def create_default_permissions(self, user): """ Creates only missing default permissions for user :param user: """ user = self._get_user(user) def _make_perm(perm): new_perm = UserToPerm() new_perm.user = user new_perm.permission = Permission.get_by_key(perm) return new_perm def _get_group(perm_name): return '.'.join(perm_name.split('.')[:1]) perms = UserToPerm.query().filter(UserToPerm.user == user).all() defined_perms_groups = map(_get_group, (x.permission.permission_name for x in perms)) log.debug('GOT ALREADY DEFINED:%s' % perms) DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS # for every default permission that needs to be created, we check if # it's group is already defined, if it's not we create default perm for perm_name in DEFAULT_PERMS: gr = _get_group(perm_name) if gr not in defined_perms_groups: log.debug('GR:%s not found, creating permission %s' % (gr, perm_name)) new_perm = _make_perm(perm_name) self.sa.add(new_perm)
def _test_def_perm_equal(self, user, change_factor=0): perms = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() self.assertEqual(len(perms), len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor, msg=perms)
def _test_def_perm_equal(self, user, change_factor=0): perms = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() self.assertEqual(len(perms), len(Permission.DEFAULT_USER_PERMISSIONS, ) + change_factor, msg=perms)
def has_perm(self, user, perm): perm = self._get_perm(perm) user = self._get_user(user) return ( UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() is not None )
def has_perm(self, user, perm): if not isinstance(perm, Permission): raise Exception('perm needs to be an instance of Permission class ' 'got %s instead' % type(perm)) user = self.__get_user(user) return UserToPerm.query().filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm).scalar() is not None
def _test_def_user_perm_equal(self, user, change_factor=0, compare_keys=None): perms = UserToPerm.query().filter(UserToPerm.user == user).all() assert len(perms) == \ len(Permission.DEFAULT_USER_PERMISSIONS) + change_factor if compare_keys: assert set(x.permissions.permission_name for x in perms) == compare_keys
def create_default_user_permissions(self, user, force=False): """ Creates only missing default permissions for user, if force is set it resets the default permissions for that user :param user: :param force: """ user = self._get_user(user) obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all() return self._create_default_object_permission('user', user, obj_perms, force)
def test_set_default_permissions_after_one_is_missing(self): PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1) # now we delete one, it should be re-created after another call perms = UserToPerm.query().filter(UserToPerm.user == self.u1).all() Session().delete(perms[0]) Session().commit() self._test_def_user_perm_equal(user=self.u1, change_factor=-1) # create missing one ! PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1)
def revoke_perm(self, user, perm): """ Revoke users global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) obj = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() if obj: self.sa.delete(obj)
def create_default_user_group_permissions(self, user_group, force=False): """ Creates only missing default permissions for user group, if force is set it resets the default permissions for that user group :param user_group: :param force: """ user_group = self._get_user_group(user_group) obj_perms = UserToPerm.query().filter( UserGroupToPerm.users_group == user_group).all() return self._create_default_object_permission('user_group', user_group, obj_perms, force)
def test_set_default_permissions_after_one_is_missing(self): PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1) #now we delete one, it should be re-created after another call perms = UserToPerm.query()\ .filter(UserToPerm.user == self.u1)\ .all() Session().delete(perms[0]) Session().commit() self._test_def_perm_equal(user=self.u1, change_factor=-1) #create missing one ! PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1)
def revoke_perm(self, user, perm): """ Revoke users global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) obj = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm)\ .scalar() if obj: self.sa.delete(obj)
def grant_perm(self, user, perm): """ Grant user global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) # if this permission is already granted skip it _perm = UserToPerm.query().filter(UserToPerm.user == user).filter(UserToPerm.permission == perm).scalar() if _perm: return new = UserToPerm() new.user = user new.permission = perm self.sa.add(new)
