Esempio n. 1
0
def update_neighborhood_acl(neighborhood_doc, init_doc):
    '''Convert nbhd admins users to --init-- project admins'''
    if options.test: log.info('Update nbhd %s', neighborhood_doc['name'])
    if 'acl' not in neighborhood_doc:
        log.warning('Neighborhood %s already updated', neighborhood_doc['name'])
        return
    p = Object(init_doc)
    p.root_project=p
    r_anon = _project_role(init_doc['_id'], '*anonymous')
    r_auth = _project_role(init_doc['_id'], '*authenticated')
    r_admin = _project_role(init_doc['_id'], 'Admin')
    acl = neighborhood_doc['acl']
    new_acl = list(init_doc['acl'])
    assert acl['read'] == [None] # nbhd should be public
    for uid in acl['admin'] + acl['moderate']:
        u = c_user.find(dict(_id=uid)).next()
        if options.test:
            log.info('... grant nbhd admin to: %s', u['username'])
            continue
        role =  _project_role(init_doc['_id'], user_id=uid)
        if r_admin['_id'] not in role['roles']:
            role['roles'].append(r_admin['_id'])
            c_project_role.save(role)
    _grant(new_acl, 'read', r_anon['_id'])
    _grant(new_acl, 'admin', r_admin['_id'])
    _grant(new_acl, 'register', r_admin['_id'])
    if acl['create'] == [ ]:
        if options.test: log.info('grant register to auth')
        _grant(new_acl, 'register', r_auth['_id'])
    del neighborhood_doc['acl']
    if options.test:
        log.info('--- new init acl:\n%s\n%s\n---',
                 pformat(_format_acd(init_doc['acl'])),
                 pformat(map(_format_ace, new_acl)))
    init_doc['acl'] = new_acl
Esempio n. 2
0
def update_neighborhood_acl(neighborhood_doc, init_doc):
    '''Convert nbhd admins users to --init-- project admins'''
    if options.test:
        log.info('Update nbhd %s', neighborhood_doc['name'])
    if 'acl' not in neighborhood_doc:
        log.warning('Neighborhood %s already updated',
                    neighborhood_doc['name'])
        return
    p = Object(init_doc)
    p.root_project = p
    r_anon = _project_role(init_doc['_id'], '*anonymous')
    r_auth = _project_role(init_doc['_id'], '*authenticated')
    r_admin = _project_role(init_doc['_id'], 'Admin')
    acl = neighborhood_doc['acl']
    new_acl = list(init_doc['acl'])
    assert acl['read'] == [None]  # nbhd should be public
    for uid in acl['admin'] + acl['moderate']:
        u = c_user.find(dict(_id=uid)).next()
        if options.test:
            log.info('... grant nbhd admin to: %s', u['username'])
            continue
        role = _project_role(init_doc['_id'], user_id=uid)
        if r_admin['_id'] not in role['roles']:
            role['roles'].append(r_admin['_id'])
            c_project_role.save(role)
    _grant(new_acl, 'read', r_anon['_id'])
    _grant(new_acl, 'admin', r_admin['_id'])
    _grant(new_acl, 'register', r_admin['_id'])
    if acl['create'] == []:
        if options.test:
            log.info('grant register to auth')
        _grant(new_acl, 'register', r_auth['_id'])
    del neighborhood_doc['acl']
    if options.test:
        log.info('--- new init acl:\n%s\n%s\n---',
                 pformat(_format_acd(init_doc['acl'])),
                 pformat(map(_format_ace, new_acl)))
    init_doc['acl'] = new_acl