def grant_permission_to_tag(session, tag_id, permission_id, argument=''):
# type: (Session, int, int, str) -> bool
"""
Grant a permission to this tag. This will fail if the (permission, argument) has already
been granted to this tag.
Args:
session(models.base.session.Sessioan): database session
tag_id(int): the id of the tag we're granting the permission to
permission_id(int): the id of the permission to be granted
argument(str): must match constants.ARGUMENT_VALIDATION
Throws:
AssertError if argument does not match ARGUMENT_VALIDATION regex
Returns:
bool indicating whether the function succeeded or not
"""
assert re.match(ARGUMENT_VALIDATION, argument), 'Permission argument does not match regex.'
try:
mapping = TagPermissionMap(permission_id=permission_id, tag_id=tag_id, argument=argument)
mapping.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
return False
session.commit()
return True
def grant_permission_to_tag(session, tag_id, permission_id, argument=''):
# type: (Session, int, int, str) -> bool
"""
Grant a permission to this tag. This will fail if the (permission, argument) has already
been granted to this tag.
Args:
session(models.base.session.Sessioan): database session
tag_id(int): the id of the tag we're granting the permission to
permission_id(int): the id of the permission to be granted
argument(str): must match constants.ARGUMENT_VALIDATION
Throws:
AssertError if argument does not match ARGUMENT_VALIDATION regex
Returns:
bool indicating whether the function succeeded or not
"""
assert re.match(ARGUMENT_VALIDATION + r"$", argument), \
'Permission argument does not match regex.'
try:
mapping = TagPermissionMap(permission_id=permission_id, tag_id=tag_id, argument=argument)
mapping.add(session)
Counter.incr(session, "updates")
except IntegrityError:
session.rollback()
return False
session.commit()
return True
def post(self, name=None, mapping_id=None):
mapping = TagPermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not user_has_permission(self.session, self.current_user, TAG_EDIT,
mapping.tag.name):
return self.forbidden()
permission = mapping.permission
tag = mapping.tag
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"revoke_tag_permission",
"Revoked permission with argument: {}".format(mapping.argument),
on_tag_id=tag.id,
on_permission_id=permission.id,
)
return self.redirect("/tags/{}?refresh=yes".format(tag.name))
def get(self, name=None, mapping_id=None):
mapping = TagPermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name):
return self.forbidden()
self.render("permission-revoke-tag.html", mapping=mapping)
def get(self, name=None, mapping_id=None):
mapping = TagPermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not user_has_permission(self.session, self.current_user, TAG_EDIT,
mapping.tag.name):
return self.forbidden()
self.render("permission-revoke-tag.html", mapping=mapping)
def post(self, name=None, mapping_id=None):
mapping = TagPermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
if not user_has_permission(self.session, self.current_user, TAG_EDIT, mapping.tag.name):
return self.forbidden()
permission = mapping.permission
tag = mapping.tag
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'revoke_tag_permission',
'Revoked permission with argument: {}'.format(mapping.argument),
on_tag_id=tag.id, on_permission_id=permission.id)
return self.redirect('/tags/{}?refresh=yes'.format(tag.name))