def permissions(self, store: BaseAccessStore): return get_all( store=store, principal=self.principal, principal_type=self.principal_type, granted_type="permission", )
def groups(self, store: BaseAccessStore): return get_all( store=store, principal=self.principal, principal_type=self.principal_type, granted_type="group", )
def users(self, store: BaseAccessStore): return get_all( store=store, principal_type=user, granted=self.granted, granted_type=self.granted_type, )
def permissions(store: BaseAccessStore, name: str) -> list: """ get all the permissions to which the group has access first, get all the groups that it can access then, get the list of permissions those granted collectively to those groups """ this_group_permissions = get_all( store, Args(name, "group", granted_type="permission")) groups = inherits(store, name) permissions = [] for gname in groups: gpermissions = get_all(store, Args(gname, "group", granted_type="permission")) permissions.extend(gpermissions) permissions = list(set([*permissions, *this_group_permissions])) return permissions
def permissions(store: BaseAccessStore, user_id: str) -> list: """ get all the direct and indirect user-permission relationships for this user first, get the relationships in which a group is granted to this user follow the group inheritance chain to get all the associated group-group relationships then, combine the user's direct permissions with each group's granted permissions return that combined list """ user_permissions = get_all( store, Args(user_id, "user", granted_type="permission")) user_groups = get_all(store, Args(user_id, "user", granted_type="group")) group_permissions = [] for gname in user_groups: this_group_permissions = get_all( store, Args(gname, "group", granted_type="permission")) group_permissions.extend(this_group_permissions) all_user_permissions = list(set([*user_permissions, *group_permissions])) return all_user_permissions
def groups(store: BaseAccessStore, user_id: str) -> list: """get all the user-group relationships""" args = Args(principal=user_id, principal_type="user", granted_type="group") this_user_groups = get_all(store, args) # recursively follow each group's inheritance trail # add each group's trail to the user's list of groups for gname in this_user_groups: this_group_inherits = group.inherits(store, gname) this_user_groups.extend(this_group_inherits) # return a unique list of groups return list(set(this_user_groups))