def test_set_admin_permission(user_factory, folder): admin = user_factory(is_superuser=True) grant = PermissionGrant(user_or_group=admin, permission=Permission.read) tree = folder.tree tree.grant_permission(grant) assert grant in tree.list_granted_permissions()
def list_granted_permissions(self) -> List[PermissionGrant]: """Return a list of all permission grants associated with a tree.""" grants: List[PermissionGrant] = [] permission_strings = {p.value for p in Permission} for user, perms in get_users_with_perms( self, attach_perms=True, with_group_users=False, only_with_perms_in=permission_strings ).items(): for perm in perms: grants.append(PermissionGrant(user_or_group=user, permission=Permission(perm))) for group, perms in get_groups_with_perms(self, attach_perms=True).items(): for perm in perms: if perm in permission_strings: grants.append(PermissionGrant(user_or_group=group, permission=Permission(perm))) return grants
def command(depth: int, branching: int, files: int, user_id: typing.Optional[int]): user = UserFactory() if user_id is None else User.objects.get(id=user_id) _populate_subtree(None, depth, user, branching, files) for tree in Tree.objects.all(): tree.grant_permission( PermissionGrant(user_or_group=user, permission=Permission.admin))
def test_terms_agreement_get_existing(api_client, terms_agreement): user = terms_agreement.user terms_agreement.terms.tree.grant_permission( PermissionGrant(user_or_group=user, permission=Permission.read)) api_client.force_authenticate(user=user) resp = api_client.get( f'/api/v2/folders/{terms_agreement.terms.tree.root_folder.id}/terms/agreement' ) assert resp.status_code == 204
def perform_create(self, serializer: FolderSerializer): parent: Folder = serializer.validated_data['parent'] user: User = self.request.user if parent: tree = parent.tree if not tree.has_permission(user, permission=Permission.write): raise PermissionDenied() else: # Use the user's quota for the new tree tree = Tree.objects.create(quota=user.quota) tree.grant_permission(PermissionGrant(user_or_group=user, permission=Permission.admin)) serializer.save(tree=tree, creator=user)
def test_terms_agreement_get_updated(api_client, terms_agreement): # Updated terms should require re-agreement terms_agreement.terms.text += 'extra content' terms_agreement.terms.save() user = terms_agreement.user terms_agreement.terms.tree.grant_permission( PermissionGrant(user_or_group=user, permission=Permission.read)) api_client.force_authenticate(user=user) resp = api_client.get( f'/api/v2/folders/{terms_agreement.terms.tree.root_folder.id}/terms/agreement' ) assert resp.status_code == 200 assert resp.data['text'] == terms_agreement.terms.text
def test_authorized_upload_success(api_client, authorized_upload): authorized_upload.folder.tree.grant_permission( PermissionGrant(authorized_upload.creator, Permission.write)) resp = api_client.post( '/api/v2/files', data={ 'name': 'foo.txt', 'size': 123, 'folder': authorized_upload.folder.id, 'authorization': authorized_upload.signature, }, ) assert resp.status_code == 201 assert resp.data['creator'] == authorized_upload.creator.id
def _set_tree_permissions(tree: Tree, collection: dict, user_map: UserMap) -> None: # Currently this just sets the ACL of the tree to be the ACL of the collection. # Any differing permissions in subfolders are ignored.""" user_acl = collection.get('access', {}).get('users', []) grants: List[PermissionGrant] = [] for user_entry in user_acl: oid = str(user_entry['id']) if oid in user_map: perm = PERM_MAP[user_entry['level']] grants.append(PermissionGrant(user_map[oid], perm)) # TODO groups? tree.set_permission_list(grants)
def test_delete_permissions(api_client, user, user_factory, admin_folder): user2 = user_factory() api_client.force_authenticate(user=user) admin_folder.tree.grant_permission( PermissionGrant(user_or_group=user2, permission=Permission.read), ) assert admin_folder.tree.has_permission(user2, Permission.read) data = [{ 'name': user2.username, 'model': 'user', 'permission': 'read', }] resp = api_client.delete(f'/api/v2/folders/{admin_folder.id}/permissions', data=data, format='json') assert resp.status_code == 200 assert not admin_folder.tree.has_permission(user2, Permission.read)
def to_internal_value(self, data): return PermissionGrant( user_or_group=self._load_user_or_group(data), permission=Permission[data['permission']], )
def _sync_root_folders(db: Database, user_map: UserMap, skip_collections: Set[str], skip_users: Set[str]) -> None: collections = list(db.collection.find()) for collection in collections: if str(collection['_id']) in skip_collections: continue try: folder = Folder.objects.get(parent=None, name=collection['name']) except Folder.DoesNotExist: with transaction.atomic(): creator = user_map[str(collection.get('creatorId'))] tree: Tree = Tree.objects.create(quota=creator.quota, public=collection.get( 'public', False)) folder = Folder( parent=None, tree=tree, name=collection['name'], description=collection.get('description') or '', user_metadata=collection.get('meta', {}), legacy_id=str(collection['_id']), creator=creator, ) folder.save() folder.created = aware_date(collection['created']) folder.save(update_fields=['created']) _set_tree_permissions(folder.tree, collection, user_map) legacy_folders = list( db.folder.find({ 'parentId': collection['_id'], 'parentCollection': 'collection' })) for legacy_folder in legacy_folders: _sync_folder(db, legacy_folder, folder, user_map) print(f'CHECKPOINT collection {str(collection["_id"])}') del collections legacy_users = list(db.user.find()) for legacy_user in legacy_users: if str(legacy_user['_id']) in skip_users: continue folder_name = f'@{legacy_user["login"]}' user = user_map[str(legacy_user['login'])] try: folder = Folder.objects.get(parent=None, name=folder_name) except Folder.DoesNotExist: with transaction.atomic(): tree: Tree = Tree.objects.create(quota=user.quota, public=False) tree.grant_permission(PermissionGrant(user, Permission.admin)) folder = Folder( parent=None, tree=tree, name=folder_name, description= f'Migrated user data for {legacy_user["login"]}', creator=user, ) folder.save() folder.created = aware_date(legacy_user['created']) folder.save(update_fields=['created']) legacy_folders = list( db.folder.find({ 'parentId': legacy_user['_id'], 'parentCollection': 'user' })) for legacy_folder in legacy_folders: _sync_folder(db, legacy_folder, folder, user_map) print(f'CHECKPOINT user {str(legacy_user["_id"])}')