def from_role(cls, role): roles = set([Role.load_id(Role.SYSTEM_GUEST)]) if role is None: return cls(None, roles) roles.add(role.id) roles.add(Role.load_id(Role.SYSTEM_USER)) roles.update([g.id for g in role.roles]) return cls(role.id, roles, is_admin=role.is_admin)
def __init__(self, role=None, override=False): self.roles = set([Role.load_id(Role.SYSTEM_GUEST)]) self.role = role self.logged_in = role is not None self.override = self.is_admin = override self.in_maintenance = get_config('MAINTENANCE') if self.logged_in: self.is_admin = role.is_admin self.roles.add(role.id) self.roles.add(Role.load_id(Role.SYSTEM_USER)) for group in role.roles: self.roles.add(group.id) # Pre-load collection authorisation info and cache the result. # This is the core authorisation function, and is called at least once # per request. It will query and cache the ID for all collections the # current user is authorised to read or write. self.collections = { self.READ: set(), self.WRITE: set(), self.PUBLIC: set() } q = db.session.query(Permission.collection_id, Permission.role_id, Permission.read, Permission.write) q = q.filter(Permission.deleted_at == None) # noqa q = q.filter(Permission.role_id.in_(self.roles)) q = q.filter(Permission.collection_id != None) # noqa for collection_id, role_id, read, write in q: if read or write: self.collections[self.READ].add(collection_id) if role_id in get_public_roles(): self.collections[self.PUBLIC].add(collection_id) if write and self.logged_in: self.collections[self.WRITE].add(collection_id) if self.is_admin: q = Collection.all_ids().filter( Collection.deleted_at == None) # noqa for collection_id, in q: self.collections[self.READ].add(collection_id) self.collections[self.WRITE].add(collection_id) # Disable all in maintenance mode. if self.in_maintenance: self.collections[self.WRITE] = set() self.collections_read = list(self.collections[self.READ]) self.collections_write = list(self.collections[self.WRITE])
def __init__(self, role=None, override=False): self._cache = {} self.roles = set([Role.load_id(Role.SYSTEM_GUEST)]) self.role = role self.logged_in = role is not None self.id = role.id if role is not None else None self.is_admin = override self.in_maintenance = settings.MAINTENANCE self.session_write = not self.in_maintenance and self.logged_in if self.logged_in and not self.is_admin: self.is_admin = role.is_admin self.roles.add(role.id) self.roles.add(Role.load_id(Role.SYSTEM_USER)) for group in role.roles: self.roles.add(group.id)
def login(self, foreign_id='tester', name=None, email=None, is_admin=False): role = self.create_user(foreign_id=foreign_id, name=name, email=email, is_admin=is_admin) with self.client.session_transaction() as sess: sess['roles'] = [ Role.load_id(Role.SYSTEM_GUEST), Role.load_id(Role.SYSTEM_USER), role.id ] sess['user'] = role.id return role
def __init__(self, name, data): self.name = six.text_type(name) self.data = data self.label = data.get('label', name) self.info_url = data.get('info_url') self.category = data.get('category') self.roles = [] self.entities_count = None self.public = False for role in dict_list(data, 'roles', 'role'): role_id = Role.load_id(role) if role_id is not None: self.roles.append(role_id) else: log.warning("Could not find role: %s", role) if role_id in get_public_roles(): self.public = True if not len(self.roles): raise ValueError("No roles for dataset: %s" % self.name) self._queries = dict_list(data, 'queries', 'query')
def get_public_roles(): """Roles which make a collection to be considered public.""" return [ Role.load_id(Role.SYSTEM_GUEST), Role.load_id(Role.SYSTEM_USER), ]