def get_user_resources_permissions_dict(user, request, resource_types=None, resource_ids=None,
inherit_groups_permissions=True, resolve_groups_permissions=False):
# type: (models.User, Request, Optional[List[Str]], Optional[List[int]], bool, bool) -> ResourcePermissionMap
"""
Creates a dictionary of resources ID with corresponding permissions of the user.
.. seealso::
:func:`regroup_permissions_by_resource`
:param user: user for which to find resources permissions
:param request: request with database session connection
:param resource_types: filter the search query with only the specified resource types
:param resource_ids: filter the search query to only the specified resource IDs
:param inherit_groups_permissions:
Whether to include group inherited permissions from user memberships or not.
If ``False``, return only user-specific resource permissions.
Otherwise, resolve inherited permissions using all groups the user is member of.
:param resolve_groups_permissions: whether to combine corresponding user/group permissions into one or not.
:return:
Only resources which the user has permissions on, or including all :term:`Inherited Permissions`, according to
:paramref:`inherit_groups_permissions` argument.
"""
ax.verify_param(user, not_none=True, http_error=HTTPNotFound,
msg_on_fail=s.UserResourcePermissions_GET_NotFoundResponseSchema.description)
# full list of user/groups permissions, filter afterwards according to flags
res_perm_tuple_list = UserService.resources_with_possible_perms(
user, resource_ids=resource_ids, resource_types=resource_types, db_session=request.db)
if not inherit_groups_permissions and not resolve_groups_permissions:
res_perm_tuple_list = filter_user_permission(res_perm_tuple_list, user)
return regroup_permissions_by_resource(res_perm_tuple_list, resolve=resolve_groups_permissions)
def test_resources_with_possible_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
resource = ResourceTestobjB(resource_id=3,
resource_name="other",
owner_user_id=self.user.id)
self.user.resources.append(resource)
resource_g = ResourceTestobjB(resource_id=4,
resource_name="group owned")
self.group.resources.append(resource_g)
db_session.flush()
perms = UserService.resources_with_possible_perms(
self.user, db_session=db_session)
second = [
PermissionTuple(self.user, "foo_perm", "user", None, self.resource,
False, True),
PermissionTuple(self.user, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(self.user, "test_perm2", "user", None,
self.resource, False, True),
PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource,
True, True),
PermissionTuple(self.user, ALL_PERMISSIONS, "group", self.group,
resource_g, True, True),
]
check_one_in_other(perms, second)
def test_resources_with_possible_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
resource = TestResourceB(
resource_id=3, resource_name="other", owner_user_id=self.user.id
)
self.user.resources.append(resource)
resource_g = TestResourceB(resource_id=4, resource_name="group owned")
self.group.resources.append(resource_g)
db_session.flush()
perms = UserService.resources_with_possible_perms(
self.user, db_session=db_session
)
second = [
PermissionTuple(
self.user, "foo_perm", "user", None, self.resource, False, True
),
PermissionTuple(
self.user, "group_perm", "group", self.group, self.resource, False, True
),
PermissionTuple(
self.user, "test_perm2", "user", None, self.resource, False, True
),
PermissionTuple(
self.user, ALL_PERMISSIONS, "user", None, resource, True, True
),
PermissionTuple(
self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True
),
]
check_one_in_other(perms, second)
def users_resource_permissions_list(request):
"""
Get list of permissions assigned to specific resources
"""
user = UserService.by_id(request.matchdict.get("user_id"))
if not user:
return HTTPNotFound()
return [
permission_tuple_to_dict(perm)
for perm in UserService.resources_with_possible_perms(user)
]
def resources_with_possible_perms(self, resource_ids=None,
resource_types=None,
db_session=None):
"""
.. deprecated:: 0.8
:param resource_ids:
:param resource_types:
:param db_session:
:return:
"""
db_session = get_db_session(db_session, self)
return UserService.resources_with_possible_perms(
self, resource_ids=resource_ids, resource_types=resource_types,
db_session=db_session)
def resources_with_possible_perms(self,
resource_ids=None,
resource_types=None,
db_session=None):
"""
.. deprecated:: 0.8
:param resource_ids:
:param resource_types:
:param db_session:
:return:
"""
db_session = get_db_session(db_session, self)
return UserService.resources_with_possible_perms(
self,
resource_ids=resource_ids,
resource_types=resource_types,
db_session=db_session)
