def add_default_role(
role_name,
resource_type,
apply_to_unregistered,
resource_name=None,
session=None,
flush=True,
commit=True,
):
session = session or get_db_adapter().session
(role, resource_type,
resource) = try_get_role_and_resource(role_name, resource_type,
resource_name)
resource_id = resource.id if resource else None
entity = try_get_default_role(role.id, resource_id, apply_to_unregistered)
exists = False
if not entity:
exists = True
entity = DefaultRoles(
role_id=role.id,
resource_id=resource_id,
apply_to_unregistered=apply_to_unregistered,
)
add_entity(session, entity, flush, commit)
return (entity, exists)
def update_group_roles(
group, new_roles, resource=None, session=None, flush=True, commit=True
):
session = session or get_db_adapter().session
new_role_entities = []
roles = list_roles_for_resource(group, resource) if resource else group.roles
for role in roles:
session.delete(role)
for role in new_roles:
role_name = role['role_name']
resource_type = role['resource_type']
resource_name = resource.name if resource else role.get('resource_name')
# Do not flush or commit these changes. We want to perform the update in a transacted
# fashion.
(result, _) = add_group_role(
group,
role_name,
resource_type,
resource_name,
session,
flush=False,
commit=False,
)
new_role_entities.append(result)
if flush:
session.flush()
if commit:
session.commit()
return new_role_entities
def update_resource_roles(resource,
user_roles=None,
group_roles=None,
default_roles=None):
db_adapter = get_db_adapter()
session = db_adapter.session
add_roles = True
existing_roles = get_current_resource_roles(resource)
user_roles, group_roles = _mark_existing_roles_for_deletion(
existing_roles, user_roles, group_roles)
undefined_users = _update_user_roles(resource, user_roles, session)
add_roles = len(undefined_users) == 0
undefined_groups = _update_group_roles(resource, group_roles, session,
add_roles)
add_roles = add_roles and len(undefined_groups) == 0
_update_default_roles(resource, default_roles, session, add_roles)
if add_roles:
new_roles = {}
new_roles['userRoles'] = (user_roles if user_roles != None else
existing_roles['userRoles'])
new_roles['groupRoles'] = (group_roles if group_roles != None else
existing_roles['groupRoles'])
new_roles['defaultRoles'] = (default_roles if default_roles != None
else existing_roles['defaultRoles'])
before_roles_update.send(resource,
existing_roles=existing_roles,
new_roles=new_roles)
session.commit()
after_roles_update.send(resource,
existing_roles=existing_roles,
new_roles=new_roles)
return (existing_roles, new_roles)
session.rollback()
errors = [{
'fields': ['username'],
'message': ['User with username \'%s\' cannot be found. ' % username],
} for username in undefined_users]
errors.extend([{
'fields': ['name'],
'message': ['Group with name \'%s\' cannot be found. ' % group_name],
} for group_name in undefined_groups])
raise NotFound({
'message':
'Certain user(s) and group(s) could not be found. See the \'errors\' section.',
'errors': errors,
})
def _populate_configuration_table(session=None):
'''Populates the `configuration` table of the SQL Database with the default values from the
in-memory configuration store.
'''
session = session or get_db_adapter().session
LOG.debug('Populating configuration store with default values. ')
default_value_errors = []
with Transaction(get_session=lambda: session) as transaction:
for key in CONFIGURATION_KEYS:
entity = transaction.find_one_by_fields(Configuration, True,
{'key': key})
value = _DEFAULT_CONFIGURATION_STORE[key]['value']
try:
assert_valid_configuration(key, value)
# We intentionally want to catch all exceptions
# pylint:disable=W0703
except Exception as e:
default_value_errors.append(e)
LOG.error(
'Encountered an error when attempting to update default value for key \'%s\'. '
'Default value was \'%s\'. Error was \'%s\'. ',
key,
value,
e,
)
if not entity:
LOG.debug(
'Configuration for \'%s\' did not exist in database, adding it.',
key,
)
new_entity = Configuration(key=key,
overwritten_value=None,
overwritten=False)
transaction.add_or_update(new_entity, flush=True)
LOG.debug('Added configuration entry for \'%s\'.', key)
else:
LOG.debug(
'Configuration for \'%s\' already exists in database, skipping it.',
key,
)
if default_value_errors:
raise ValueError(
'Default configurations were not valid. Details as follows: %s' %
str(default_value_errors))
def delete_group_user(group, username, session=None, flush=True, commit=True):
session = session or get_db_adapter().session
user = try_get_user(username)
if not user:
raise ItemNotFound('user', {'username': username})
entity = try_get_group_user(group.id, user.id)
exists = False
if entity:
exists = True
delete_entity(session, entity, flush, commit)
return (user, exists)
def update_group_roles_from_map(
group, role_mapping, session=None, flush=True, commit=True
):
session = session or get_db_adapter().session
new_role_entities = []
roles = group.roles
for role in roles:
session.delete(role)
for resource_type in list(role_mapping.keys()):
resource_to_roles = role_mapping[resource_type]['resources']
sitewide_roles = role_mapping[resource_type]['sitewideRoles']
# Add all sitewide roles for the current resource type
for role_name in sitewide_roles:
(result, _) = add_group_role(
group,
role_name,
resource_type,
None,
session,
flush=False,
commit=False,
)
new_role_entities.append(result)
# Add all resource specific roles for the current resource type
for resource_name, role_names in list(resource_to_roles.items()):
for role_name in role_names:
(result, _) = add_group_role(
group,
role_name,
resource_type,
resource_name,
session,
flush=False,
commit=False,
)
new_role_entities.append(result)
if flush:
session.flush()
if commit:
session.commit()
return new_role_entities
def delete_group_role(
group,
role_name,
resource_type,
resource_name,
session=None,
flush=True,
commit=True,
):
session = session or get_db_adapter().session
(role, resource_type, resource) = try_get_role_and_resource(
role_name, resource_type, resource_name
)
resource_id = resource.id if resource else None
entity = try_get_group_role(group.id, role.id, resource_id)
exists = False
if entity:
exists = True
delete_entity(session, entity, flush, commit)
return (entity, exists)
def update_default_roles(new_roles,
resource=None,
session=None,
flush=True,
commit=True):
session = session or get_db_adapter().session
new_role_entities = []
roles = list_roles_for_resource(
resource) if resource else list_default_roles()
for role in roles:
session.delete(role)
for role in new_roles:
role_name = role['role_name']
resource_type = role['resource_type']
resource_name = resource.name if resource else role.get(
'resource_name')
apply_to_unregistered = role['apply_to_unregistered']
# Do not flush or commit these changes. We want to perform the update in a transacted
# fashion.
(result, _) = add_default_role(
role_name,
resource_type,
apply_to_unregistered,
resource_name,
session,
flush,
commit,
)
new_role_entities.append(result)
if flush:
session.flush()
if commit:
session.commit()
return new_role_entities
def update_group_users(group, new_users, session=None, flush=True, commit=True):
session = session or get_db_adapter().session
updated_users = []
group_user_relations = list_group_users(group)
for group_user in group_user_relations:
session.delete(group_user)
for username in new_users:
# Do not flush or commit these changes. We want to perform the update in a transacted
# fashion.
(result, _) = add_group_user(
group, username, session, flush=False, commit=False
)
updated_users.append(result)
if flush:
session.flush()
if commit:
session.commit()
return updated_users