def post(self): can_create = user_creatable_permissions(self.session, self.current_user) if not can_create: return self.forbidden() form = PermissionCreateForm(self.request.arguments) if not form.validate(): return self.render("permission-create.html", form=form, alerts=self.get_form_alerts(form.errors)) # A user is allowed to create a permission if the name matches any of the globs that they # are given access to via PERMISSION_CREATE, as long as the permission does not match a # reserved name. (Unless specifically granted.) allowed = False for creatable in can_create: if matches_glob(creatable, form.data["name"]): allowed = True for failure_message in test_reserved_names(form.data["name"]): form.name.errors.append(failure_message) if not allowed: form.name.errors.append( "Permission name does not match any of your allowed patterns.") if form.name.errors: return self.render("permission-create.html", form=form, alerts=self.get_form_alerts(form.errors)) try: permission = create_permission(self.session, form.data["name"], form.data["description"]) self.session.flush() except IntegrityError: self.session.rollback() form.name.errors.append( "Name already in use. Permissions must be unique.") return self.render( "permission-create.html", form=form, can_create=can_create, alerts=self.get_form_alerts(form.errors), ) self.session.commit() AuditLog.log( self.session, self.current_user.id, "create_permission", "Created permission.", on_permission_id=permission.id, ) # No explicit refresh because handler queries SQL. return self.redirect("/permissions/{}".format(permission.name))
def get(self): can_create = user_creatable_permissions(self.session, self.current_user) if not can_create: return self.forbidden() return self.render( "permission-create.html", form=PermissionCreateForm(), can_create=can_create, )
def get(self): can_create = user_creatable_permissions(self.session, self.current_user) if not can_create: return self.forbidden() return self.render("permission-create.html", form=PermissionCreateForm(), can_create=can_create)
def post(self): can_create = user_creatable_permissions(self.session, self.current_user) if not can_create: return self.forbidden() form = PermissionCreateForm(self.request.arguments) if not form.validate(): return self.render( "permission-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) # A user is allowed to create a permission if the name matches any of the globs that they # are given access to via PERMISSION_CREATE, as long as the permission does not match a # reserved name. (Unless specifically granted.) allowed = False for creatable in can_create: if matches_glob(creatable, form.data["name"]): allowed = True for failure_message in test_reserved_names(form.data["name"]): form.name.errors.append(failure_message) if not allowed: form.name.errors.append("Permission name does not match any of your allowed patterns.") if form.name.errors: return self.render( "permission-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) try: permission = create_permission( self.session, form.data["name"], form.data["description"] ) self.session.flush() except IntegrityError: self.session.rollback() form.name.errors.append("Name already in use. Permissions must be unique.") return self.render( "permission-create.html", form=form, can_create=sorted(can_create), alerts=self.get_form_alerts(form.errors), ) self.session.commit() AuditLog.log( self.session, self.current_user.id, "create_permission", "Created permission.", on_permission_id=permission.id, ) # No explicit refresh because handler queries SQL. return self.redirect("/permissions/{}".format(permission.name))
def get(self, audited_only=False): offset = int(self.get_argument("offset", 0)) limit = int(self.get_argument("limit", 100)) audited_only = bool(int(self.get_argument("audited", 0))) if limit > 9000: limit = 9000 permissions = self.graph.get_permissions(audited=audited_only) total = len(permissions) permissions = permissions[offset:offset + limit] can_create = user_creatable_permissions(self.session, self.current_user) self.render( "permissions.html", permissions=permissions, offset=offset, limit=limit, total=total, can_create=can_create, audited_permissions=audited_only )
def get(self, audited_only=False): offset = int(self.get_argument("offset", 0)) limit = int(self.get_argument("limit", 100)) audited_only = bool(int(self.get_argument("audited", 0))) sort_key = self.get_argument("sort_by", "") sort_dir = self.get_argument("order", "") if limit > 9000: limit = 9000 sort_keys = { "name": lambda p: p.name, # round timestamps to the nearest minute so permissions created together will # show up alphabetically "date": lambda p: _round_timestamp(p.created_on), } if sort_key not in sort_keys: sort_key = "name" if sort_dir not in ("asc", "desc"): sort_dir = "asc" permissions = sorted(self.graph.get_permissions(audited=audited_only), key=sort_keys[sort_key], reverse=sort_dir == "desc") total = len(permissions) permissions = permissions[offset:offset + limit] can_create = user_creatable_permissions(self.session, self.current_user) self.render("permissions.html", permissions=permissions, offset=offset, limit=limit, total=total, can_create=can_create, audited_permissions=audited_only, sort_key=sort_key, sort_dir=sort_dir)
def get(self, audited_only=False): offset = int(self.get_argument("offset", 0)) limit = int(self.get_argument("limit", 100)) audited_only = bool(int(self.get_argument("audited", 0))) if limit > 9000: limit = 9000 permissions = self.graph.get_permissions(audited=audited_only) total = len(permissions) permissions = permissions[offset:offset + limit] can_create = user_creatable_permissions(self.session, self.current_user) self.render("permissions.html", permissions=permissions, offset=offset, limit=limit, total=total, can_create=can_create, audited_permissions=audited_only)