def post(self, request): """ Add permissions to a resource Add new permissions for a existing group and resource object Args: request: Django rest framework request Returns: Http status code """ if 'permissions' not in request.data: return BossHTTPError("Permission are not included in the request", ErrorCodes.INVALID_URL) else: perm_list = dict(request.data)['permissions'] if 'group' not in request.data: return BossHTTPError("Group are not included in the request", ErrorCodes.INVALID_URL) if 'collection' not in request.data: return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes.INVALID_URL) group_name = request.data.get('group', None) collection = request.data.get('collection', None) experiment = request.data.get('experiment', None) channel = request.data.get('channel', None) try: # public group can only have read permission if group_name == 'public' and not (set(perm_list).issubset({'read', 'read_volumetric_data'})): return BossHTTPError("The public group can only have read permissions", ErrorCodes.INVALID_POST_ARGUMENT) # If the user is not a member or maintainer of the group, they cannot assign permissions if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('The user {} is not a member or maintainer of the group {} '. format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) resource_object = self.get_object(collection, experiment, channel) if resource_object is None: return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE) resource = resource_object[0] if request.user.has_perm("assign_group", resource): BossPermissionManager.add_permissions_group(group_name, resource, perm_list) return Response(status=status.HTTP_201_CREATED) else: return BossPermissionError('assign group', collection) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except Permission.DoesNotExist: return BossHTTPError("Invalid permissions in post".format(request.data['permissions']), ErrorCodes.UNRECOGNIZED_PERMISSION) except BossError as err: return err.to_http()
def patch(self, request): """ Patch permissions for a resource Remove specific permissions for a existing group and resource object Args: request: Django rest framework request Returns: Http status code """ if 'permissions' not in request.data: return BossHTTPError("Permission are not included in the request", ErrorCodes. UNABLE_TO_VALIDATE) else: perm_list = dict(request.data)['permissions'] if 'group' not in request.data: return BossHTTPError("Group are not included in the request", ErrorCodes. UNABLE_TO_VALIDATE) if 'collection' not in request.data: return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes. UNABLE_TO_VALIDATE) group_name = request.data.get('group', None) collection = request.data.get('collection', None) experiment = request.data.get('experiment', None) channel = request.data.get('channel', None) try: # public group can only have read permission if group_name == 'public' and (len(perm_list) != 1 or perm_list[0] != 'read'): return BossHTTPError("The public group can only have read permissions", ErrorCodes.INVALID_POST_ARGUMENT) # If the user is not a member or maintainer of the group, they cannot patch permissions if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('The user {} is not a member or maintainer of the group {} '. format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) resource_object = self.get_object(collection, experiment, channel) if resource_object is None: return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE) resource = resource_object[0] # remove all existing permission for the group if request.user.has_perm("remove_group", resource) and request.user.has_perm("assign_group", resource): BossPermissionManager.delete_all_permissions_group(group_name, resource) BossPermissionManager.add_permissions_group(group_name, resource, perm_list) return Response(status=status.HTTP_200_OK) else: return BossPermissionError('remove group', resource.name) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except Permission.DoesNotExist: return BossHTTPError("Invalid permissions in post".format(request.data['permissions']), ErrorCodes.UNRECOGNIZED_PERMISSION) except BossError as err: return err.to_http()
def delete(self, request): """ Delete permissions for a resource object Remove specific permissions for a existing group and resource object Args: request: Django rest framework request Returns: Http status code """ if 'group' not in request.query_params: return BossHTTPError("Group are not included in the request", ErrorCodes.INVALID_URL) if 'collection' not in request.query_params: return BossHTTPError( "Invalid resource or missing resource name in request", ErrorCodes.INVALID_URL) group_name = request.query_params.get('group', None) collection = request.query_params.get('collection', None) experiment = request.query_params.get('experiment', None) channel = request.query_params.get('channel', None) try: if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError( 'The user {} is not a member or maintainer of the group {} ' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) resource_object = self.get_object(collection, experiment, channel) if resource_object is None: return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE) if request.user.has_perm("remove_group", resource_object[0]): BossPermissionManager.delete_all_permissions_group( group_name, resource_object[0]) return Response(status=status.HTTP_204_NO_CONTENT) else: return BossPermissionError('remove group', resource_object[0].name) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except Permission.DoesNotExist: return BossHTTPError( "Invalid permissions in post".format( request.data['permissions']), ErrorCodes.UNRECOGNIZED_PERMISSION) except Exception as e: return BossHTTPError("{}".format(e), ErrorCodes.UNHANDLED_EXCEPTION) except BossError as err: return err.to_http()
