def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
permissions.set([(path, operation, policy, exceptions)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except UnknownUserError as error:
# FIXME There could be more than one unknown username, but
# TNoSuchUser can only be passed a single username, so we'll
# only pass the first one. Ideally, we'd be able to pass all
# of them.
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
except UserNotAllowedInExceptionError as error:
raise TInvalidUsername(str(error))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
permissions.set([(path, operation, policy, exceptions)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except UnknownUserError as error:
# FIXME There could be more than one unknown username, but
# TNoSuchUser can only be passed a single username, so we'll
# only pass the first one. Ideally, we'd be able to pass all
# of them.
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
except UserNotAllowedInExceptionError as error:
raise TInvalidUsername(str(error))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
def run():
tagValues = SecureTagValueAPI(session.auth.user)
objects = SecureObjectAPI(session.auth.user)
objectIDs = self._resolveQuery(session, objects, parsedQuery)
values = []
if tags is None:
# delete all tags user has permissions for
result = objects.getTagsByObjects(objectIDs,
Operation.DELETE_TAG_VALUE)
for objectID, paths in result.iteritems():
for path in paths:
values.append((objectID, path))
else:
# delete only tags requested by user
result = objects.getTagsByObjects(objectIDs)
for objectID, paths in result.iteritems():
for path in paths:
if tags is None or path in tags:
values.append((objectID, path))
if values:
try:
tagValues.delete(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
result = namespaces.get([path],
withDescriptions=returnDescription,
withNamespaces=returnNamespaces,
withTags=returnTags)
except UnknownPathError as error:
unknownPath = error.paths.pop()
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(path_, category, action)
if not result:
raise TNonexistentNamespace(path.encode('utf-8'))
else:
namespace = TNamespace()
namespace.objectId = str(result[path]['id'])
namespace.path = path
if returnDescription:
namespace.description = result[path]['description']
if returnNamespaces:
namespace.namespaces = result[path]['namespaceNames']
if returnTags:
namespace.tags = result[path]['tagNames']
return namespace
def run():
objects = SecureObjectAPI(session.auth.user)
try:
searchQueries = objects.search(valuesByQuery.keys())
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentTag(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
if operation == Operation.CREATE_OBJECT:
raise TUnauthorized()
else:
raise TNonexistentTag(path_)
# Run queries.
try:
with session.timer.track('index-search'):
result = blockingCallFromThread(reactor, searchQueries.get)
except SearchError as error:
session.log.exception(error)
raise TParseError(query, error.message)
# Build a result set from the searches.
values = {}
for parsedQuery, objectIDs in result.iteritems():
for objectID in objectIDs:
for tagAndValue in valuesByQuery[parsedQuery]:
value = guessValue(tagAndValue.value)
# FIXME: this code sucks, but I rather not having
# to modify guessValue to return a list, as that
# would break other code.
# Hopefully, we'll be able to remove this pretty
# soon.
if isinstance(value, list):
value = [item.decode('utf-8') for item in value]
if objectID not in values:
values[objectID] = {}
values[objectID][tagAndValue.path] = value
# Update values.
if values:
tagValues = SecureTagValueAPI(session.auth.user)
try:
result = tagValues.set(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except MalformedPathError as error:
# FIXME: Modify MalformedPathError to have a path field.
raise TInvalidPath(str(error).encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
try:
SecureTagValueAPI(session.auth.user).delete(values)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
value = {path: description}
try:
SecureTagAPI(session.auth.user).set(value)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
def run():
value = {path: description}
try:
SecureTagAPI(session.auth.user).set(value)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
try:
namespaces.set({path: description})
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path_ = path_.encode('utf-8')
raise TPathPermissionDenied(path_, category, action)
def run():
try:
[(objectID, _)] = SecureUserAPI(session.auth.user).set(
[(info.username, info.password, info.name, info.email,
info.role)])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(info.username.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
return str(objectID)
def run():
try:
SecureUserAPI(session.auth.user).delete([username])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(username)
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except NotEmptyError as error:
session.log.exception(error)
raise TBadRequest("Can't delete user %r because they have "
'data.' % username)
def run():
try:
SecureUserAPI(session.auth.user).delete([username])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(username)
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except NotEmptyError as error:
session.log.exception(error)
raise TBadRequest("Can't delete user %r because they have "
'data.' % username)
def run():
try:
[(objectID, _)] = SecureUserAPI(session.auth.user).set([
(info.username, info.password, info.name, info.email,
info.role)
])
except UnknownUserError as error:
session.log.exception(error)
raise TNoSuchUser(info.username.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
return str(objectID)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
result = permissions.get([(path, operation)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
policy, exceptions = result[(path, operation)]
policy = str(policy).lower()
return TPolicyAndExceptions(policy=policy, exceptions=exceptions)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
result = permissions.get([(path, operation)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
policy, exceptions = result[(path, operation)]
policy = str(policy).lower()
return TPolicyAndExceptions(policy=policy, exceptions=exceptions)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID] = [objectID for objectID, path_ in result
if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
namespaces = SecureNamespaceAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
result = namespaces.create([(path, description)])
[objectID
] = [objectID for objectID, path_ in result if path_ == path]
except DuplicatePathError as error:
session.log.exception(error)
raise TNamespaceAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
path = path.encode('utf-8')
raise TPathPermissionDenied(path, category, action)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def testGetCategoryAndAction(self):
"""
L{getCategoryAndAction} returns the category and action for a
given L{Operation} value.
"""
self.assertEqual((u'namespaces', u'create'),
getCategoryAndAction(Operation.CREATE_NAMESPACE))
self.assertEqual((u'namespaces', u'update'),
getCategoryAndAction(Operation.UPDATE_NAMESPACE))
self.assertEqual((u'namespaces', u'delete'),
getCategoryAndAction(Operation.DELETE_NAMESPACE))
self.assertEqual((u'namespaces', u'list'),
getCategoryAndAction(Operation.LIST_NAMESPACE))
self.assertEqual((u'namespaces', u'control'),
getCategoryAndAction(Operation.CONTROL_NAMESPACE))
self.assertEqual((u'tags', u'update'),
getCategoryAndAction(Operation.UPDATE_TAG))
self.assertEqual((u'tags', u'delete'),
getCategoryAndAction(Operation.DELETE_TAG))
self.assertEqual((u'tags', u'control'),
getCategoryAndAction(Operation.CONTROL_TAG))
self.assertEqual((u'tag-values', u'write'),
getCategoryAndAction(Operation.WRITE_TAG_VALUE))
self.assertEqual((u'tag-values', u'read'),
getCategoryAndAction(Operation.READ_TAG_VALUE))
self.assertEqual((u'tag-values', u'delete'),
getCategoryAndAction(Operation.DELETE_TAG_VALUE))
self.assertEqual((u'tag-values', u'control'),
getCategoryAndAction(Operation.CONTROL_TAG_VALUE))
self.assertEqual((u'users', 'create'),
getCategoryAndAction(Operation.CREATE_USER))
self.assertEqual((u'users', 'delete'),
getCategoryAndAction(Operation.DELETE_USER))
self.assertEqual((u'users', 'update'),
getCategoryAndAction(Operation.UPDATE_USER))
self.assertEqual((u'objects', 'create'),
getCategoryAndAction(Operation.CREATE_OBJECT))
