def create_permission_requests(setup: SetupTest) -> None:
"""Create a permission requesting scenario.
Set up a permission requesting scenario in which [email protected] has both inbound and outbound
requests that they should be able to see on the requests page.
"""
with setup.transaction():
setup.create_permission("perm.hasgranter", description="perm with granter")
setup.create_permission("perm.nogranter", description="perm without granter")
setup.add_user_to_group("*****@*****.**", "auditors")
setup.grant_permission_to_group(PERMISSION_GRANT, "perm.hasgranter/a", "auditors")
setup.add_user_to_group("*****@*****.**", "group-admins")
setup.grant_permission_to_group(PERMISSION_ADMIN, "", "group-admins")
# The old API requires SQLAlchemy objects.
granting_user = User.get(setup.session, name="*****@*****.**")
assert granting_user
granting_group = Group.get(setup.session, name="auditors")
assert granting_group
requesting_user = User.get(setup.session, name="*****@*****.**")
assert requesting_user
requesting_group = Group.get(setup.session, name="group-admins")
assert requesting_group
perm_granter = Permission.get(setup.session, "perm.hasgranter")
assert perm_granter
perm_nogranter = Permission.get(setup.session, "perm.nogranter")
assert perm_nogranter
perm_admin = Permission.get(setup.session, PERMISSION_ADMIN)
assert perm_admin
# The old APIs require a global settings object.
set_global_settings(setup.settings)
# Request the two test perms from group-admins.
with setup.transaction():
create_request(
setup.session, requesting_user, requesting_group, perm_granter, "a", "reasons"
)
create_request(
setup.session, requesting_user, requesting_group, perm_nogranter, "a", "reasons"
)
# Finally make one more request from a user other than [email protected].
with setup.transaction():
create_request(setup.session, granting_user, granting_group, perm_admin, "a", "reasons")
def do_request_perms(groups, permissions, session, users): # noqa: F811
# Create the two test perms + PERMISSION_GRANT + PERMISSION_ADMIN, give GRANTING_TEAM
# appropriate PERMISSION_GRANT, and make sure there's an admin (has PERMISSION_ADMIN)
test_perm_granter = get_or_create_permission(
session, PERM_WITH_GRANTER, description="perm with granter"
)[0]
test_perm_nogranter = get_or_create_permission(
session, PERM_NO_GRANTER, description="perm without granter"
)[0]
grant_perm = get_or_create_permission(session, PERMISSION_GRANT)[0]
admin_perm = get_or_create_permission(session, PERMISSION_ADMIN)[0]
session.commit()
grant_permission(
groups[GRANTING_TEAM], grant_perm, argument="{}/{}".format(PERM_WITH_GRANTER, ARGUMENT)
)
grant_permission(groups[ADMIN_TEAM], admin_perm, argument="")
# Request the two test perms from REQUESTING_TEAM
create_request(
session,
users[REQUESTING_USER],
groups[REQUESTING_TEAM],
test_perm_granter,
ARGUMENT,
REASON,
)
create_request(
session,
users[REQUESTING_USER],
groups[REQUESTING_TEAM],
test_perm_nogranter,
ARGUMENT,
REASON,
)
# Finally make one more request from a user other than REQUESTING_USER
create_request(
session, users[GRANTING_USER], groups[GRANTING_TEAM], admin_perm, ARGUMENT, REASON
)
session.commit()
def do_request_perms(groups, permissions, session, users): # noqa: F811
# Create the two test perms + PERMISSION_GRANT + PERMISSION_ADMIN, give GRANTING_TEAM
# appropriate PERMISSION_GRANT, and make sure there's an admin (has PERMISSION_ADMIN)
test_perm_granter = get_or_create_permission(
session, PERM_WITH_GRANTER, description="perm with granter")[0]
test_perm_nogranter = get_or_create_permission(
session, PERM_NO_GRANTER, description="perm without granter")[0]
grant_perm = get_or_create_permission(session, PERMISSION_GRANT)[0]
admin_perm = get_or_create_permission(session, PERMISSION_ADMIN)[0]
session.commit()
grant_permission(groups[GRANTING_TEAM],
grant_perm,
argument="{}/{}".format(PERM_WITH_GRANTER, ARGUMENT))
grant_permission(groups[ADMIN_TEAM], admin_perm, argument="")
# Request the two test perms from REQUESTING_TEAM
create_request(
session,
users[REQUESTING_USER],
groups[REQUESTING_TEAM],
test_perm_granter,
ARGUMENT,
REASON,
)
create_request(
session,
