def put_permissions_for_role(request): discussion = request.context role_name = request.matchdict['role_name'] session = Discussion.default_db role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") permissions = set(session.query(Permission).filter(Permission.name.in_(data)).all()) data = set(data) if len(permissions) != len(data): raise HTTPBadRequest("Not valid permissions: %s" % (repr( data - set((p.name for p in permissions))),)) known_dp = session.query(DiscussionPermission).join(Permission).filter( role=role, discussion=discussion).all() dp_by_permission = {dp.permission.name: dp for dp in known_dp} known_permissions = set(dp_by_permission.keys()) for permission in known_permissions - permissions: session.delete(dp_by_permission[permission]) for permission in permissions - known_permissions: session.add(DiscussionPermission( role=role, permission=permission, discussion=discussion)) return {"added": list(permissions - known_permissions), "removed": list(known_permissions - permissions)}
def get_permissions_for_role(request): discussion = request.context role_name = request.matchdict['role_name'] role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) return discussion.get_permissions_by_role().get(role_name, [])
def put_permissions_for_role(request): discussion_id = int(request.matchdict['discussion_id']) role_name = request.matchdict['role_name'] session = Discussion.db() discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %d does not exist" % (discussion_id,)) role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") permissions = set(session.query(Permission).filter(Permission.name.in_(data)).all()) data = set(data) if len(permissions) != len(data): raise HTTPBadRequest("Not valid permissions: %s" % (repr( data - set((p.name for p in permissions))),)) known_dp = session.query(DiscussionPermission).join(Permission).filter( role=role, discussion=discussion).all() dp_by_permission = {dp.permission.name: dp for dp in known_dp} known_permissions = set(dp_by_permission.keys()) for permission in known_permissions - permissions: session.delete(dp_by_permission[permission]) for permission in permissions - known_permissions: session.add(DiscussionPermission( role=role, permission=permission, discussion=discussion)) return {"added": list(permissions - known_permissions), "removed": list(known_permissions - permissions)}
def get_permissions_for_role(request): discussion_id = int(request.matchdict['discussion_id']) role_name = request.matchdict['role_name'] session = Discussion.default_db discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, )) role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name, )) return discussion.get_permissions_by_role().get(role_name, [])
def get_permissions_for_role(request): discussion_id = int(request.matchdict['discussion_id']) role_name = request.matchdict['role_name'] session = Discussion.db() discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %d does not exist" % (discussion_id,)) role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) return discussion.get_permissions_by_role().get(role_name, [])