def load_all_key_permissions(org):
"""
Returns dict of all users with all their permissions for
the given org.
"""
rv = {}
for key in org.api_keys.filter(revoked=False):
kperms, perms = load_entity_permissions(org, key)
rv[key.prefix] = {
"prefix": key.prefix,
"perms": perms,
"name": key.name,
}
return rv
def key_permission_remove(request, **kwargs):
"""
Remove a keys permission.
entity = permission id
"""
org = kwargs.get("org")
prefix = request.POST.get("key_prefix")
key = OrganizationAPIKey.objects.get(prefix=prefix)
entity = request.POST.get("entity")
kperms, perms = load_entity_permissions(org, key)
if entity in perms:
del perms[entity]
save_key_permissions(org, key, perms)
return JsonResponse({"status": "ok"})
def key_permissions(request, **kwargs):
"""
Returns JsonResponse with list of key permissions for the targeted
org an entities under it.
Permisions are returned as a dict of permissioning ids and permission
levels.
Permissioning ids serve as a wrapper for actual permissioning namespaces
so they can be exposed to the organization admins for changes without allowing
them to set permissioning namespaces directly.
"""
org = kwargs.get("org")
perms_rv = {}
for key in org.api_keys.filter(revoked=False).all():
kperms, perms = load_entity_permissions(org, key)
perms_rv[key.prefix] = perms
return JsonResponse({"status": "ok", "key_permissions": perms_rv})
def key_permission_update(request, **kwargs):
"""
Update/Add a user's permission.
perms = permission level
entity = permission id
"""
org = kwargs.get("org")
prefix = request.POST.get("key_prefix")
key = OrganizationAPIKey.objects.get(prefix=prefix)
kperms, perms = load_entity_permissions(org, key)
form = OrgAdminUserPermissionForm(request.POST)
if not form.is_valid():
return JsonResponse(form.errors, status=400)
level = form.cleaned_data.get("perms")
entity = form.cleaned_data.get("entity")
perms[entity] = level
save_key_permissions(org, key, perms)
return JsonResponse({"status": "ok"})