def direct_perms_for_user(self, user, db_session=None):
"""
.. deprecated:: 0.8
:param user:
:param db_session:
:return:
"""
db_session = get_db_session(db_session, self)
return ResourceService.direct_perms_for_user(
self, user=user, db_session=db_session)
def test_owned_permissions(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
created_user.resources.append(resource)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"], db_session=db_session).all()
assert resources[0] == resource
permission = ResourceService.direct_perms_for_user(
resource, created_user)[0]
assert permission.owner is True
assert permission.allowed is True
assert permission.user.id == created_user.id
def get_user_service_permissions(user, service, request,
inherit_groups_permissions=True, resolve_groups_permissions=False):
# type: (models.User, models.Service, Request, bool, bool) -> List[PermissionSet]
if service.owner_user_id == user.id:
perm_type = PermissionType.OWNED
usr_svc_perms = service_factory(service, request).permissions
else:
if inherit_groups_permissions or resolve_groups_permissions:
perm_type = PermissionType.INHERITED
usr_svc_perms = ResourceService.perms_for_user(service, user, db_session=request.db)
else:
perm_type = PermissionType.DIRECT
usr_svc_perms = ResourceService.direct_perms_for_user(service, user, db_session=request.db)
return [PermissionSet(p, typ=perm_type) for p in usr_svc_perms]
def test_resources_with_direct_user_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
# test_perm1 from group perms should be ignored
perms = ResourceService.direct_perms_for_user(self.resource,
self.user,
db_session=db_session)
second = [
PermissionTuple(self.user, "foo_perm", "user", None, self.resource,
False, True),
PermissionTuple(self.user, "test_perm2", "user", None,
self.resource, False, True),
]
check_one_in_other(perms, second)
def test_resources_with_direct_user_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
# test_perm1 from group perms should be ignored
perms = ResourceService.direct_perms_for_user(
self.resource, self.user, db_session=db_session
)
second = [
PermissionTuple(
self.user, "foo_perm", "user", None, self.resource, False, True
),
PermissionTuple(
self.user, "test_perm2", "user", None, self.resource, False, True
),
]
check_one_in_other(perms, second)
def get_usr_res_perms():
perm_type = None
perm_unique = True
res_perm_list = []
if resource.owner_user_id == user.id:
# FIXME: no 'magpie.models.Resource.permissions' - ok for now because no owner handling...
perm_type = PermissionType.OWNED
res_perm_list = models.RESOURCE_TYPE_DICT[resource.type].permissions
else:
if effective_permissions:
svc = ru.get_resource_root_service_impl(resource, request)
res_perm_list = svc.effective_permissions(user, resource)
perm_type = PermissionType.EFFECTIVE
else:
if inherit_groups_permissions or resolve_groups_permissions:
perm_unique = resolve_groups_permissions # allow duplicates from distinct groups if not resolved
res_perm_list = ResourceService.perms_for_user(resource, user, db_session=db_session)
res_perm_list = regroup_permissions_by_resource(res_perm_list, resolve=resolve_groups_permissions)
res_perm_list = res_perm_list.get(resource.resource_id, [])
perm_type = PermissionType.INHERITED
else:
res_perm_list = ResourceService.direct_perms_for_user(resource, user, db_session=db_session)
perm_type = PermissionType.DIRECT
return format_permissions(res_perm_list, perm_type, force_unique=perm_unique)
def is_similar_permission():
perms_list = ResourceService.direct_perms_for_user(resource, user, db_session=db_session)
perms_list = [PermissionSet(perm) for perm in perms_list]
return [perm for perm in perms_list if perm.like(permission)]