def create_system_roles():
log.info("Creating system roles...")
# emails are needed only to enforce the email requirement on all other users
Role.load_or_create(Role.SYSTEM_GUEST,
Role.SYSTEM,
'All visitors',
email="*****@*****.**")
Role.load_or_create(Role.SYSTEM_USER,
Role.SYSTEM,
'Logged-in users',
email="*****@*****.**")
db.session.commit()
def update(self, data, authz):
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.summary = data.get('summary', self.summary)
self.publisher = data.get('publisher', self.publisher)
self.publisher_url = data.get('publisher_url', self.publisher_url)
self.info_url = data.get('info_url', self.info_url)
self.data_url = data.get('data_url', self.data_url)
self.countries = ensure_list(data.get('countries', self.countries))
self.languages = ensure_list(data.get('languages', self.languages))
# Some fields are editable only by admins in order to have
# a strict separation between source evidence and case
# material.
if authz.is_admin:
self.category = data.get('category', self.category)
self.casefile = as_bool(data.get('casefile'),
default=self.casefile)
creator = Role.by_id(data.get('creator_id'))
if creator is not None:
self.creator = creator
self.touch()
db.session.flush()
if self.creator is not None:
Permission.grant(self, self.creator, True, True)
def update(self, data, authz):
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.publisher = data.get('publisher', self.publisher)
self.publisher_url = data.get('publisher_url', self.publisher_url)
if self.publisher_url is not None:
self.publisher_url = stringify(self.publisher_url)
self.info_url = data.get('info_url', self.info_url)
if self.info_url is not None:
self.info_url = stringify(self.info_url)
self.data_url = data.get('data_url', self.data_url)
if self.data_url is not None:
self.data_url = stringify(self.data_url)
self.countries = ensure_list(data.get('countries', self.countries))
self.countries = [registry.country.clean(val) for val in self.countries] # noqa
self.languages = ensure_list(data.get('languages', self.languages))
self.languages = [registry.language.clean(val) for val in self.languages] # noqa
self.frequency = data.get('frequency', self.frequency)
self.restricted = data.get('restricted', self.restricted)
self.xref = data.get('xref', self.xref)
# Some fields are editable only by admins in order to have
# a strict separation between source evidence and case
# material.
if authz.is_admin:
self.category = data.get('category', self.category)
creator = ensure_dict(data.get('creator'))
creator_id = data.get('creator_id', creator.get('id'))
creator = Role.by_id(creator_id)
if creator is not None:
self.creator = creator
self.touch()
db.session.flush()
def update(self, data, authz):
self.label = data.get("label", self.label)
self.summary = data.get("summary", self.summary)
self.publisher = data.get("publisher", self.publisher)
self.publisher_url = data.get("publisher_url", self.publisher_url)
if self.publisher_url is not None:
self.publisher_url = stringify(self.publisher_url)
self.info_url = data.get("info_url", self.info_url)
if self.info_url is not None:
self.info_url = stringify(self.info_url)
self.data_url = data.get("data_url", self.data_url)
if self.data_url is not None:
self.data_url = stringify(self.data_url)
countries = ensure_list(data.get("countries", self.countries))
self.countries = [registry.country.clean(val) for val in countries]
languages = ensure_list(data.get("languages", self.languages))
self.languages = [registry.language.clean(val) for val in languages]
self.frequency = data.get("frequency", self.frequency)
self.restricted = data.get("restricted", self.restricted)
self.xref = data.get("xref", self.xref)
# Some fields are editable only by admins in order to have
# a strict separation between source evidence and case
# material.
if authz.is_admin:
self.category = data.get("category", self.category)
creator = ensure_dict(data.get("creator"))
creator_id = data.get("creator_id", creator.get("id"))
creator = Role.by_id(creator_id)
if creator is not None:
self.creator = creator
self.touch()
db.session.flush()
def secret(self):
q = db.session.query(Permission.id)
q = q.filter(Permission.role_id.in_(Role.public_roles()))
q = q.filter(Permission.collection_id == self.id)
q = q.filter(Permission.read == True) # noqa
q = q.filter(Permission.deleted_at == None) # noqa
return q.count() < 1
def secret(self):
q = db.session.query(Permission.id)
q = q.filter(Permission.role_id.in_(Role.public_roles()))
q = q.filter(Permission.collection_id == self.id)
q = q.filter(Permission.read == True) # noqa
q = q.filter(Permission.deleted_at == None) # noqa
return q.count() < 1
def update(self, data):
creator_id = data.get('creator_id')
if creator_id is not None and creator_id != self.creator_id:
role = Role.by_id(creator_id)
if role is not None and role.type == Role.USER:
self.creator_id = role.id
Permission.grant_collection(self.id, role, True, True)
self.schema_update(data)
def update(self, data):
creator_id = data.get('creator_id')
if creator_id is not None and creator_id != self.creator_id:
role = Role.by_id(creator_id)
if role is not None and role.type == Role.USER:
self.creator_id = role.id
Permission.grant_collection(self.id, role, True, True)
self.schema_update(data)
def update_creator(self, role):
"""Set the creator (and admin) of a collection."""
