def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) filters = api_common.get_filters(request, self._attr_info, [ 'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse' ]) kwargs = {'filters': filters, 'fields': original_fields} sorting_helper = self._get_sorting_helper(request) pagination_helper = self._get_pagination_helper(request) sorting_helper.update_args(kwargs) sorting_helper.update_fields(original_fields, fields_to_add) pagination_helper.update_args(kwargs) pagination_helper.update_fields(original_fields, fields_to_add) if parent_id: kwargs[self._parent_id_name] = parent_id obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST]) obj_list = obj_getter(request.context, **kwargs) obj_list = sorting_helper.sort(obj_list) obj_list = pagination_helper.paginate(obj_list) # Check authz if do_authz: # FIXME(salvatore-orlando): obj_getter might return references to # other resources. Must check authZ on them too. # Omit items from list that should not be visible obj_list = [ obj for obj in obj_list if policy.check(request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin, pluralized=self._collection) ] # Use the first element in the list for discriminating which attributes # should be filtered out because of authZ policies # fields_to_add contains a list of attributes added for request policy # checks but that were not required by the user. They should be # therefore stripped fields_to_strip = fields_to_add or [] if obj_list: fields_to_strip += self._exclude_attributes_by_policy( request.context, obj_list[0]) collection = { self._collection: [ self._filter_attributes(request.context, obj, fields_to_strip=fields_to_strip) for obj in obj_list ] } pagination_links = pagination_helper.get_links(obj_list) if pagination_links: collection[self._collection + "_links"] = pagination_links # Synchronize usage trackers, if needed resource_registry.resync_resource(request.context, self._resource, request.context.tenant_id) return collection
def show(self, request, id, **kwargs): """Returns detailed information about the requested entity.""" try: # NOTE(salvatore-orlando): The following ensures that fields # which are needed for authZ policy validation are not stripped # away by the plugin before returning. field_list, added_fields = self._do_field_list( api_common.list_args(request, "fields")) parent_id = kwargs.get(self._parent_id_name) # Ensure policy engine is initialized policy.init() return { self._resource: self._view(request.context, self._item(request, id, do_authz=True, field_list=field_list, parent_id=parent_id), fields_to_strip=added_fields) } except oslo_policy.PolicyNotAuthorized: # To avoid giving away information, pretend that it # doesn't exist msg = _('The resource could not be found.') raise webob.exc.HTTPNotFound(msg)
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) filters = api_common.get_filters( request, self._attr_info, ['fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse'], is_filter_validation_supported=self._filter_validation) kwargs = {'filters': filters, 'fields': original_fields} sorting_helper = self._get_sorting_helper(request) pagination_helper = self._get_pagination_helper(request) sorting_helper.update_args(kwargs) sorting_helper.update_fields(original_fields, fields_to_add) pagination_helper.update_args(kwargs) pagination_helper.update_fields(original_fields, fields_to_add) if parent_id: kwargs[self._parent_id_name] = parent_id obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST]) obj_list = obj_getter(request.context, **kwargs) obj_list = sorting_helper.sort(obj_list) obj_list = pagination_helper.paginate(obj_list) # Check authz if do_authz: # FIXME(salvatore-orlando): obj_getter might return references to # other resources. Must check authZ on them too. # Omit items from list that should not be visible tmp_list = [] for obj in obj_list: self._set_parent_id_into_ext_resources_request( request, obj, parent_id, is_get=True) if policy.check( request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin, pluralized=self._collection): tmp_list.append(obj) obj_list = tmp_list # Use the first element in the list for discriminating which attributes # should be filtered out because of authZ policies # fields_to_add contains a list of attributes added for request policy # checks but that were not required by the user. They should be # therefore stripped fields_to_strip = fields_to_add or [] if obj_list: fields_to_strip += self._exclude_attributes_by_policy( request.context, obj_list[0]) collection = {self._collection: [self._filter_attributes(obj, fields_to_strip=fields_to_strip) for obj in obj_list]} pagination_links = pagination_helper.get_links(obj_list) if pagination_links: collection[self._collection + "_links"] = pagination_links # Synchronize usage trackers, if needed resource_registry.resync_resource( request.context, self._resource, request.context.tenant_id) return collection
