def update_neighborhood_acl(neighborhood_doc, init_doc): '''Convert nbhd admins users to --init-- project admins''' if options.test: log.info('Update nbhd %s', neighborhood_doc['name']) if 'acl' not in neighborhood_doc: log.warning('Neighborhood %s already updated', neighborhood_doc['name']) return p = Object(init_doc) p.root_project=p r_anon = _project_role(init_doc['_id'], '*anonymous') r_auth = _project_role(init_doc['_id'], '*authenticated') r_admin = _project_role(init_doc['_id'], 'Admin') acl = neighborhood_doc['acl'] new_acl = list(init_doc['acl']) assert acl['read'] == [None] # nbhd should be public for uid in acl['admin'] + acl['moderate']: u = c_user.find(dict(_id=uid)).next() if options.test: log.info('... grant nbhd admin to: %s', u['username']) continue role = _project_role(init_doc['_id'], user_id=uid) if r_admin['_id'] not in role['roles']: role['roles'].append(r_admin['_id']) c_project_role.save(role) _grant(new_acl, 'read', r_anon['_id']) _grant(new_acl, 'admin', r_admin['_id']) _grant(new_acl, 'register', r_admin['_id']) if acl['create'] == [ ]: if options.test: log.info('grant register to auth') _grant(new_acl, 'register', r_auth['_id']) del neighborhood_doc['acl'] if options.test: log.info('--- new init acl:\n%s\n%s\n---', pformat(_format_acd(init_doc['acl'])), pformat(map(_format_ace, new_acl))) init_doc['acl'] = new_acl
def update_neighborhood_acl(neighborhood_doc, init_doc): '''Convert nbhd admins users to --init-- project admins''' if options.test: log.info('Update nbhd %s', neighborhood_doc['name']) if 'acl' not in neighborhood_doc: log.warning('Neighborhood %s already updated', neighborhood_doc['name']) return p = Object(init_doc) p.root_project = p r_anon = _project_role(init_doc['_id'], '*anonymous') r_auth = _project_role(init_doc['_id'], '*authenticated') r_admin = _project_role(init_doc['_id'], 'Admin') acl = neighborhood_doc['acl'] new_acl = list(init_doc['acl']) assert acl['read'] == [None] # nbhd should be public for uid in acl['admin'] + acl['moderate']: u = c_user.find(dict(_id=uid)).next() if options.test: log.info('... grant nbhd admin to: %s', u['username']) continue role = _project_role(init_doc['_id'], user_id=uid) if r_admin['_id'] not in role['roles']: role['roles'].append(r_admin['_id']) c_project_role.save(role) _grant(new_acl, 'read', r_anon['_id']) _grant(new_acl, 'admin', r_admin['_id']) _grant(new_acl, 'register', r_admin['_id']) if acl['create'] == []: if options.test: log.info('grant register to auth') _grant(new_acl, 'register', r_auth['_id']) del neighborhood_doc['acl'] if options.test: log.info('--- new init acl:\n%s\n%s\n---', pformat(_format_acd(init_doc['acl'])), pformat(map(_format_ace, new_acl))) init_doc['acl'] = new_acl