def revokePermissionOnContext(context, request):
"""
Revoke user permission on context
"""
permission = request.matchdict.get('permission', None)
if permission not in DEFAULT_CONTEXT_PERMISSIONS.keys():
raise InvalidPermission("There's not any permission named '%s'" % permission)
subscription = context.subscription
if subscription is None:
raise ObjectNotFound('{} is not susbcribed to {}'.format(request.actor, context['hash']))
code = 200
if permission in subscription.get('_vetos', []):
code = 200
# Alredy vetted
else:
# We have the permission, let's delete it
subscription = request.actor.revokePermission(
subscription,
permission,
permanent=request.params.get('permanent', DEFAULT_CONTEXT_PERMISSIONS_PERMANENCY))
code = 201
handler = JSONResourceEntity(request, subscription, status_code=code)
return handler.buildResponse()
def getInfo(self):
context = self.flatten()
context.setdefault("permissions", {})
for permission, value in DEFAULT_CONTEXT_PERMISSIONS.items():
context["permissions"][permission] = context["permissions"].get(permission, value)
return context
def grantPermissionOnContext(context, request):
"""
Grant user permission on context
"""
permission = request.matchdict.get('permission', None)
if permission not in DEFAULT_CONTEXT_PERMISSIONS.keys():
raise InvalidPermission("There's not any permission named '%s'" % permission)
subscription = context.subscription
if subscription is None:
raise ObjectNotFound('{} is not susbcribed to {}'.format(request.actor, context['hash']))
if permission in subscription.get('_grants', []):
# Already have the permission grant
code = 200
else:
# Assign the permission
code = 201
subscription = request.actor.grantPermission(
subscription,
permission,
permanent=request.params.get('permanent', DEFAULT_CONTEXT_PERMISSIONS_PERMANENCY))
handler = JSONResourceEntity(request, subscription, status_code=code)
return handler.buildResponse()
def test_context_informs_all_permissions(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
from max import DEFAULT_CONTEXT_PERMISSIONS
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertItemsEqual(result['permissions'].keys(), DEFAULT_CONTEXT_PERMISSIONS.keys())
def subscription_permissions(self, base=[]):
"""
Return a list of granted permissions on this context.
To construct the list, three (maximum) possible sources will be looked up
in the following order. For each of max contexts existing permissions. Once
a value is found, the rest won't be looked up, and so not overriden.
1. Provided base permissions
2. Context permission policy for that permission, will grant it not restricted to.
2. Default policy for that permission, will grant it not restricted to.
"""
user_permissions = list(base)
for permission, default in DEFAULT_CONTEXT_PERMISSIONS.items():
if permission not in user_permissions:
context_grants_permission = self.get_permission_policy(permission, default) != "restricted"
if context_grants_permission:
user_permissions.append(permission)
return user_permissions