def _resolveQuery(self, session, objects, query):
"""Resolve a L{Query}.
@param session: The L{FluidinfoSession} for the request.
@param objects: The L{SecureObjectAPI} to use to fetch object IDs.
@param query: The L{Query} to resolve.
@return: A C{list} of object ID C{str}s that match the query.
"""
try:
result = objects.search([query])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentTag(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
raise TNonexistentTag(deniedPath)
try:
with session.timer.track('index-search'):
result = blockingCallFromThread(reactor, result.get)
except SearchError as error:
session.log.exception(error)
raise TParseError(query, error.message)
return result[query]
def run():
tagValues = SecureTagValueAPI(session.auth.user)
try:
result = tagValues.get([objectID], [path])
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
raise TNonexistentTag(path_)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path)
if not result:
raise TNoInstanceOnObject(path, objectId)
else:
tagValue = result[objectID][path]
value = tagValue.value
# FIXME This is a bit crap, but its easier than modifying
# Thrift-related logic.
if isinstance(value, dict):
mimeType = value['mime-type'].encode('utf-8')
value = createBinaryThriftValue(value['contents'],
mimeType)
elif isinstance(value, UUID):
value = createThriftValue(str(value))
else:
value = createThriftValue(value)
return (value, tagValue)
def run():
objects = SecureObjectAPI(session.auth.user)
try:
searchQueries = objects.search(valuesByQuery.keys())
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
raise TNonexistentTag(unknownPath.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
if operation == Operation.CREATE_OBJECT:
raise TUnauthorized()
else:
raise TNonexistentTag(path_)
# Run queries.
try:
with session.timer.track('index-search'):
result = blockingCallFromThread(reactor, searchQueries.get)
except SearchError as error:
session.log.exception(error)
raise TParseError(query, error.message)
# Build a result set from the searches.
values = {}
for parsedQuery, objectIDs in result.iteritems():
for objectID in objectIDs:
for tagAndValue in valuesByQuery[parsedQuery]:
value = guessValue(tagAndValue.value)
# FIXME: this code sucks, but I rather not having
# to modify guessValue to return a list, as that
# would break other code.
# Hopefully, we'll be able to remove this pretty
# soon.
if isinstance(value, list):
value = [item.decode('utf-8') for item in value]
if objectID not in values:
values[objectID] = {}
values[objectID][tagAndValue.path] = value
# Update values.
if values:
tagValues = SecureTagValueAPI(session.auth.user)
try:
result = tagValues.set(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except MalformedPathError as error:
# FIXME: Modify MalformedPathError to have a path field.
raise TInvalidPath(str(error).encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
tagValues = SecureTagValueAPI(session.auth.user)
try:
values = tagValues.get([objectID], [path])
return createThriftValue(len(values.keys()) > 0)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
raise TNonexistentTag(path_)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
permissions.set([(path, operation, policy, exceptions)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except UnknownUserError as error:
# FIXME There could be more than one unknown username, but
# TNoSuchUser can only be passed a single username, so we'll
# only pass the first one. Ideally, we'd be able to pass all
# of them.
raise TNoSuchUser(error.usernames[0].encode('utf-8'))
except UserNotAllowedInExceptionError as error:
raise TInvalidUsername(str(error))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
def run():
tagValues = SecureTagValueAPI(session.auth.user)
objects = SecureObjectAPI(session.auth.user)
objectIDs = self._resolveQuery(session, objects, parsedQuery)
values = []
if tags is None:
# delete all tags user has permissions for
result = objects.getTagsByObjects(objectIDs,
Operation.DELETE_TAG_VALUE)
for objectID, paths in result.iteritems():
for path in paths:
values.append((objectID, path))
else:
# delete only tags requested by user
result = objects.getTagsByObjects(objectIDs)
for objectID, paths in result.iteritems():
for path in paths:
if tags is None or path in tags:
values.append((objectID, path))
if values:
try:
tagValues.delete(values)
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
try:
SecureTagValueAPI(session.auth.user).delete(values)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, path_)
def run():
value = {path: description}
try:
SecureTagAPI(session.auth.user).set(value)
except UnknownPathError as error:
session.log.exception(error)
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
def run():
tags = SecureTagAPI(session.auth.user)
result = tags.get([path], withDescriptions=returnDescription)
if not result:
raise TNonexistentTag()
else:
tag = TTag()
tag.objectId = str(result[path]['id'])
tag.path = path
tag.indexed = True
if returnDescription:
tag.description = result[path]['description']
return tag
def run():
tagValues = SecureTagValueAPI(session.auth.user)
objects = SecureObjectAPI(session.auth.user)
objectIDs = self._resolveQuery(session, objects, parsedQuery)
if not objectIDs:
return dumps({'results': {'id': {}}})
try:
values = tagValues.get(objectIDs, tags)
except UnknownPathError as error:
# One or more of the requested return Tag's doesn't exist.
# We'll filter them out and try again because we don't want to
# fail the request just because of a missing tag.
filteredTags = set(tags) - set(error.paths)
if not filteredTags:
return dumps({'results': {'id': {}}})
values = tagValues.get(objectIDs, filteredTags)
except PermissionDeniedError as error:
session.log.exception(error)
path_, operation = error.pathsAndOperations[0]
raise TNonexistentTag(path_)
valuesByObjectID = {}
for objectID, tagPaths in values.iteritems():
for tagPath, tagValue in tagPaths.iteritems():
value = tagValue.value
if isinstance(value, dict):
size = len(value[u'contents'])
mimeType = value[u'mime-type']
value = {u'value-type': mimeType,
u'size': size}
elif isinstance(value, UUID):
value = {'value': str(value)}
else:
value = {'value': value}
value['updated-at'] = tagValue.creationTime.isoformat()
value['username'] = tagValue.creator.username
objectID = str(objectID)
valuesByObjectID.setdefault(objectID, {})[tagPath] = value
result = {'results': {'id': valuesByObjectID}}
return dumps(result)
def run():
tags = SecureTagAPI(session.auth.user)
path = u'/'.join([parentNamespace, name])
try:
[(objectID, _)] = tags.create([(path, description)])
except DuplicatePathError as error:
session.log.exception(error)
raise TTagAlreadyExists(path.encode('utf-8'))
except UnknownPathError as error:
session.log.exception(error)
path = error.paths[0]
raise TNonexistentTag(path.encode('utf-8'))
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, operation = error.pathsAndOperations[0]
deniedPath = deniedPath.encode('utf-8')
category, action = getCategoryAndAction(operation)
raise TPathPermissionDenied(category, action, deniedPath)
except MalformedPathError as error:
session.log.exception(error)
raise TInvalidPath(path.encode('utf-8'))
return str(objectID)
def run():
permissions = SecurePermissionAPI(session.auth.user)
try:
result = permissions.get([(path, operation)])
except UnknownPathError as error:
session.log.exception(error)
unknownPath = error.paths[0]
if operation in Operation.TAG_OPERATIONS:
raise TNonexistentTag(unknownPath.encode('utf-8'))
if operation in Operation.NAMESPACE_OPERATIONS:
raise TNonexistentNamespace(unknownPath.encode('utf-8'))
raise
except PermissionDeniedError as error:
session.log.exception(error)
deniedPath, deniedOperation = error.pathsAndOperations[0]
deniedCategory, deniedAction = getCategoryAndAction(
deniedOperation)
raise TPathPermissionDenied(deniedPath, deniedCategory,
deniedAction)
policy, exceptions = result[(path, operation)]
policy = str(policy).lower()
return TPolicyAndExceptions(policy=policy, exceptions=exceptions)