def permissions_index(id): collection = get_db_collection(id, request.authz.WRITE) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role': role }) return jsonify({ 'total': len(permissions), 'results': PermissionSchema().dump(permissions, many=True) })
def permissions_index(collection): request.authz.require(request.authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.collection_id == collection) permissions = [] roles_seen = set() for permission in q.all(): if check_visible(permission.role): permissions.append(permission) roles_seen.add(permission.role.id) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in Role.all_groups(): if check_visible(role): if role.id not in roles_seen: roles_seen.add(role.id) permissions.append({ 'write': False, 'read': False, 'role': role, 'role_id': role.id }) return jsonify({'total': len(permissions), 'results': permissions})
def index(id): collection = get_db_collection(id, request.authz.WRITE) roles = Role.all_groups(request.authz).all() if request.authz.is_admin: roles.extend(Role.all_system()) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({'total': len(permissions), 'results': permissions})
def index(id): collection = get_db_collection(id, request.authz.WRITE) record_audit(Audit.ACT_COLLECTION, id=id) roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({ 'total': len(permissions), 'results': permissions })
def permissions_index(collection): authz.require(authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.collection_id == collection) return jsonify({ 'total': q.count(), 'results': q })
def permissions_index(collection): request.authz.require(request.authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.collection_id == collection) permissions = [] for permission in q.all(): if check_visible(permission.role): permissions.append(permission) return jsonify({'total': len(permissions), 'results': permissions})
def source_permissions_index(source=None): authz.require(authz.source_write(source)) q = Permission.all() q = q.filter(Permission.resource_type == Permission.SOURCE) q = q.filter(Permission.resource_id == source) return jsonify({ 'total': q.count(), 'results': q })
def collection_permissions_index(collection=None): authz.require(authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.resource_type == Permission.COLLECTION) q = q.filter(Permission.resource_id == collection) return jsonify({ 'total': q.count(), 'results': q })
def sources(action): if not hasattr(request, 'auth_sources'): request.auth_sources = {READ: set(), WRITE: set()} if is_admin(): for source_id, in Source.all_ids(): request.auth_sources[READ].add(source_id) request.auth_sources[WRITE].add(source_id) else: q = Permission.all() q = q.filter(Permission.role_id.in_(request.auth_roles)) q = q.filter(Permission.resource_type == Permission.SOURCE) for perm in q: if perm.read: request.auth_sources[READ].add(perm.resource_id) if perm.write and request.logged_in: request.auth_sources[WRITE].add(perm.resource_id) return list(request.auth_sources.get(action, []))
def collections(action): if not hasattr(request, 'auth_collections'): request.auth_collections = {READ: set(), WRITE: set()} if is_admin(): q = Collection.all_ids().filter(Collection.deleted_at == None) # noqa for col_id, in q: request.auth_collections[READ].add(col_id) request.auth_collections[WRITE].add(col_id) else: q = Permission.all() q = q.filter(Permission.role_id.in_(request.auth_roles)) q = q.filter(Permission.collection_id != None) # noqa for perm in q: if perm.read or perm.write: request.auth_collections[READ].add(perm.collection_id) if perm.write and request.logged_in: request.auth_collections[WRITE].add(perm.collection_id) return list(request.auth_collections.get(action, []))
def collections(action): if not hasattr(request, 'auth_collections'): request.auth_collections = {READ: set(), WRITE: set()} if is_admin(): q = Collection.all_ids().filter( Collection.deleted_at == None) # noqa for col_id, in q: request.auth_collections[READ].add(col_id) request.auth_collections[WRITE].add(col_id) else: q = Permission.all() q = q.filter(Permission.role_id.in_(request.auth_roles)) q = q.filter(Permission.collection_id != None) # noqa for perm in q: if perm.read or perm.write: request.auth_collections[READ].add(perm.collection_id) if perm.write and request.logged_in: request.auth_collections[WRITE].add(perm.collection_id) return list(request.auth_collections.get(action, []))
def index(collection_id): """ --- get: summary: Get permissions for a collection description: >- Get the list of all permissions for the collection with id `collection_id` parameters: - in: path name: collection_id required: true schema: type: integer responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Permission' tags: - Permission - Collection """ collection = get_db_collection(collection_id, request.authz.WRITE) roles = Role.all_groups(request.authz).all() if request.authz.is_admin: roles.extend(Role.all_system()) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ "collection_id": collection.id, "write": False, "read": False, "role_id": str(role.id), }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({"total": len(permissions), "results": permissions})
def permissions_index(collection): authz.require(authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.collection_id == collection) return jsonify({'total': q.count(), 'results': q})