def delete(self, request): """ Delete permissions for a resource object Remove specific permissions for a existing group and resource object Args: request: Django rest framework request Returns: Http status code """ if 'group' not in request.query_params: return BossHTTPError("Group are not included in the request", ErrorCodes.INVALID_URL) if 'collection' not in request.query_params: return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes.INVALID_URL) group_name = request.query_params.get('group', None) collection = request.query_params.get('collection', None) experiment = request.query_params.get('experiment', None) channel = request.query_params.get('channel', None) try: if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('The user {} is not a member or maintainer of the group {} '. format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) resource_object = self.get_object(collection, experiment, channel) if resource_object is None: return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE) if request.user.has_perm("remove_group", resource_object[0]): BossPermissionManager.delete_all_permissions_group(group_name, resource_object[0]) return Response(status=status.HTTP_204_NO_CONTENT) else: return BossPermissionError('remove group', resource_object[0].name) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except Permission.DoesNotExist: return BossHTTPError("Invalid permissions in post".format(request.data['permissions']), ErrorCodes.UNRECOGNIZED_PERMISSION) except Exception as e: return BossHTTPError("{}".format(e), ErrorCodes.UNHANDLED_EXCEPTION) except BossError as err: return err.to_http()
def get(self, request, group_name, user_name=None): """ Gets the maintianer status of a user for a group Args: request: Django rest framework request group_name: Group name from the request user_name: User name from the request Returns: bool : True if the user is a member of the group """ try: group = Group.objects.get(name=group_name) bgroup = BossGroup.objects.get(group=group) # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError( 'The user {} is not a member or maintainer of the group {} ' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) if user_name is None: # Return all maintainers for the group list_maintainers = get_users_with_perms(bgroup) maintainers = [user.username for user in list_maintainers] data = {"maintainers": maintainers} else: # Both group name and user name are specified. Return the maintainer status for the user usr = User.objects.get(username=user_name) status = usr.has_perm("maintain_group", bgroup) data = {"result": status} return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except User.DoesNotExist: return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None): """ Gets the maintianer status of a user for a group Args: request: Django rest framework request group_name: Group name from the request user_name: User name from the request Returns: bool : True if the user is a member of the group """ try: group = Group.objects.get(name=group_name) bgroup = BossGroup.objects.get(group=group) # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('The user {} is not a member or maintainer of the group {} ' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) if user_name is None: # Return all maintainers for the group list_maintainers = get_users_with_perms(bgroup) maintainers = [user.username for user in list_maintainers] data = {"maintainers": maintainers} else: # Both group name and user name are specified. Return the maintainer status for the user usr = User.objects.get(username=user_name) status = usr.has_perm("maintain_group", bgroup) data = {"result": status} return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except User.DoesNotExist: return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None): """ Gets the membership status of a user for a group Args: request: Django rest framework request group_name: Group name from the request user_name: User name from the request Returns: bool : True if the user is a member of the group """ try: group = Group.objects.get(name=group_name) # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError( 'The user {} is not a member or maintainer of the group {} ' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) if user_name is None: # Return all users for the group list_users = group.user_set.all().values_list('username', flat=True) list_users = [name for name in list_users] data = {"members": list_users} else: # Both group name and user name are specified. Return the membership status for the user usr = User.objects.get(username=user_name) status = group.user_set.filter(id=usr.id).exists() data = {"result": status} return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except User.DoesNotExist: return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None): """ Gets the membership status of a user for a group Args: request: Django rest framework request group_name: Group name from the request user_name: User name from the request Returns: bool : True if the user is a member of the group """ try: group = Group.objects.get(name=group_name) # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('The user {} is not a member or maintainer of the group {} ' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) if user_name is None: # Return all users for the group list_users = group.user_set.all().values_list('username', flat=True) list_users = [name for name in list_users] data = {"members": list_users} else: # Both group name and user name are specified. Return the membership status for the user usr = User.objects.get(username=user_name) status = group.user_set.filter(id=usr.id).exists() data = {"result": status} return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except User.DoesNotExist: return BossUserNotFoundError(user_name)