def test_set_default_permissions_after_modification(self, perm, modify_to): PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1) old = Permission.get_by_key(perm) new = Permission.get_by_key(modify_to) assert old is not None assert new is not None # now modify permissions p = UserToPerm.query().filter(UserToPerm.user == self.u1).filter( UserToPerm.permission == old).one() p.permission = new Session().add(p) Session().commit() PermissionModel().create_default_user_permissions(user=self.u1) self._test_def_user_perm_equal(user=self.u1)
def reset_permissions(self, username): """ Resets permissions to default state, useful when old systems had bad permissions, we must clean them up :param username: """ default_user = User.get_by_username(username) if not default_user: return u2p = UserToPerm.query()\ .filter(UserToPerm.user == default_user).all() fixed = False if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS): for p in u2p: Session().delete(p) fixed = True self.populate_default_permissions() return fixed
def grant_perm(self, user, perm): """ Grant user global permissions :param user: :param perm: """ user = self._get_user(user) perm = self._get_perm(perm) # if this permission is already granted skip it _perm = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm)\ .scalar() if _perm: return new = UserToPerm() new.user = user new.permission = perm self.sa.add(new)
def test_set_default_permissions_after_modification(self, perm, modify_to): PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1) old = Permission.get_by_key(perm) new = Permission.get_by_key(modify_to) self.assertNotEqual(old, None) self.assertNotEqual(new, None) #now modify permissions p = UserToPerm.query()\ .filter(UserToPerm.user == self.u1)\ .filter(UserToPerm.permission == old)\ .one() p.permission = new Session().add(p) Session().commit() PermissionModel().create_default_permissions(user=self.u1) self._test_def_perm_equal(user=self.u1)
def populate_default_permissions(self): log.info("creating default user permissions") default_user = User.get_by_username("default") for def_perm in User.DEFAULT_PERMISSIONS: perm = self.sa.query(Permission).filter(Permission.permission_name == def_perm).scalar() if not perm: raise Exception("CRITICAL: permission %s not found inside database !!" % def_perm) if ( not UserToPerm.query() .filter(UserToPerm.permission == perm) .filter(UserToPerm.user == default_user) .scalar() ): reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = perm self.sa.add(reg_perm)
def reset_permissions(self, username): """ Resets permissions to default state, usefull when old systems had bad permissions, we must clean them up :param username: :type username: """ default_user = User.get_by_username(username) if not default_user: return u2p = UserToPerm.query().filter(UserToPerm.user == default_user).all() fixed = False if len(u2p) != len(User.DEFAULT_PERMISSIONS): for p in u2p: Session().delete(p) fixed = True self.populate_default_permissions() return fixed
def populate_default_permissions(self): log.info('creating default user permissions') default_user = User.get_by_username('default') for def_perm in User.DEFAULT_PERMISSIONS: perm = self.sa.query(Permission)\ .filter(Permission.permission_name == def_perm)\ .scalar() if not perm: raise Exception( 'CRITICAL: permission %s not found inside database !!' % def_perm ) if not UserToPerm.query()\ .filter(UserToPerm.permission == perm)\ .filter(UserToPerm.user == default_user).scalar(): reg_perm = UserToPerm() reg_perm.user = default_user reg_perm.permission = perm self.sa.add(reg_perm)
def update_perm(self, id): """PUT /users_perm/id: Update an existing item""" # url('user_perm', id=ID, method='put') user = User.get_or_404(id) try: form = CustomDefaultPermissionsForm()() form_result = form.to_python(request.POST) inherit_perms = form_result['inherit_default_permissions'] user.inherit_default_permissions = inherit_perms Session().add(user) user_model = UserModel() defs = UserToPerm.query()\ .filter(UserToPerm.user == user)\ .all() for ug in defs: Session().delete(ug) if form_result['create_repo_perm']: user_model.grant_perm(id, 'hg.create.repository') else: user_model.grant_perm(id, 'hg.create.none') if form_result['create_user_group_perm']: user_model.grant_perm(id, 'hg.usergroup.create.true') else: user_model.grant_perm(id, 'hg.usergroup.create.false') if form_result['fork_repo_perm']: user_model.grant_perm(id, 'hg.fork.repository') else: user_model.grant_perm(id, 'hg.fork.none') h.flash(_("Updated permissions"), category='success') Session().commit() except Exception: log.error(traceback.format_exc()) h.flash(_('An error occurred during permissions saving'), category='error') return redirect(url('edit_user', id=id))
def has_perm(self, user, perm): perm = self._get_perm(perm) user = self._get_user(user) return UserToPerm.query().filter(UserToPerm.user == user)\ .filter(UserToPerm.permission == perm).scalar() is not None