def dudoc_has_perm(self, udoc, dudoc, perm, ddoc=None): if not udoc or not dudoc: return False # TODO(iceboy): Fix caller when dudoc=None is passed in. role = dudoc.get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(ddoc if ddoc else self.domain).get(role, builtin.PERM_NONE) return ((perm & mask) == perm or self.udoc_has_priv(udoc, builtin.PRIV_MANAGE_ALL_DOMAIN))
def dudoc_has_perm(self, udoc, dudoc, perm): if not udoc or not dudoc: return False # TODO(iceboy): Fix caller when dudoc=None is passed in. role = dudoc.get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE) return ((perm & mask) == perm or self.udoc_has_priv(udoc, builtin.PRIV_MANAGE_ALL_DOMAIN))
async def get(self): uids = [] rudocs = collections.defaultdict(list) async for dudoc in domain.get_multi_user(domain_id=self.domain_id, role={'$gte': ''}, fields={'uid': 1, 'role': 1, 'display_name': 1}): if 'role' in dudoc: uids.append(dudoc['uid']) rudocs[dudoc['role']].append(dudoc) roles = sorted(list(domain.get_all_roles(self.domain).keys())) roles_with_text = [(role, role) for role in roles] udict = await user.get_dict(uids) self.render('domain_manage_user.html', roles=roles, roles_with_text=roles_with_text, rudocs=rudocs, udict=udict)
async def prepare_domain(self): dudict = await domain.get_dict_user_by_domain_id(self.user['_id']) dids = list(dudict.keys()) dodocs = await domain.get_multi(_id={'$in': dids}).to_list() #dodocs = await domain.get_multi().to_list() can_manage = {} for dodoc in builtin.DOMAINS + dodocs: role = dudict.get(dodoc['_id'], {}).get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(dodoc).get(role, builtin.PERM_NONE) can_manage[dodoc['_id']] = ( ((builtin.PERM_EDIT_DESCRIPTION | builtin.PERM_EDIT_PERM) & mask) != 0 or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN)) return dodocs, dudict, can_manage
async def get(self): pending_ddocs = await domain.get_pending(owner_uid=self.user['_id']) \ .to_list() dudict = await domain.get_dict_user_by_domain_id(self.user['_id']) dids = list(dudict.keys()) ddocs = await domain.get_multi(_id={'$in': dids}) \ .to_list() can_manage = {} for ddoc in builtin.DOMAINS + ddocs: role = dudict.get(ddoc['_id'], {}).get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(ddoc).get(role, builtin.PERM_NONE) can_manage[ddoc['_id']] = ( ((builtin.PERM_EDIT_DESCRIPTION | builtin.PERM_EDIT_PERM) & mask) != 0 or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN)) self.render('home_domain.html', pending_ddocs=pending_ddocs, ddocs=ddocs, dudict=dudict, can_manage=can_manage)
async def get(self): uids = [] rudocs = collections.defaultdict(list) async for dudoc in domain.get_multi_user(domain_id=self.domain_id, role={'$gte': ''}, fields={ 'uid': 1, 'role': 1 }): if 'role' in dudoc: uids.append(dudoc['uid']) rudocs[dudoc['role']].append(dudoc) roles = sorted(list(domain.get_all_roles(self.domain).keys())) roles_with_text = [(role, role) for role in roles] udict = await user.get_dict(uids) self.render('domain_manage_user.html', roles=roles, roles_with_text=roles_with_text, rudocs=rudocs, udict=udict)
def has_perm(self, perm): role = self.domain_user.get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE) return ((int(perm) & int(mask)) == perm or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
async def post_add(self, *, role: str): if role in domain.get_all_roles(self.domain): raise error.DomainRoleAlreadyExistError(self.domain_id, role) await domain.set_role(self.domain_id, role, builtin.DEFAULT_PERMISSIONS) self.json_or_redirect(self.url)
def has_perm(self, perm): role = self.domain_user.get('role', builtin.ROLE_DEFAULT) mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE) return ((perm & mask) == perm or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))