users[REQUESTING_USER],
groups[REQUESTING_TEAM],
test_perm_nogranter,
ARGUMENT,
REASON,
)
# Finally make one more request from a user other than REQUESTING_USER
create_request(session, users[GRANTING_USER], groups[GRANTING_TEAM],
admin_perm, ARGUMENT, REASON)
session.commit()
def post(self, group_id=None, name=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
# only owner of group can request permissions for that group
role_index = self.current_user.my_role_index(group.my_members())
if role_index not in OWNER_ROLE_INDICES:
return self.forbidden()
# check inputs
args_by_perm = get_grantable_permissions(self.session,
settings.restricted_ownership_permissions)
dropdown_form, text_form = GroupPermissionRequest._get_forms(args_by_perm,
self.request.arguments)
argument_type = self.request.arguments.get("argument_type")
if argument_type and argument_type[0] == "text":
form = text_form
elif argument_type and argument_type[0] == "dropdown":
form = dropdown_form
form.argument.choices = [(a, a) for a in args_by_perm[form.permission_name.data]]
else:
# someone messing with the form
self.log_message("unknown argument type", group_name=group.name,
argument_type=argument_type)
return self.forbidden()
if not form.validate():
return self.render(
"group-permission-request.html", dropdown_form=dropdown_form,
text_form=text_form, group=group, args_by_perm_json=json.dumps(args_by_perm),
alerts=self.get_form_alerts(form.errors),
dropdown_help=settings.permission_request_dropdown_help,
text_help=settings.permission_request_text_help,
)
permission = Permission.get(self.session, form.permission_name.data)
assert permission is not None, "our prefilled permission should exist or we have problems"
# save off request
try:
permissions.create_request(self.session, self.current_user, group,
permission, form.argument.data, form.reason.data)
except permissions.RequestAlreadyGranted:
alerts = [Alert("danger", "This group already has this permission and argument.")]
except permissions.RequestAlreadyExists:
alerts = [Alert("danger",
"Request for permission and argument already exists, please wait patiently.")]
except permissions.NoOwnersAvailable:
self.log_message("prefilled perm+arg have no owner", group_name=group.name,
permission_name=permission.name, argument=form.argument.data)
alerts = [Alert("danger", "No owners available for requested permission and argument."
" If this error persists please contact an adminstrator.")]
else:
alerts = None
if alerts:
return self.render(
"group-permission-request.html", dropdown_form=dropdown_form,
text_form=text_form, group=group, args_by_perm_json=json.dumps(args_by_perm),
alerts=alerts,
)
else:
return self.redirect("/groups/{}".format(group.name))
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
form, args_by_perm = self._build_form(self.request.arguments)
if not form.validate():
return self.render(
"permission-request.html",
args_by_perm_json=json.dumps(args_by_perm),
form=form,
alerts=self.get_form_alerts(form.errors),
)
group = Group.get(self.session, name=form.group_name.data)
if group is None:
raise HTTPError(status_code=400, reason="that group does not exist")
permission = get_permission(self.session, form.permission_name.data)
if permission is None:
raise HTTPError(status_code=400, reason="that permission does not exist")
if permission.name not in args_by_perm:
raise HTTPError(status_code=400, reason="that permission was not in the form")
# save off request
try:
request = permissions.create_request(
self.session,
self.current_user,
group,
permission,
form.argument.data,
form.reason.data,
)
except permissions.RequestAlreadyGranted:
alerts = [Alert("danger", "This group already has this permission and argument.")]
except permissions.RequestAlreadyExists:
alerts = [
Alert(
"danger",
"Request for permission and argument already exists, please wait patiently.",
)
]
except permissions.NoOwnersAvailable:
self.log_message(
"prefilled perm+arg have no owner",
group_name=group.name,
permission_name=permission.name,
argument=form.argument.data,
)
alerts = [
Alert(
"danger",
"No owners available for requested permission and argument."
