def post(self):
can_create = user_creatable_permissions(self.session,
self.current_user)
if not can_create:
return self.forbidden()
form = PermissionCreateForm(self.request.arguments)
if not form.validate():
return self.render("permission-create.html",
form=form,
alerts=self.get_form_alerts(form.errors))
# A user is allowed to create a permission if the name matches any of the globs that they
# are given access to via PERMISSION_CREATE, as long as the permission does not match a
# reserved name. (Unless specifically granted.)
allowed = False
for creatable in can_create:
if matches_glob(creatable, form.data["name"]):
allowed = True
for failure_message in test_reserved_names(form.data["name"]):
form.name.errors.append(failure_message)
if not allowed:
form.name.errors.append(
"Permission name does not match any of your allowed patterns.")
if form.name.errors:
return self.render("permission-create.html",
form=form,
alerts=self.get_form_alerts(form.errors))
try:
permission = create_permission(self.session, form.data["name"],
form.data["description"])
self.session.flush()
except IntegrityError:
self.session.rollback()
form.name.errors.append(
"Name already in use. Permissions must be unique.")
return self.render(
"permission-create.html",
form=form,
can_create=can_create,
alerts=self.get_form_alerts(form.errors),
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_permission",
"Created permission.",
on_permission_id=permission.id,
)
# No explicit refresh because handler queries SQL.
return self.redirect("/permissions/{}".format(permission.name))
def get(self):
can_create = user_creatable_permissions(self.session, self.current_user)
if not can_create:
return self.forbidden()
return self.render(
"permission-create.html", form=PermissionCreateForm(), can_create=can_create,
)
def get(self):
can_create = user_creatable_permissions(self.session,
self.current_user)
if not can_create:
return self.forbidden()
return self.render("permission-create.html",
form=PermissionCreateForm(),
can_create=can_create)
def post(self):
can_create = user_creatable_permissions(self.session, self.current_user)
if not can_create:
return self.forbidden()
form = PermissionCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"permission-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
# A user is allowed to create a permission if the name matches any of the globs that they
# are given access to via PERMISSION_CREATE, as long as the permission does not match a
# reserved name. (Unless specifically granted.)
allowed = False
for creatable in can_create:
if matches_glob(creatable, form.data["name"]):
allowed = True
for failure_message in test_reserved_names(form.data["name"]):
form.name.errors.append(failure_message)
if not allowed:
form.name.errors.append("Permission name does not match any of your allowed patterns.")
if form.name.errors:
return self.render(
"permission-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
try:
permission = create_permission(
self.session, form.data["name"], form.data["description"]
)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.name.errors.append("Name already in use. Permissions must be unique.")
return self.render(
"permission-create.html",
form=form,
can_create=sorted(can_create),
alerts=self.get_form_alerts(form.errors),
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_permission",
"Created permission.",
on_permission_id=permission.id,
)
# No explicit refresh because handler queries SQL.
return self.redirect("/permissions/{}".format(permission.name))
def get(self, audited_only=False):
offset = int(self.get_argument("offset", 0))
limit = int(self.get_argument("limit", 100))
audited_only = bool(int(self.get_argument("audited", 0)))
if limit > 9000:
limit = 9000
permissions = self.graph.get_permissions(audited=audited_only)
total = len(permissions)
permissions = permissions[offset:offset + limit]
can_create = user_creatable_permissions(self.session, self.current_user)
self.render(
"permissions.html", permissions=permissions, offset=offset, limit=limit, total=total,
can_create=can_create, audited_permissions=audited_only
)
def get(self, audited_only=False):
offset = int(self.get_argument("offset", 0))
limit = int(self.get_argument("limit", 100))
audited_only = bool(int(self.get_argument("audited", 0)))
sort_key = self.get_argument("sort_by", "")
sort_dir = self.get_argument("order", "")
if limit > 9000:
limit = 9000
sort_keys = {
"name": lambda p: p.name,
# round timestamps to the nearest minute so permissions created together will
# show up alphabetically
"date": lambda p: _round_timestamp(p.created_on),
}
if sort_key not in sort_keys:
sort_key = "name"
if sort_dir not in ("asc", "desc"):
sort_dir = "asc"
permissions = sorted(self.graph.get_permissions(audited=audited_only),
key=sort_keys[sort_key],
reverse=sort_dir == "desc")
total = len(permissions)
permissions = permissions[offset:offset + limit]
can_create = user_creatable_permissions(self.session,
self.current_user)
self.render("permissions.html",
permissions=permissions,
offset=offset,
limit=limit,
total=total,
can_create=can_create,
audited_permissions=audited_only,
sort_key=sort_key,
sort_dir=sort_dir)
def get(self, audited_only=False):
offset = int(self.get_argument("offset", 0))
limit = int(self.get_argument("limit", 100))
audited_only = bool(int(self.get_argument("audited", 0)))
if limit > 9000:
limit = 9000
permissions = self.graph.get_permissions(audited=audited_only)
total = len(permissions)
permissions = permissions[offset:offset + limit]
can_create = user_creatable_permissions(self.session,
self.current_user)
self.render("permissions.html",
permissions=permissions,
offset=offset,
limit=limit,
total=total,
can_create=can_create,
audited_permissions=audited_only)