def create_role(cls, data=None): if data is None: raise PermissionException(PermissionException.get_msg(10)) if data["name"] is None: raise PermissionException(PermissionException.get_msg(11)) db = cls._core.get_db() stmnt = "SELECT ROL_ID FROM ROLES WHERE ROL_NAME = ? ;" cur = db.query(cls._core,stmnt,(data["name"],)) res = cur.fetchonemap() if res is not None: raise PermissionException(PermissionException.get_msg(13, data["name"])) role_id = db.get_seq_next("ROL_GEN") role = Role(cls._core) role.set_id(role_id) role.set_name(data["name"]) role.store() if data.has_key("rights"): for permission in data["rights"]: if permission["granted"]: role.add_permission(permission["name"]) else: role.remove_permission(permission["name"]) role.store() return role
def assign_to(self,user): """ Assigns this role to a user """ sessionmanager = self._core.get_session_manager() session_user = sessionmanager.get_current_session_user() db = self._core.get_db() #check if sessionuser has role has_role = session_user.has_role(self) stmnt = "SELECT COUNT(URI_RIG_ID) AS CNT FROM USERRIGHTS WHERE URI_RIG_ID IN \ (SELECT RRI_RIG_ID FROM ROLERIGHTS WHERE RRI_ROL_ID = ? ) ;" cur = db.query(self._core,stmnt,(self._id,)) res = cur.fetchone()[0] has_all_permissions_of_role = res == len(self.get_permissions()) if not has_role and not has_all_permissions_of_role: raise PermissionException(PermissionException.get_msg(7)) for role in user.get_grantable_roles(): if role["name"] == self._name: stmnt = "UPDATE OR INSERT INTO USERROLES (URO_USR_ID, URO_ROL_ID) \ VALUES (?,?) MATCHING (URO_USR_ID, URO_ROL_ID) ;"; db.query(self._core,stmnt, (user.get_id(),self._id),commit=True) self._core.get_poke_manager().add_activity(ActivityType.USER) return raise PermissionException(PermissionException.get_msg(8))
def store(self): """ Stores the current state of the role into the database """ if self._id is None: raise PermissionException(PermissionException.get_msg(0)) if self._name == "": raise PermissionException(PermissionException.get_msg(1)) db = Database() stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;" db.query(stmnt,(self._id,self._name),commit=True) PokeManager.add_activity(ActivityType.ROLE)
def check_permission(cls, permission, user): """ checks whether a user has a specific permission """ if user.__class__.__name__ == "User": user_id = user.get_id() elif type(user) != int: raise PermissionException(PermissionException.get_msg(9)) db = cls._core.get_db() stmnt = "select 1 as RESULT from RDB$DATABASE where CAST( ? AS VARCHAR(64)) in(select rig_name \ from USERROLES \ left join ROLES \ on rol_id = uro_rol_id \ left join ROLERIGHTS \ on rri_rol_id = rol_id \ left join RIGHTS \ on rig_id = rri_rig_id \ where uro_usr_id = ? \ union \ select rig_name \ from USERRIGHTS \ left join RIGHTS \ on rig_id = uri_rig_id \ where uri_usr_id = ?) ; " \ cur = db.query(cls._core,stmnt,(permission,user_id,user_id)) res = cur.fetchone() if res is None: return False res = res[0] return res == 1
def store(self): """ Stores the current state of the role into the database """ sessionmanager = self._core.get_session_manager() if self._id is None: raise PermissionException(PermissionException.get_msg(0)) if self._name == "": raise PermissionException(PermissionException.get_msg(1)) db = self._core.get_db() stmnt = "UPDATE OR INSERT INTO ROLES (ROL_ID, ROL_NAME) VALUES (?,?) MATCHING (ROL_ID) ;" db.query(self._core,stmnt,(self._id,self._name),commit=True) self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def remove_permission(self, permission): """ removes a given permission from this role """ session_user = Session.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = Database() stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); " db.query(stmnt,(self._id,permission),commit=True) PokeManager.add_activity(ActivityType.ROLE)
def get_role(cls, role_id): """ Get a role from the database by a given roleId. returns a role object """ db = cls._core.get_db() stmnt = "SELECT ROL_ID, ROL_NAME FROM ROLES WHERE ROL_ID = ? ;" cur = db.query(cls._core,stmnt,(role_id,)) res = cur.fetchonemap() if res is None: raise PermissionException(PermissionException.get_msg(14, role_id)) role = Role(cls._core) role.set_id(res["ROL_ID"]) role.set_name(res["ROL_NAME"]) return role
def remove_permission(self, permission): """ removes a given permission from this role """ sessionmanager = self._core.get_session_manager() session_user = sessionmanager.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = self._core.get_db() stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); " db.query(self._core,stmnt,(self._id,permission),commit=True) self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def add_permission(self, permission): """ adds a given permission to this role """ session_user = Session.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = Database() stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \ VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \ MATCHING (RRI_ROL_ID, RRI_RIG_ID);"; db.query(stmnt,(self._id, permission),commit=True) PokeManager.add_activity(ActivityType.ROLE)
def add_permission(self, permission): """ adds a given permission to this role """ sessionmanager = self._core.get_session_manager() session_user = sessionmanager.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = self._core.get_db() stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \ VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \ MATCHING (RRI_ROL_ID, RRI_RIG_ID);"; db.query(self._core,stmnt,(self._id, permission),commit=True) self._core.get_poke_manager().add_activity(ActivityType.ROLE)
def get_permissions_for_user(cls, user): """ Returns all permissions of the given user as a list of strings """ if user.__class__.__name__ == "User": user_id = user.get_id() elif type(user) != int: raise PermissionException(PermissionException.get_msg(9)) db = cls._core.get_db() stmnt = "SELECT RIG_NAME \ FROM USERRIGHTS \ INNER JOIN RIGHTS ON RIG_ID = URI_RIG_ID \ WHERE URI_USR_ID = ? \ UNION SELECT RIG_NAME \ FROM USERROLES \ INNER JOIN ROLERIGHTS ON URO_ROL_ID = RRI_ROL_ID \ INNER JOIN RIGHTS ON RRI_RIG_ID = RIG_ID \ WHERE URO_USR_ID = ?;" cur = db.query(cls._core, stmnt, (user.get_id(),user.get_id())) res = cur.fetchall() return [row[0] for row in res]
def tortilla(*args,**kwargs): current_user = Session.get_current_session_user() if not cls.check_permission(permission, current_user): raise PermissionException(PermissionException.get_msg(15, info=permission)) func(*args, **kwargs)