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. original_fields, fields_to_add = self._do_field_list(api_common.list_args(request, "fields")) filters = api_common.get_filters( request, self._attr_info, ["fields", "sort_key", "sort_dir", "limit", "marker", "page_reverse"] ) kwargs = {"filters": filters, "fields": original_fields} sorting_helper = self._get_sorting_helper(request) pagination_helper = self._get_pagination_helper(request) sorting_helper.update_args(kwargs) sorting_helper.update_fields(original_fields, fields_to_add) pagination_helper.update_args(kwargs) pagination_helper.update_fields(original_fields, fields_to_add) if parent_id: kwargs[self._parent_id_name] = parent_id obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST]) obj_list = obj_getter(request.context, **kwargs) obj_list = sorting_helper.sort(obj_list) obj_list = pagination_helper.paginate(obj_list) # Check authz if do_authz: # FIXME(salvatore-orlando): obj_getter might return references to # other resources. Must check authZ on them too. # Omit items from list that should not be visible obj_list = [ obj for obj in obj_list if policy.check(request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin) ] # Use the first element in the list for discriminating which attributes # should be filtered out because of authZ policies # fields_to_add contains a list of attributes added for request policy # checks but that were not required by the user. They should be # therefore stripped fields_to_strip = fields_to_add or [] if obj_list: fields_to_strip += self._exclude_attributes_by_policy(request.context, obj_list[0]) collection = { self._collection: [ self._filter_attributes(request.context, obj, fields_to_strip=fields_to_strip) for obj in obj_list ] } pagination_links = pagination_helper.get_links(obj_list) if pagination_links: collection[self._collection + "_links"] = pagination_links return collection
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) filters = api_common.get_filters(request, self._attr_info, [ 'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse' ]) kwargs = {'filters': filters, 'fields': original_fields} sorting_helper = self._get_sorting_helper(request) pagination_helper = self._get_pagination_helper(request) sorting_helper.update_args(kwargs) sorting_helper.update_fields(original_fields, fields_to_add) pagination_helper.update_args(kwargs) pagination_helper.update_fields(original_fields, fields_to_add) if parent_id: kwargs[self._parent_id_name] = parent_id obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST]) obj_list = obj_getter(request.context, **kwargs) obj_list = sorting_helper.sort(obj_list) obj_list = pagination_helper.paginate(obj_list) # Check authz if do_authz: # FIXME(salvatore-orlando): obj_getter might return references to # other resources. Must check authZ on them too. # Omit items from list that should not be visible obj_list = [ obj for obj in obj_list if policy.check(request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin) ] collection = { self._collection: [ self._view(request.context, obj, fields_to_strip=fields_to_add) for obj in obj_list ] } pagination_links = pagination_helper.get_links(obj_list) if pagination_links: collection[self._collection + "_links"] = pagination_links return collection
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) filters = api_common.get_filters(request, self._attr_info, ['fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse']) kwargs = {'filters': filters, 'fields': original_fields} sorting_helper = self._get_sorting_helper(request) pagination_helper = self._get_pagination_helper(request) sorting_helper.update_args(kwargs) sorting_helper.update_fields(original_fields, fields_to_add) pagination_helper.update_args(kwargs) pagination_helper.update_fields(original_fields, fields_to_add) if parent_id: kwargs[self._parent_id_name] = parent_id obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST]) obj_list = obj_getter(request.context, **kwargs) obj_list = sorting_helper.sort(obj_list) obj_list = pagination_helper.paginate(obj_list) # Check authz if do_authz: # FIXME(salvatore-orlando): obj_getter might return references to # other resources. Must check authZ on them too. # Omit items from list that should not be visible obj_list = [obj for obj in obj_list if policy.check(request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin)] collection = {self._collection: [self._view(request.context, obj, fields_to_strip=fields_to_add) for obj in obj_list]} pagination_links = pagination_helper.get_links(obj_list) if pagination_links: collection[self._collection + "_links"] = pagination_links return collection
def show(self, request, id, **kwargs): """Returns detailed information about the requested entity.""" try: # NOTE(salvatore-orlando): The following ensures that fields # which are needed for authZ policy validation are not stripped # away by the plugin before returning. field_list, added_fields = self._do_field_list(api_common.list_args(request, "fields")) parent_id = kwargs.get(self._parent_id_name) return { self._resource: self._view( request.context, self._item(request, id, do_authz=True, field_list=field_list, parent_id=parent_id), fields_to_strip=added_fields, ) } except exceptions.PolicyNotAuthorized: # To avoid giving away information, pretend that it # doesn't exist raise webob.exc.HTTPNotFound()