" If this error persists please contact an adminstrator.",
)
]
except UserNotAuditor as e:
alerts = [Alert("danger", str(e))]
else:
alerts = []
if alerts:
return self.render(
"permission-request.html",
args_by_perm_json=json.dumps(args_by_perm),
form=form,
alerts=alerts,
)
else:
return self.redirect("/permissions/requests/{}".format(request.id))
def post(self, group_id=None, name=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
# Only members can request permissions
if not self.current_user.is_member(group.my_members()):
return self.forbidden()
# check inputs
args_by_perm = get_grantable_permissions(
self.session, settings.restricted_ownership_permissions)
dropdown_form, text_form = GroupPermissionRequest._get_forms(
args_by_perm, self.request.arguments)
argument_type = self.request.arguments.get("argument_type")
if argument_type and argument_type[0] == "text":
form = text_form
elif argument_type and argument_type[0] == "dropdown":
form = dropdown_form
form.argument.choices = [
(a, a) for a in args_by_perm[form.permission_name.data]
]
else:
# someone messing with the form
self.log_message("unknown argument type",
group_name=group.name,
argument_type=argument_type)
return self.forbidden()
if not form.validate():
return self.render(
"group-permission-request.html",
dropdown_form=dropdown_form,
text_form=text_form,
group=group,
args_by_perm_json=json.dumps(args_by_perm),
alerts=self.get_form_alerts(form.errors),
dropdown_help=settings.permission_request_dropdown_help,
text_help=settings.permission_request_text_help,
)
permission = Permission.get(self.session, form.permission_name.data)
assert permission is not None, "our prefilled permission should exist or we have problems"
# save off request
try:
request = permissions.create_request(self.session,
self.current_user, group,
permission,
form.argument.data,
form.reason.data)
except permissions.RequestAlreadyGranted:
alerts = [
Alert("danger",
"This group already has this permission and argument.")
]
except permissions.RequestAlreadyExists:
alerts = [
Alert(
"danger",
"Request for permission and argument already exists, please wait patiently."
)
]
except permissions.NoOwnersAvailable:
self.log_message("prefilled perm+arg have no owner",
group_name=group.name,
permission_name=permission.name,
argument=form.argument.data)
alerts = [
Alert(
"danger",
"No owners available for requested permission and argument."
" If this error persists please contact an adminstrator.")
]
else:
alerts = None
if alerts:
return self.render(
"group-permission-request.html",
dropdown_form=dropdown_form,
text_form=text_form,
group=group,
args_by_perm_json=json.dumps(args_by_perm),
alerts=alerts,
)
else:
return self.redirect("/permissions/requests/{}".format(request.id))
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
group_id = kwargs.get("group_id") # type: Optional[int]
name = kwargs.get("name") # type: Optional[str]
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
# Only members can request permissions
if not self.current_user.is_member(group.my_members()):
return self.forbidden()
# check inputs
args_by_perm = get_grantable_permissions(
self.session, settings().restricted_ownership_permissions
)
dropdown_form, text_form = GroupPermissionRequest._get_forms(
args_by_perm, self.request.arguments
)
argument_type = self.request.arguments.get("argument_type")
if argument_type and argument_type[0].decode() == "text":
form = text_form
elif argument_type and argument_type[0].decode() == "dropdown":
form = dropdown_form
form.argument.choices = [(a, a) for a in args_by_perm[form.permission_name.data]]
else:
# someone messing with the form
self.log_message(
"unknown argument type", group_name=group.name, argument_type=argument_type
)
return self.forbidden()
if not form.validate():
return self.render(
"group-permission-request.html",
dropdown_form=dropdown_form,
text_form=text_form,
group=group,
args_by_perm_json=json.dumps(args_by_perm),
alerts=self.get_form_alerts(form.errors),
dropdown_help=settings().permission_request_dropdown_help,
text_help=settings().permission_request_text_help,
)
permission = get_permission(self.session, form.permission_name.data)
assert permission is not None, "our prefilled permission should exist or we have problems"
# save off request
try:
request = permissions.create_request(
self.session,
self.current_user,
group,
permission,
form.argument.data,
form.reason.data,
)
except permissions.RequestAlreadyGranted:
alerts = [Alert("danger", "This group already has this permission and argument.")]
except permissions.RequestAlreadyExists:
alerts = [
Alert(
"danger",
"Request for permission and argument already exists, please wait patiently.",
)
]
except permissions.NoOwnersAvailable:
self.log_message(
"prefilled perm+arg have no owner",
group_name=group.name,
permission_name=permission.name,
argument=form.argument.data,
)
alerts = [
Alert(
"danger",
"No owners available for requested permission and argument."
" If this error persists please contact an adminstrator.",
)
]
except UserNotAuditor as e:
alerts = [Alert("danger", str(e))]
else:
alerts = []
if alerts:
return self.render(
"group-permission-request.html",
dropdown_form=dropdown_form,
text_form=text_form,
group=group,
args_by_perm_json=json.dumps(args_by_perm),
alerts=alerts,
)
else:
return self.redirect("/permissions/requests/{}".format(request.id))