def get_user_resources_permissions_dict(user, request, resource_types=None, resource_ids=None, inherit_groups_permissions=True, resolve_groups_permissions=False): # type: (models.User, Request, Optional[List[Str]], Optional[List[int]], bool, bool) -> ResourcePermissionMap """ Creates a dictionary of resources ID with corresponding permissions of the user. .. seealso:: :func:`regroup_permissions_by_resource` :param user: user for which to find resources permissions :param request: request with database session connection :param resource_types: filter the search query with only the specified resource types :param resource_ids: filter the search query to only the specified resource IDs :param inherit_groups_permissions: Whether to include group inherited permissions from user memberships or not. If ``False``, return only user-specific resource permissions. Otherwise, resolve inherited permissions using all groups the user is member of. :param resolve_groups_permissions: whether to combine corresponding user/group permissions into one or not. :return: Only resources which the user has permissions on, or including all :term:`Inherited Permissions`, according to :paramref:`inherit_groups_permissions` argument. """ ax.verify_param(user, not_none=True, http_error=HTTPNotFound, msg_on_fail=s.UserResourcePermissions_GET_NotFoundResponseSchema.description) # full list of user/groups permissions, filter afterwards according to flags res_perm_tuple_list = UserService.resources_with_possible_perms( user, resource_ids=resource_ids, resource_types=resource_types, db_session=request.db) if not inherit_groups_permissions and not resolve_groups_permissions: res_perm_tuple_list = filter_user_permission(res_perm_tuple_list, user) return regroup_permissions_by_resource(res_perm_tuple_list, resolve=resolve_groups_permissions)
def test_resources_with_possible_perms(self, db_session): self.set_up_user_group_and_perms(db_session) resource = ResourceTestobjB(resource_id=3, resource_name="other", owner_user_id=self.user.id) self.user.resources.append(resource) resource_g = ResourceTestobjB(resource_id=4, resource_name="group owned") self.group.resources.append(resource_g) db_session.flush() perms = UserService.resources_with_possible_perms( self.user, db_session=db_session) second = [ PermissionTuple(self.user, "foo_perm", "user", None, self.resource, False, True), PermissionTuple(self.user, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple(self.user, "test_perm2", "user", None, self.resource, False, True), PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource, True, True), PermissionTuple(self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True), ] check_one_in_other(perms, second)
def test_resources_with_possible_perms(self, db_session): self.set_up_user_group_and_perms(db_session) resource = TestResourceB( resource_id=3, resource_name="other", owner_user_id=self.user.id ) self.user.resources.append(resource) resource_g = TestResourceB(resource_id=4, resource_name="group owned") self.group.resources.append(resource_g) db_session.flush() perms = UserService.resources_with_possible_perms( self.user, db_session=db_session ) second = [ PermissionTuple( self.user, "foo_perm", "user", None, self.resource, False, True ), PermissionTuple( self.user, "group_perm", "group", self.group, self.resource, False, True ), PermissionTuple( self.user, "test_perm2", "user", None, self.resource, False, True ), PermissionTuple( self.user, ALL_PERMISSIONS, "user", None, resource, True, True ), PermissionTuple( self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True ), ] check_one_in_other(perms, second)
def users_resource_permissions_list(request): """ Get list of permissions assigned to specific resources """ user = UserService.by_id(request.matchdict.get("user_id")) if not user: return HTTPNotFound() return [ permission_tuple_to_dict(perm) for perm in UserService.resources_with_possible_perms(user) ]
def resources_with_possible_perms(self, resource_ids=None, resource_types=None, db_session=None): """ .. deprecated:: 0.8 :param resource_ids: :param resource_types: :param db_session: :return: """ db_session = get_db_session(db_session, self) return UserService.resources_with_possible_perms( self, resource_ids=resource_ids, resource_types=resource_types, db_session=db_session)
def resources_with_possible_perms(self, resource_ids=None, resource_types=None, db_session=None): """ .. deprecated:: 0.8 :param resource_ids: :param resource_types: :param db_session: :return: """ db_session = get_db_session(db_session, self) return UserService.resources_with_possible_perms( self, resource_ids=resource_ids, resource_types=resource_types, db_session=db_session)