def test_group_edge_roles_order_unchanged():
# The order of the GROUP_EDGE_ROLES tuple matters: new roles must be
# appended. This test attempts exposes that information to help prevent
# that from happening accidentally.
assert GROUP_EDGE_ROLES.index("member") == 0
assert GROUP_EDGE_ROLES.index("manager") == 1
assert GROUP_EDGE_ROLES.index("owner") == 2
assert GROUP_EDGE_ROLES.index("np-owner") == 3
def test_group_edge_roles_order_unchanged():
# The order of the GROUP_EDGE_ROLES tuple matters: new roles must be
# appended. This test attempts exposes that information to help prevent
# that from happening accidentally.
assert GROUP_EDGE_ROLES.index("member") == 0
assert GROUP_EDGE_ROLES.index("manager") == 1
assert GROUP_EDGE_ROLES.index("owner") == 2
assert GROUP_EDGE_ROLES.index("np-owner") == 3
def user_permissions(session, user):
user_groups = get_all_groups_by_user(session, user)
non_np = [grp.name for grp, role in user_groups if role != GROUP_EDGE_ROLES.index("np-owner")]
now = datetime.utcnow()
permissions = session.query(
Permission.name,
PermissionMap.argument,
PermissionMap.granted_on,
Group,
).filter(
PermissionMap.permission_id == Permission.id,
PermissionMap.group_id == Group.id,
GroupEdge.group_id == Group.id,
GroupEdge.active == True,
user.enabled == True,
Group.enabled == True,
Group.name.in_(non_np),
or_(
GroupEdge.expiration > now,
GroupEdge.expiration == None
)
).order_by(
asc("name"), asc("argument"), asc("groupname")
).all()
return permissions
def user_role_index(user, members):
if user_is_group_admin(user.session, user):
return GROUP_EDGE_ROLES.index("owner")
member = members.get(("User", user.name))
if not member:
return None
return member.role
def user_role_index(user, members):
if user_is_group_admin(user.session, user):
return GROUP_EDGE_ROLES.index("owner")
member = members.get(("User", user.name))
if not member:
return None
return member.role
def user_permissions(session, user):
user_groups = get_all_groups_by_user(session, user)
non_np = [
grp.name for grp, role in user_groups
if role != GROUP_EDGE_ROLES.index("np-owner")
]
now = datetime.utcnow()
permissions = session.query(
Permission.name,
PermissionMap.argument,
PermissionMap.granted_on,
Group,
).filter(
PermissionMap.permission_id == Permission.id,
PermissionMap.group_id == Group.id, GroupEdge.group_id == Group.id,
GroupEdge.active == True, user.enabled == True, Group.enabled == True,
Group.name.in_(non_np),
or_(GroupEdge.expiration > now,
GroupEdge.expiration == None)).order_by(asc("name"),
asc("argument"),
asc("groupname")).all()
return permissions