def get(self, request, group_name=None): """ Get all groups Args: request: Django rest framework request group_name: Group name from the request Returns: Group if the group exists """ if group_name is not None: try: # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError('Unauthorized. The user {} is not a member or maintainer of the group {}' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) group = Group.objects.get(name=group_name) bgroup = BossGroup.objects.get(group=group) data = {"name": group.name, "owner": bgroup.creator.username} resources = [] # get permission sets for models col_perms = [perm.codename for perm in get_perms_for_model(Collection)] exp_perms = [perm.codename for perm in get_perms_for_model(Experiment)] channel_perms = [perm.codename for perm in get_perms_for_model(Channel)] # get objects for the group col_list = get_objects_for_group(group, perms=col_perms, klass=Collection, any_perm=True) exp_list = get_objects_for_group(group, perms=exp_perms, klass=Experiment, any_perm=True) ch_list = get_objects_for_group(group, perms=channel_perms, klass=Channel, any_perm=True) for col in col_list: obj = {'collection': col.name} resources.append(obj) for exp in exp_list: obj = {'collection': exp.collection.name, 'experiment': exp.name} resources.append(obj) for ch in ch_list: obj = {'collection': ch.experiment.collection.name, 'experiment': ch.experiment.name, 'channel': ch.name} resources.append(obj) data['resources'] = resources return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except BossGroup.DoesNotExist: return BossHTTPError("The group {} is not configured correctly and does not have a creator. " "Contact an admin to update it".format(group_name), ErrorCodes.UNABLE_TO_VALIDATE) else: # Get all the groups that the logged in user is a member of list_member_groups = request.user.groups.values_list('name', flat=True) member_groups = [name for name in list_member_groups] # Get all groups that the user has maintainer permissions on group_perms = [perm.codename for perm in get_perms_for_model(BossGroup)] list_maintainer_groups = get_objects_for_user(request.user, group_perms, klass=BossGroup, any_perm=True) maintainer_groups = [bgroup.group.name for bgroup in list_maintainer_groups] if 'filter' in request.query_params and request.query_params['filter'] == 'member': data = {'groups': member_groups} return Response(data, status=200) elif 'filter' in request.query_params and request.query_params['filter'] == 'maintainer': data = {'groups': maintainer_groups} return Response(data, status=200) elif 'filter' not in request.query_params: all_groups = list(set(member_groups).union(maintainer_groups)) data = {'groups': all_groups} else: return BossHTTPError('Unrecogizes value {} in filter. Valid parameters are member or maintainer.', ErrorCodes.UNABLE_TO_VALIDATE) return Response(data, status=200)
def get(self, request, group_name=None): """ Get all groups Args: request: Django rest framework request group_name: Group name from the request Returns: Group if the group exists """ if group_name is not None: try: # Check for permissions. The logged in user has to be a member or group maintainer if not check_is_member_or_maintainer(request.user, group_name): return BossHTTPError( 'Unauthorized. The user {} is not a member or maintainer of the group {}' .format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION) group = Group.objects.get(name=group_name) bgroup = BossGroup.objects.get(group=group) data = {"name": group.name, "owner": bgroup.creator.username} resources = [] # get permission sets for models col_perms = [ perm.codename for perm in get_perms_for_model(Collection) ] exp_perms = [ perm.codename for perm in get_perms_for_model(Experiment) ] channel_perms = [ perm.codename for perm in get_perms_for_model(Channel) ] # get objects for the group col_list = get_objects_for_group(group, perms=col_perms, klass=Collection, any_perm=True) exp_list = get_objects_for_group(group, perms=exp_perms, klass=Experiment, any_perm=True) ch_list = get_objects_for_group(group, perms=channel_perms, klass=Channel, any_perm=True) for col in col_list: obj = {'collection': col.name} resources.append(obj) for exp in exp_list: obj = { 'collection': exp.collection.name, 'experiment': exp.name } resources.append(obj) for ch in ch_list: obj = { 'collection': ch.experiment.collection.name, 'experiment': ch.experiment.name, 'channel': ch.name } resources.append(obj) data['resources'] = resources return Response(data, status=200) except Group.DoesNotExist: return BossGroupNotFoundError(group_name) except BossGroup.DoesNotExist: return BossHTTPError( "The group {} is not configured correctly and does not have a creator. " "Contact an admin to update it".format(group_name), ErrorCodes.UNABLE_TO_VALIDATE) else: # Get all the groups that the logged in user is a member of list_member_groups = request.user.groups.values_list('name', flat=True) member_groups = [name for name in list_member_groups] # Get all groups that the user has maintainer permissions on group_perms = [ perm.codename for perm in get_perms_for_model(BossGroup) ] list_maintainer_groups = get_objects_for_user(request.user, group_perms, klass=BossGroup, any_perm=True) maintainer_groups = [ bgroup.group.name for bgroup in list_maintainer_groups ] if 'filter' in request.query_params and request.query_params[ 'filter'] == 'member': data = {'groups': member_groups} return Response(data, status=200) elif 'filter' in request.query_params and request.query_params[ 'filter'] == 'maintainer': data = {'groups': maintainer_groups} return Response(data, status=200) elif 'filter' not in request.query_params: all_groups = list(set(member_groups).union(maintainer_groups)) data = {'groups': all_groups} else: return BossHTTPError( 'Unrecogizes value {} in filter. Valid parameters are member or maintainer.', ErrorCodes.UNABLE_TO_VALIDATE) return Response(data, status=200)