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. #brk(host="10.10.12.21", port=49175) original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) #获取查询条件字段?? filters = api_common.get_filters(request, self._attr_info, [ 'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse', 'offset' ]) # ### add by xm at 2015.9.22 权限控制 # #LOG.debug(_("111111 222 %s"), filters) # #LOG.debug(_("111111 222 context: %s"), request.context.__dict__) # if request.context.gc_resource_type == '0': # #LOG.debug(_("111111 222 context.user_id:%s gc_resource_type:%s"), request.context.user_id, request.context.gc_resource_type) # user_id = [request.context.user_id] # user_id = list(set(user_id) | set(filters.get("user_id", []))) # filters.update({"user_id": user_id}) # #LOG.debug(_("111111 222 ddd %s"), filters) # #LOG.debug(_("111111 222 %s"), filters) # ###end by xm #validate create_time_first and create_time_end api_common.validate_update_time_range(filters) kwargs = {'filters': filters, 'fields': original_fields} #according to filters params:only_statics ,get is_query_items is_query_items = self._get_is_query_detail_items_infos(filters) filters_copy = filters.copy() # first get resources count number by resources filters counter = self._get_items_count_by_filter(request=request, filters=filters_copy) collection = {} if is_query_items: #this function is not only statics #get resources items obj_list = None pagination_helper = None #change from counter >=0 to counter !=0 for no method of 'get_xxx_count' if (counter is not None and counter != 0) or (counter is None): obj_list, pagination_helper = self._get_items_by_filter_and_order_and_page( request=request, kwargs=kwargs, original_fields=original_fields, fields_to_add=fields_to_add, do_authz=do_authz, parent_id=parent_id) # Use the first element in the list for discriminating which attributes # should be filtered out because of authZ policies # fields_to_add contains a list of attributes added for request policy # checks but that were not required by the user. They should be # therefore stripped fields_to_strip = fields_to_add or [] if obj_list: fields_to_strip += self._exclude_attributes_by_policy( request.context, obj_list[0]) if obj_list: collection = { self._collection: [ self._filter_attributes( request.context, obj, fields_to_strip=fields_to_strip) for obj in obj_list ] } else: collection = {self._collection: []} counter = 0 if counter is not None and counter >= 0: collection["list"] = {"count": counter} #delete by luoyibing #pagination_links = pagination_helper.get_links(obj_list) #if pagination_links: # collection[self._collection + "_links"] = pagination_links return collection
def _items(self, request, do_authz=False, parent_id=None): """Retrieves and formats a list of elements of the requested entity.""" # NOTE(salvatore-orlando): The following ensures that fields which # are needed for authZ policy validation are not stripped away by the # plugin before returning. #brk(host="10.10.12.21", port=49175) original_fields, fields_to_add = self._do_field_list( api_common.list_args(request, 'fields')) #获取查询条件字段?? filters = api_common.get_filters(request, self._attr_info, ['fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse','offset']) # ### add by xm at 2015.9.22 权限控制 # #LOG.debug(_("111111 222 %s"), filters) # #LOG.debug(_("111111 222 context: %s"), request.context.__dict__) # if request.context.gc_resource_type == '0': # #LOG.debug(_("111111 222 context.user_id:%s gc_resource_type:%s"), request.context.user_id, request.context.gc_resource_type) # user_id = [request.context.user_id] # user_id = list(set(user_id) | set(filters.get("user_id", []))) # filters.update({"user_id": user_id}) # #LOG.debug(_("111111 222 ddd %s"), filters) # #LOG.debug(_("111111 222 %s"), filters) # ###end by xm #validate create_time_first and create_time_end api_common.validate_update_time_range(filters) kwargs = {'filters': filters, 'fields': original_fields} #according to filters params:only_statics ,get is_query_items is_query_items=self._get_is_query_detail_items_infos(filters) filters_copy=filters.copy() # first get resources count number by resources filters counter=self._get_items_count_by_filter(request=request,filters=filters_copy) collection={} if is_query_items :#this function is not only statics #get resources items obj_list=None pagination_helper=None #change from counter >=0 to counter !=0 for no method of 'get_xxx_count' if (counter is not None and counter != 0) or (counter is None): obj_list,pagination_helper = self._get_items_by_filter_and_order_and_page(request=request ,kwargs=kwargs, original_fields=original_fields ,fields_to_add=fields_to_add, do_authz=do_authz, parent_id=parent_id) # Use the first element in the list for discriminating which attributes # should be filtered out because of authZ policies # fields_to_add contains a list of attributes added for request policy # checks but that were not required by the user. They should be # therefore stripped fields_to_strip = fields_to_add or [] if obj_list: fields_to_strip += self._exclude_attributes_by_policy( request.context, obj_list[0]) if obj_list: collection = {self._collection: [self._filter_attributes( request.context, obj, fields_to_strip=fields_to_strip) for obj in obj_list]} else: collection = {self._collection:[]} counter=0 if counter is not None and counter>=0 : collection["list"]={"count":counter} #delete by luoyibing #pagination_links = pagination_helper.get_links(obj_list) #if pagination_links: # collection[self._collection + "_links"] = pagination_links return collection