Exemple #1
0
def get_role_permissions(role: dict, data: dict) -> List[Permission]:
    """Retrieve all role's permissions"""
    all_perm = []
    if 'apps' not in role:
        return []
    for app in role['apps']:
        for model in app['models']:
            try:
                ct = ContentType.objects.get(app_label=app['label'],
                                             model=model['name'])
            except ContentType.DoesNotExist:
                msg = 'no model "{}" in application "{}"'
                err('INVALID_ROLE_SPEC', msg.format(model['name'],
                                                    app['label']))
            for code in model['codenames']:
                codename = f"{code}_{model['name']}"
                try:
                    perm = Permission.objects.get(content_type=ct,
                                                  codename=codename)
                except Permission.DoesNotExist:
                    perm = Permission(content_type=ct, codename=codename)
                    perm.save()
                if perm not in all_perm:
                    all_perm.append(perm)
    return all_perm
Exemple #2
0
 def filter(self):
     if 'model' not in self.params:
         return None
     try:
         model = apps.get_model(self.params['app_name'], self.params['model'])
     except LookupError as e:
         err('ROLE_FILTER_ERROR', str(e))
     return model.objects.filter(**self.params['filter'])
Exemple #3
0
def get_role_spec(data: str, schema: str) -> dict:
    """
    Read and parse roles specification from role_spec.yaml file.
    Specification file structure is checked against role_schema.yaml file.
    (see https://github.com/arenadata/yspec for details about schema syntaxis)
    """
    try:
        with open(data, encoding='utf_8') as fd:
            data = ruyaml.round_trip_load(fd)
    except FileNotFoundError:
        err('INVALID_ROLE_SPEC', f'Can not open role file "{data}"')
    except (ruyaml.parser.ParserError, ruyaml.scanner.ScannerError,
            NotImplementedError) as e:
        err('INVALID_ROLE_SPEC', f'YAML decode "{data}" error: {e}')

    with open(schema, encoding='utf_8') as fd:
        rules = ruyaml.round_trip_load(fd)

    try:
        cm.checker.check(data, rules)
    except cm.checker.FormatError as e:
        args = ''
        if e.errors:
            for ee in e.errors:
                if 'Input data for' in ee.message:
                    continue
                args += f'line {ee.line}: {ee}\n'
        err('INVALID_ROLE_SPEC', f'line {e.line} error: {e}', args)

    return data
Exemple #4
0
def find_role(name: str, roles: list):
    """search role in role list by name"""
    for role in roles:
        if role['name'] == name:
            return role
    return err('INVALID_ROLE_SPEC', f'child role "{name}" is absent')