if not isinstance(role, Role):
role = Role.by_id(role)
if role is None or role.type != Role.USER:
return
self.creator = role
db.session.add(self)
db.session.flush()
Permission.grant(self, role, True, True)
def update(self, data, creator=None):
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.category = data.get('category', self.category)
self.managed = data.get('managed', False)
self.countries = data.get('countries', [])
if creator is None:
creator = Role.by_id(data.get('creator_id'))
self.creator = creator
self.updated_at = datetime.utcnow()
db.session.add(self)
db.session.flush()
if creator is not None:
Permission.grant(self, creator, True, True)
def update(self, data):
validate(data, self._schema)
creator_id = data.get('creator_id')
if creator_id is not None and creator_id != self.creator_id:
role = Role.by_id(creator_id)
if role is not None and role.type == Role.USER:
self.creator_id = role.id
Permission.grant_collection(self.id, role, True, True)
self.label = data.get('label')
self.summary = data.get('summary', self.summary)
self.category = data.get('category', self.category)
self.managed = data.get('managed')
self.private = data.get('private')
self.countries = data.pop('countries', [])
def update(self, data, creator=None):
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.summary = data.get('summary', self.summary)
self.publisher = data.get('publisher', self.publisher)
self.publisher_url = data.get('publisher_url', self.publisher_url)
self.info_url = data.get('info_url', self.info_url)
self.data_url = data.get('data_url', self.data_url)
self.category = data.get('category') or self.DEFAULT
self.casefile = as_bool(data.get('casefile'), default=False)
self.countries = data.get('countries', [])
self.languages = data.get('languages', [])
if creator is None:
creator = Role.by_id(data.get('creator_id'))
self.creator = creator
self.updated_at = datetime.utcnow()
db.session.add(self)
db.session.flush()
if creator is not None:
Permission.grant(self, creator, True, True)
def update(self, data, creator=None):
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.summary = data.get('summary', self.summary)
self.publisher = data.get('publisher', self.publisher)
self.publisher_url = data.get('publisher_url', self.publisher_url)
self.info_url = data.get('info_url', self.info_url)
self.data_url = data.get('data_url', self.data_url)
self.category = data.get('category', self.category)
self.casefile = as_bool(data.get('casefile'), default=self.casefile)
self.countries = ensure_list(data.get('countries', self.countries))
self.languages = ensure_list(data.get('languages', self.languages))
if creator is None:
creator = Role.by_id(data.get('creator_id'))
if creator is not None:
self.creator = creator
self.touch()
db.session.flush()
if self.creator is not None:
Permission.grant(self, self.creator, True, True)
def update(self, data, creator=None):
self.updated_at = datetime.utcnow()
self.label = data.get('label', self.label)
self.summary = data.get('summary', self.summary)
self.summary = data.get('summary', self.summary)
self.publisher = data.get('publisher', self.publisher)
self.publisher_url = data.get('publisher_url', self.publisher_url)
self.info_url = data.get('info_url', self.info_url)
self.data_url = data.get('data_url', self.data_url)
self.category = data.get('category', self.category)
self.casefile = as_bool(data.get('casefile'), default=self.casefile)
self.countries = ensure_list(data.get('countries', self.countries))
self.languages = ensure_list(data.get('languages', self.languages))
if creator is None:
creator = Role.by_id(data.get('creator_id'))
if creator is not None:
self.creator = creator
db.session.add(self)
db.session.flush()
if self.creator is not None:
Permission.grant(self, self.creator, True, True)
def create_system_roles():
log.info("Creating system roles...")
Role.load_or_create(Role.SYSTEM_GUEST, Role.SYSTEM, 'All visitors')
Role.load_or_create(Role.SYSTEM_USER, Role.SYSTEM, 'Logged-in users')
db.session.commit()
def create_system_roles():
log.info("Creating system roles...")
Role.load_or_create(Role.SYSTEM_GUEST, Role.SYSTEM, 'All visitors')
Role.load_or_create(Role.SYSTEM_USER, Role.SYSTEM, 'Logged-in users')
db.session.commit()
def grant_foreign(cls, collection, foreign_id, read, write):
role = Role.by_foreign_id(foreign_id)
if role is None:
return
cls.grant_collection(collection.id, role, read, write)
def grant_foreign(cls, collection, foreign_id, read, write):
role = Role.by_foreign_id(foreign_id)
if role is None:
return
cls.grant_collection(collection.id, role, read, write)
def team(self):
q = Role.all()
q = q.filter(Role.type != Role.SYSTEM)
q = q.filter(Role.id == Permission.role_id)
q = q.filter(Permission.collection_id == self.id)
return q
