def _create_mapped_acls(self, acl, role_map):
"""Helper to propagate roles for auditors and captains"""
audit = acl.object
assert isinstance(audit, all_models.Audit), \
"`{}` role assigned to a non Audit object.".format(acl.ac_role.name)
# Add Audit Captains Mapped role to all the objects in the audit
snapshots_cache = self.caches["snapshots_cache"]
acl_manager = self.caches["access_control_list_manager"]
relationship_cache = self.caches["relationship_cache"]
if audit.id not in snapshots_cache:
snapshots_cache[audit.id] = all_models.Snapshot.query.filter(
all_models.Snapshot.parent_id == audit.id,
all_models.Snapshot.parent_type == "Audit").options(
load_only("id")).all()
for snapshot in snapshots_cache[audit.id]:
acl_manager.get_or_create(snapshot, acl, acl.person,
role_map["Snapshot"])
# Add Audit Captains Mapped to all related
audit_stub = Stub(acl.object_type, acl.object_id)
related_stubs = related([audit_stub], relationship_cache)
for stub in related_stubs[audit_stub]:
if stub.type not in ("Assessment", "AssessmentTemplate", "Issue",
"Comment", "Document"):
continue
acl_manager.get_or_create(stub, acl, acl.person,
role_map[stub.type])
# Add Audit Captains Mapped to all realted comments and documents
mapped_stubs = related(related_stubs[audit_stub], relationship_cache)
for parent in mapped_stubs:
for stub in mapped_stubs[parent]:
if stub.type not in ("Comment", "Document"):
continue
acl_manager.get_or_create(stub, acl, acl.person,
role_map[stub.type])
def handle_acl_creation(session):
"""Create relations for mapped objects."""
base_objects = defaultdict(set)
for obj in session.new:
if isinstance(obj, all_models.AccessControlList):
acr_id = obj.ac_role.id if obj.ac_role else obj.ac_role_id
acr_name = get_custom_roles_for(obj.object_type).get(acr_id)
if acr_name in Assignable.ASSIGNEE_TYPES:
base_objects[Stub(obj.object_type, obj.object_id)].add(obj)
if base_objects:
related_objects = related(base_objects.keys(), RelationshipsCache())
snapshot_ids = collect_snapshot_ids(related_objects)
if snapshot_ids:
add_related_snapshots(snapshot_ids, related_objects)
create_related_roles(base_objects, related_objects)
def handle_relationships(self, propagation, acl):
"""Hanle relationships"""
relationship_cache = self.relationship_cache
role_map = self.program_roles
acl_manager = self.access_control_list_manager
program_stub = Stub(acl.object_type, acl.object_id)
related_stubs = related([program_stub], relationship_cache)
for stub in related_stubs[program_stub]:
if not (propagation["type"] == "any"
or stub.type in propagation["type"].split(",")):
continue
role_id = role_map[ROLE_PROPAGATION[self._get_acr_name(acl)]]
child = acl_manager.get_or_create(stub, acl, acl.person, role_id)
if "propagate" in propagation:
self.handle_propagation(propagation["propagate"], child)