def match_pems_to_project(self, project_uuid = None):
project_uuid = project_uuid or self.value.get('projectUUID')
logger.debug('matchins pems to project: %s', project_uuid)
if not project_uuid:
return self
project_roles = self._agave.systems.listRoles(systemId='project-{}'.format(project_uuid))
project_roles = filter(lambda x: x['username'] != 'ds_admin', project_roles)
meta_pems = BaseMetadataPermissionResource.list_permissions(self.uuid, self._agave)
meta_pems_users = self._update_pems_with_system_roles(project_roles, meta_pems)
for username, pem in six.iteritems(meta_pems_users):
pem.delete()
return self
def remove_collaborator(self, username):
logger.info('Removing collaborator "{}" from project "{}"'.format(username, self.uuid))
# Set permissions on the metadata record
pem = BaseMetadataPermissionResource(self.uuid, self._agave)
pem.username = username
pem.read = False
pem.write = False
pem.save()
# Set roles on project system
self.project_system.remove_role(username)
def add_collaborator(self, username):
logger.info('Adding collaborator "{}" to project "{}"'.format(username, self.uuid))
# Set permissions on the metadata record
pem = BaseMetadataPermissionResource(self.uuid, self._agave)
pem.username = username
pem.read = True
pem.write = True
pem.save()
# Set roles on project system
self.project_system.add_role(username, system_roles.USER)
def _update_pems_with_system_roles(self, system_roles, meta_pems):
"""Updates this metadata object's permissions with those of a system's roles
:param list system_roles: A list of :class:`dict` representing the user roles of a system.
This should be the response from :func:`~agavepy.agave.Agave.systems.listRoles`.
:param list meta_pems: A list of
:class:`~designsafe.apps.api.agave.models.metadata.BaseMetadataPermissionResource`.
This should be the response from
:func:`~designsafe.apps.api.agave.models.metadata.BaseMetadataPermissionResource.list_permissions`
:returns: A :class:`dict` where the keys are the usernames who do not have a role set on the system and the value
of each key is the :class:`~designsafe.apps.api.agave.models.metadata.BaseMetadataPermissionResource` object.
:rtype: dict
"""
meta_pems_users = {pem.username: pem for pem in meta_pems}
for role_obj in system_roles:
username = role_obj['username']
role = role_obj['role']
try:
pem = meta_pems_users.pop(username)
except KeyError:
pem = BaseMetadataPermissionResource(self.uuid, self._agave)
pem.username = username
if role == system_roles_list.GUEST and \
(not pem.read or pem.write):
pem.read = True
pem.save()
logger.debug('Created or Updated %s', pem)
elif role == system_roles_list.USER and \
(not pem.read or pem.write):
pem.read = True
pem.write = True
pem.save()
logger.debug('Created or Updated %s', pem)
return meta_pems_users
def collaborators(self):
permissions = BaseMetadataPermissionResource.list_permissions(
self.uuid, self._agave)
return [pem.username for pem in permissions]