def assign_to(self,user):
"""
Assigns this role to a user
"""
sessionmanager = self._core.get_session_manager()
session_user = sessionmanager.get_current_session_user()
db = self._core.get_db()
#check if sessionuser has role
has_role = session_user.has_role(self)
stmnt = "SELECT COUNT(URI_RIG_ID) AS CNT FROM USERRIGHTS WHERE URI_RIG_ID IN \
(SELECT RRI_RIG_ID FROM ROLERIGHTS WHERE RRI_ROL_ID = ? ) ;"
cur = db.query(self._core,stmnt,(self._id,))
res = cur.fetchone()[0]
has_all_permissions_of_role = res == len(self.get_permissions())
if not has_role and not has_all_permissions_of_role:
raise PermissionException(PermissionException.get_msg(7))
for role in user.get_grantable_roles():
if role["name"] == self._name:
stmnt = "UPDATE OR INSERT INTO USERROLES (URO_USR_ID, URO_ROL_ID) \
VALUES (?,?) MATCHING (URO_USR_ID, URO_ROL_ID) ;";
db.query(self._core,stmnt, (user.get_id(),self._id),commit=True)
self._core.get_poke_manager().add_activity(ActivityType.USER)
return
raise PermissionException(PermissionException.get_msg(8))
def check_permission(cls, permission, user):
"""
checks whether a user has a specific permission
"""
if user.__class__.__name__ == "User":
user_id = user.get_id()
elif type(user) != int:
raise PermissionException(PermissionException.get_msg(9))
db = cls._core.get_db()
stmnt = "select 1 as RESULT from RDB$DATABASE where CAST( ? AS VARCHAR(64)) in(select rig_name \
from USERROLES \
left join ROLES \
on rol_id = uro_rol_id \
left join ROLERIGHTS \
on rri_rol_id = rol_id \
left join RIGHTS \
on rig_id = rri_rig_id \
where uro_usr_id = ? \
union \
select rig_name \
from USERRIGHTS \
left join RIGHTS \
on rig_id = uri_rig_id \
where uri_usr_id = ?) ; " \
cur = db.query(cls._core,stmnt,(permission,user_id,user_id))
res = cur.fetchone()
if res is None:
return False
res = res[0]
return res == 1
def get_role(cls, role_id):
"""
Get a role from the database by a given roleId. returns a role object
"""
db = cls._core.get_db()
stmnt = "SELECT ROL_ID, ROL_NAME FROM ROLES WHERE ROL_ID = ? ;"
cur = db.query(cls._core,stmnt,(role_id,))
res = cur.fetchonemap()
if res is None:
raise PermissionException(PermissionException.get_msg(14, role_id))
role = Role(cls._core)
role.set_id(res["ROL_ID"])
role.set_name(res["ROL_NAME"])
return role
def remove_permission(self, permission):
"""
removes a given permission from this role
"""
sessionmanager = self._core.get_session_manager()
session_user = sessionmanager.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = self._core.get_db()
stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); "
db.query(self._core,stmnt,(self._id,permission),commit=True)
self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def store(self):
"""
Stores the current state of the role into the database
"""
if self._id is None:
raise PermissionException(PermissionException.get_msg(0))
if self._name == "":
raise PermissionException(PermissionException.get_msg(1))
db = Database()
stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;"
db.query(stmnt,(self._id,self._name),commit=True)
PokeManager.add_activity(ActivityType.ROLE)
def add_permission(self, permission):
"""
adds a given permission to this role
"""
sessionmanager = self._core.get_session_manager()
session_user = sessionmanager.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = self._core.get_db()
stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \
VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \
MATCHING (RRI_ROL_ID, RRI_RIG_ID);";
db.query(self._core,stmnt,(self._id, permission),commit=True)
self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def store(self):
"""
Stores the current state of the role into the database
"""
sessionmanager = self._core.get_session_manager()
if self._id is None:
raise PermissionException(PermissionException.get_msg(0))
if self._name == "":
raise PermissionException(PermissionException.get_msg(1))
db = self._core.get_db()
stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;"
db.query(self._core,stmnt,(self._id,self._name),commit=True)
self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def create_role(cls, data=None):
if data is None:
raise PermissionException(PermissionException.get_msg(10))
if data["name"] is None:
raise PermissionException(PermissionException.get_msg(11))
db = cls._core.get_db()
stmnt = "SELECT ROL_ID FROM ROLES WHERE ROL_NAME = ? ;"
cur = db.query(cls._core,stmnt,(data["name"],))
res = cur.fetchonemap()
if res is not None:
raise PermissionException(PermissionException.get_msg(13, data["name"]))
role_id = db.get_seq_next("ROL_GEN")
role = Role(cls._core)
role.set_id(role_id)
role.set_name(data["name"])
role.store()
if data.has_key("rights"):
for permission in data["rights"]:
if permission["granted"]:
role.add_permission(permission["name"])
else:
role.remove_permission(permission["name"])
role.store()
return role
def remove_permission(self, permission):
"""
removes a given permission from this role
"""
session_user = Session.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = Database()
stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); "
db.query(stmnt,(self._id,permission),commit=True)
PokeManager.add_activity(ActivityType.ROLE)
def get_permissions_for_user(cls, user):
"""
Returns all permissions of the given user as a
list of strings
"""
if user.__class__.__name__ == "User":
user_id = user.get_id()
elif type(user) != int:
raise PermissionException(PermissionException.get_msg(9))
db = cls._core.get_db()
stmnt = "SELECT RIG_NAME \
FROM USERRIGHTS \
INNER JOIN RIGHTS ON RIG_ID = URI_RIG_ID \
WHERE URI_USR_ID = ? \
UNION SELECT RIG_NAME \
FROM USERROLES \
INNER JOIN ROLERIGHTS ON URO_ROL_ID = RRI_ROL_ID \
INNER JOIN RIGHTS ON RRI_RIG_ID = RIG_ID \
WHERE URO_USR_ID = ?;"
cur = db.query(cls._core, stmnt, (user.get_id(),user.get_id()))
res = cur.fetchall()
return [row[0] for row in res]
def add_permission(self, permission):
"""
adds a given permission to this role
"""
session_user = Session.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = Database()
stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \
VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \
MATCHING (RRI_ROL_ID, RRI_RIG_ID);";
db.query(stmnt,(self._id, permission),commit=True)
PokeManager.add_activity(ActivityType.ROLE)
def tortilla(*args,**kwargs):
current_user = Session.get_current_session_user()
if not cls.check_permission(permission, current_user):
raise PermissionException(PermissionException.get_msg(15, info=permission))
func(*args, **kwargs)
