def test_set_admin_permission(user_factory, folder):
admin = user_factory(is_superuser=True)
grant = PermissionGrant(user_or_group=admin, permission=Permission.read)
tree = folder.tree
tree.grant_permission(grant)
assert grant in tree.list_granted_permissions()
def list_granted_permissions(self) -> List[PermissionGrant]:
"""Return a list of all permission grants associated with a tree."""
grants: List[PermissionGrant] = []
permission_strings = {p.value for p in Permission}
for user, perms in get_users_with_perms(
self, attach_perms=True, with_group_users=False, only_with_perms_in=permission_strings
).items():
for perm in perms:
grants.append(PermissionGrant(user_or_group=user, permission=Permission(perm)))
for group, perms in get_groups_with_perms(self, attach_perms=True).items():
for perm in perms:
if perm in permission_strings:
grants.append(PermissionGrant(user_or_group=group, permission=Permission(perm)))
return grants
def command(depth: int, branching: int, files: int,
user_id: typing.Optional[int]):
user = UserFactory() if user_id is None else User.objects.get(id=user_id)
_populate_subtree(None, depth, user, branching, files)
for tree in Tree.objects.all():
tree.grant_permission(
PermissionGrant(user_or_group=user, permission=Permission.admin))
def test_terms_agreement_get_existing(api_client, terms_agreement):
user = terms_agreement.user
terms_agreement.terms.tree.grant_permission(
PermissionGrant(user_or_group=user, permission=Permission.read))
api_client.force_authenticate(user=user)
resp = api_client.get(
f'/api/v2/folders/{terms_agreement.terms.tree.root_folder.id}/terms/agreement'
)
assert resp.status_code == 204
def perform_create(self, serializer: FolderSerializer):
parent: Folder = serializer.validated_data['parent']
user: User = self.request.user
if parent:
tree = parent.tree
if not tree.has_permission(user, permission=Permission.write):
raise PermissionDenied()
else:
# Use the user's quota for the new tree
tree = Tree.objects.create(quota=user.quota)
tree.grant_permission(PermissionGrant(user_or_group=user, permission=Permission.admin))
serializer.save(tree=tree, creator=user)
def test_terms_agreement_get_updated(api_client, terms_agreement):
# Updated terms should require re-agreement
terms_agreement.terms.text += 'extra content'
terms_agreement.terms.save()
user = terms_agreement.user
terms_agreement.terms.tree.grant_permission(
PermissionGrant(user_or_group=user, permission=Permission.read))
api_client.force_authenticate(user=user)
resp = api_client.get(
f'/api/v2/folders/{terms_agreement.terms.tree.root_folder.id}/terms/agreement'
)
assert resp.status_code == 200
assert resp.data['text'] == terms_agreement.terms.text
def test_authorized_upload_success(api_client, authorized_upload):
authorized_upload.folder.tree.grant_permission(
PermissionGrant(authorized_upload.creator, Permission.write))
resp = api_client.post(
'/api/v2/files',
data={
'name': 'foo.txt',
'size': 123,
'folder': authorized_upload.folder.id,
'authorization': authorized_upload.signature,
},
)
assert resp.status_code == 201
assert resp.data['creator'] == authorized_upload.creator.id
def _set_tree_permissions(tree: Tree, collection: dict,
user_map: UserMap) -> None:
# Currently this just sets the ACL of the tree to be the ACL of the collection.
# Any differing permissions in subfolders are ignored."""
user_acl = collection.get('access', {}).get('users', [])
grants: List[PermissionGrant] = []
for user_entry in user_acl:
oid = str(user_entry['id'])
if oid in user_map:
perm = PERM_MAP[user_entry['level']]
grants.append(PermissionGrant(user_map[oid], perm))
# TODO groups?
tree.set_permission_list(grants)
def test_delete_permissions(api_client, user, user_factory, admin_folder):
user2 = user_factory()
api_client.force_authenticate(user=user)
admin_folder.tree.grant_permission(
PermissionGrant(user_or_group=user2, permission=Permission.read), )
assert admin_folder.tree.has_permission(user2, Permission.read)
data = [{
'name': user2.username,
'model': 'user',
'permission': 'read',
}]
resp = api_client.delete(f'/api/v2/folders/{admin_folder.id}/permissions',
data=data,
format='json')
assert resp.status_code == 200
assert not admin_folder.tree.has_permission(user2, Permission.read)
def to_internal_value(self, data):
return PermissionGrant(
user_or_group=self._load_user_or_group(data),
permission=Permission[data['permission']],
)
def _sync_root_folders(db: Database, user_map: UserMap,
skip_collections: Set[str],
skip_users: Set[str]) -> None:
collections = list(db.collection.find())
for collection in collections:
if str(collection['_id']) in skip_collections:
continue
try:
folder = Folder.objects.get(parent=None, name=collection['name'])
except Folder.DoesNotExist:
with transaction.atomic():
creator = user_map[str(collection.get('creatorId'))]
tree: Tree = Tree.objects.create(quota=creator.quota,
public=collection.get(
'public', False))
folder = Folder(
parent=None,
tree=tree,
name=collection['name'],
description=collection.get('description') or '',
user_metadata=collection.get('meta', {}),
legacy_id=str(collection['_id']),
creator=creator,
)
folder.save()
folder.created = aware_date(collection['created'])
folder.save(update_fields=['created'])
_set_tree_permissions(folder.tree, collection, user_map)
legacy_folders = list(
db.folder.find({
'parentId': collection['_id'],
'parentCollection': 'collection'
}))
for legacy_folder in legacy_folders:
_sync_folder(db, legacy_folder, folder, user_map)
print(f'CHECKPOINT collection {str(collection["_id"])}')
del collections
legacy_users = list(db.user.find())
for legacy_user in legacy_users:
if str(legacy_user['_id']) in skip_users:
continue
folder_name = f'@{legacy_user["login"]}'
user = user_map[str(legacy_user['login'])]
try:
folder = Folder.objects.get(parent=None, name=folder_name)
except Folder.DoesNotExist:
with transaction.atomic():
tree: Tree = Tree.objects.create(quota=user.quota,
public=False)
tree.grant_permission(PermissionGrant(user, Permission.admin))
folder = Folder(
parent=None,
tree=tree,
name=folder_name,
description=
f'Migrated user data for {legacy_user["login"]}',
creator=user,
)
folder.save()
folder.created = aware_date(legacy_user['created'])
folder.save(update_fields=['created'])
legacy_folders = list(
db.folder.find({
'parentId': legacy_user['_id'],
'parentCollection': 'user'
}))
for legacy_folder in legacy_folders:
_sync_folder(db, legacy_folder, folder, user_map)
print(f'CHECKPOINT user {str(legacy_user["_id"])}')