def get(self, group_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
try:
list_params = schemas.GroupPolicyListSchema().load(request.args)
except marshmallow.ValidationError as e:
raise exceptions.InvalidListParamException(e.messages)
policies = self.group_service.list_policies(
group_uuid,
tenant_uuids=tenant_uuids,
**list_params,
)
total = self.group_service.count_policies(
group_uuid,
filtered=False,
**list_params,
)
filtered = self.group_service.count_policies(
group_uuid,
filtered=True,
**list_params,
)
return (
{
'items': policy_full_schema.dump(policies, many=True),
'total': total,
'filtered': filtered,
},
200,
)
def _delete(self, group_uuid, policy_uuid, tenant_uuids):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
# FIXME(fblackburn): Dissociation should be done on the same tenant
# self.policy_service.assert_policy_in_subtenant(tenant_uuids, policy_uuid)
self.group_service.remove_policy(group_uuid, policy_uuid)
return '', 204
def delete(self, group_uuid, user_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
logger.debug('disassociating group %s user %s', group_uuid, user_uuid)
self.group_service.remove_user(group_uuid, user_uuid)
return '', 204
def put(self, group_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
try:
body = schemas.GroupRequestSchema().load(request.get_json())
except marshmallow.ValidationError as e:
raise exceptions.GroupParamException.from_errors(e.messages)
body['tenant_uuids'] = tenant_uuids
group = self.group_service.update(group_uuid, **body)
return group, 200
def put(self, group_uuid, user_uuid):
scoping_tenant = Tenant.autodetect()
tenant_uuids = get_tenant_uuids(recurse=True)
self.user_service.assert_user_in_subtenant(scoping_tenant.uuid,
user_uuid)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
logger.debug('associating group %s user %s', group_uuid, user_uuid)
self.group_service.add_user(group_uuid, user_uuid)
return '', 204
def get(self):
try:
list_params = schemas.PolicyListSchema().load(request.args)
except marshmallow.ValidationError as e:
raise exceptions.InvalidListParamException(e.messages)
recurse = list_params.pop('recurse')
tenant_uuids = get_tenant_uuids(recurse=recurse)
policies = self.policy_service.list(tenant_uuids=tenant_uuids,
**list_params)
total = self.policy_service.count(tenant_uuids=tenant_uuids,
**list_params)
items = policy_full_schema.dump(policies, many=True)
return {'items': items, 'total': total}, 200
def _put(self, group_uuid, policy_uuid, tenant_uuids):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.assert_group_in_subtenant(tenant_uuids, group_uuid)
# FIXME(fblackburn): Association should be done on the same tenant
# self.policy_service.assert_policy_in_subtenant(tenant_uuids, policy_uuid)
token = Token.from_headers()
access_check = AccessCheck(token.auth_id, token.session_uuid,
token.acl)
policy = self.policy_service.get(policy_uuid, tenant_uuids)
for access in policy.acl:
if not access_check.matches_required_access(access):
raise Unauthorized(token.token, required_access=access)
self.group_service.add_policy(group_uuid, policy_uuid)
return '', 204
def get(self):
try:
list_params = schemas.GroupListSchema().load(request.args)
except marshmallow.ValidationError as e:
raise exceptions.InvalidListParamException(e.messages)
recurse = list_params.pop('recurse')
tenant_uuids = get_tenant_uuids(recurse=recurse)
groups = self.group_service.list_(tenant_uuids=tenant_uuids,
**list_params)
total = self.group_service.count(
tenant_uuids=tenant_uuids,
filtered=False,
**list_params,
)
filtered = self.group_service.count(
tenant_uuids=tenant_uuids,
filtered=True,
**list_params,
)
response = {'filtered': filtered, 'total': total, 'items': groups}
return response, 200
def delete(self, user_uuid, policy_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
return super()._delete(user_uuid, policy_uuid, tenant_uuids)
def get(self, group_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
return self.group_service.get(group_uuid, tenant_uuids)
def delete(self, group_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
self.group_service.delete(group_uuid, tenant_uuids)
return '', 204
def get(self, policy_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
return super()._get(policy_uuid, tenant_uuids)
def put(self, policy_uuid, access):
tenant_uuids = get_tenant_uuids(recurse=True)
return super()._put(policy_uuid, access, tenant_uuids)
def delete(self, policy_uuid, access):
tenant_uuids = get_tenant_uuids(recurse=True)
return super()._delete(policy_uuid, access, tenant_uuids)
def put(self, user_uuid, policy_uuid):
tenant_uuids = get_tenant_uuids(recurse=True)
return super()._put(user_uuid, policy_uuid, tenant_uuids)
def put(self, user_uuid, policy_slug):
tenant_uuids = get_tenant_uuids(recurse=False)
policy = self.policy_service.get_by_slug(policy_slug, tenant_uuids)
return super()._put(user_uuid, policy.uuid, tenant_uuids)
def delete(self, group_uuid, policy_slug):
tenant_uuids = get_tenant_uuids(recurse=False)
policy = self.policy_service.get_by_slug(policy_slug, tenant_uuids)
return super()._delete(group_uuid, policy.uuid, tenant_uuids)
