag not applied") else: log.debug("Not allowed")
def tag_apply(viewer, target, tag, **ignored): if permission_check(viewer, "tag", "apply") or permission_is_root(viewer): key = tag_key(tag) if not AppliedTag.query(AppliedTag.tag == key, AppliedTag.target == target, ancestor=target).get(): new_tag = AppliedTag(parent=target) new_tag.applied_by = build_user_key(viewer) new_tag.tag = key new_tag.target = target new_tag.put() log.debug("Tag %s applied" % key) return "/tags/%s" % "/".join(tag) else: log.debug("Tag already applied") else: log.debug("Not allowed")
def task_load(viewer, task_ids=None): if permission_check(viewer, "task", "read") or permission_is_root(viewer): key = task_key(task_ids) parent = None children = [] for child in Task.query(Task.parent == key, ancestor=key): if child.active: children.append(to_model(child)) if task_ids: task = to_model(key.get()) if task: if key.parent(): parent = to_model(key.parent().get()) task["parent"] = parent task["children"] = children return task else: return children else: log.debug("Not allowed")
def task_load(viewer, task_ids=None): if permission_check(viewer, "task", "read") or permission_is_root(viewer): key = task_key(task_ids) parent = None children = [] for child in Task.query(Task.parent == key, ancestor=key): if child.active: children.append(to_model(child)) if task_ids: task = to_model(key.get()) if task: if key.parent(): parent = to_model(key.parent().get()) task["parent"] = parent task["children"] = children return task else: return children else: log.debug("Not allowed")
def project_load(viewer, client_id, project_ids=None): if permission_check(viewer, "project", "read") or permission_is_root(viewer): key = project_key(client_id, project_ids) parent = None children = [] for child in Project.query(Project.parent == key, ancestor=key): if child.active: children.append(to_model(child)) if project_ids: project = to_model(key.get()) if project: if key.parent(): parent = to_model(key.parent().get()) project["parent"] = parent project["children"] = children return project else: return children else: log.debug("Not allowed")
def project_load(viewer, client_id, project_ids=None): if permission_check(viewer, "project", "read") or permission_is_root(viewer): key = project_key(client_id, project_ids) parent = None children = [] for child in Project.query(Project.parent == key, ancestor=key): if child.active: children.append(to_model(child)) if project_ids: project = to_model(key.get()) if project: if key.parent(): parent = to_model(key.parent().get()) project["parent"] = parent project["children"] = children return project else: return children else: log.debug("Not allowed")
def client_http_post(actor, **kwargs): if permission_check(actor, "client", "create") or permission_is_root(actor): client_create(actor, **kwargs) else: raise NotAllowedError()
def project_http_post(actor, **kwargs): if permission_check(actor, "project", "create") or permission_is_root(actor): project_create(actor, **kwargs) else: raise NotAllowedError()
def project_http_delete(actor, client_id, project_ids, **ignored): if permission_check(actor, "project", "delete") or permission_is_root(actor): project_deactivate(actor, client_id, project_ids=project_ids) else: raise NotAllowedError()
def task_http_post(actor, **kwargs): if permission_check(actor, "task", "create") or permission_is_root(actor): task_create(actor, **kwargs) else: raise NotAllowedError()
def project_http_delete(actor, client_id, project_ids, **ignored): if permission_check(actor, "project", "delete") or permission_is_root(actor): project_deactivate(actor, client_id, project_ids=project_ids) else: raise NotAllowedError()
def task_http_delete(actor, task_ids, **ignored): if permission_check(actor, "task", "delete") or permission_is_root(actor): task_deactivate(actor, task_ids=task_ids) else: raise NotAllowedError()
def task_http_post(actor, **kwargs): if permission_check(actor, "task", "create") or permission_is_root(actor): task_create(actor, **kwargs) else: raise NotAllowedError()
def task_http_delete(actor, task_ids, **ignored): if permission_check(actor, "task", "delete") or permission_is_root(actor): task_deactivate(actor, task_ids=task_ids) else: raise NotAllowedError()
def client_http_delete(actor, client_id, **ignored): if permission_check(actor, "client", "delete") or permission_is_root(actor): client_deactivate(actor, client_id=client_id) else: raise NotAllowedError()
def client_load(viewer, client_id=None, key=None): if permission_check(viewer, "client", "read") or permission_is_root(viewer): return to_model((key or client_key(client_id)).get()) else: raise NotAllowedError()