def check_permissions(self, success, failure=None, permissions=None): # pylint: disable=W0221 """Check that the user is allowed to use the resources defined in permissions. permissions - a dictionary with each entry having a resource type as the key, and a list of permissions as the values, e.g. {'author': ['read', 'create', 'update', 'delete']} success - the callback to run on success. failure - the callback to run on failure. """ if not permissions: permissions = {arg: dejsonify(self.request.arguments[arg][0]) for arg in self.request.arguments} if not failure: failure = self.permission_denied # 1. get user # 2. get relevant groups # 2. get models # 3. combine them together # 4. Test it against the input if not self.get_secure_cookie("user"): # We are not logged in, go to the next stage return self._get_models_for_check_perms( groups=None, error=None, user=None, permissions=permissions, success=success, failure=failure) callback = partial(self._get_relevant_groups, permissions=permissions, success=success, failure=failure) coll = self.get_collection('_user') coll.find_one({'_id': self.get_secure_cookie("user")}, callback=callback, fields=['_permissions'])
def check_permissions(self, success, failure=None, permissions=None): # pylint: disable=W0221 """Check that the user is allowed to use the resources defined in permissions. permissions - a dictionary with each entry having a resource type as the key, and a list of permissions as the values, e.g. {'author': ['read', 'create', 'update', 'delete']} success - the callback to run on success. failure - the callback to run on failure. """ if not permissions: permissions = { arg: dejsonify(self.request.arguments[arg][0]) for arg in self.request.arguments } if not failure: failure = self.permission_denied # 1. get user # 2. get relevant groups # 2. get models # 3. combine them together # 4. Test it against the input if not self.get_secure_cookie("user"): # We are not logged in, go to the next stage return self._get_models_for_check_perms(groups=None, error=None, user=None, permissions=permissions, success=success, failure=failure) callback = partial(self._get_relevant_groups, permissions=permissions, success=success, failure=failure) coll = self.get_collection('_user') coll.find_one({'_id': self.get_secure_cookie("user")}, callback=callback, fields=['_permissions'])
def _parse_arguments(self, resource): """Parse the critera to make friendly searches.""" kwargs = {} count = None arguments = self.request.arguments if arguments: query = dict((key, value[0]) for \ key, value in six.iteritems(arguments)) if '_limit' in query: try: kwargs['limit'] = int(dejsonify(query['_limit'])) except ValueError: print("Warning: Invalid _limit parameter.") del query['_limit'] if '_sort' in query: kwargs['sort'] = dejsonify(query['_sort']) del query['_sort'] if '_skip' in query: try: kwargs['skip'] = int(dejsonify(query['_skip'])) except ValueError: print("Warning: Invalid _skip parameter.") del query['_skip'] if '_count' in query: count = dejsonify(query['_count']) del query['_count'] if '_fields' in query: kwargs['fields'] = dejsonify(query['_fields']) del query['_fields'] if query: # Decode any decoded values kwargs['spec'] = {} for key, value in six.iteritems(query): kwargs['spec'][key] = dejsonify(value) if count == "true": return self._count_results(resource, kwargs) return self._get_results(count=None, error=None, resource=resource, kwargs=kwargs)