from guillotina import configure
# Add new permission
configure.permission("guillotina.ManageAMQP",
"Manage guillotina amqp endpoints")
configure.permission("guillotina.DebugAMQP", "Debug guillotina amqp tasks")
# Grant it to guillotina.Manager
configure.grant(permission="guillotina.ManageAMQP", role="guillotina.Manager")
configure.grant(permission="guillotina.DebugAMQP", role="guillotina.Manager")
# -*- coding: utf-8 -*-
from guillotina import configure
from guillotina.i18n import MessageFactory
_ = MessageFactory('guillotina_dbusers')
app_settings = {
"auth_user_identifiers": ["guillotina_dbusers.users.DBUserIdentifier"]
}
configure.permission("guillotina.NotAuthenticated", "")
configure.permission("guillotina.Authenticated", "")
configure.permission("guillotina.AddUser", title="Add plone user")
configure.permission("guillotina.AddGroup", title="Add plone group")
configure.grant(permission="guillotina.AccessContent",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.NotAuthenticated",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.Authenticated",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.AddUser",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.AddGroup",
role="guillotina.ContainerAdmin")
def includeme(root, settings):
configure.scan('guillotina_dbusers.content.users')
configure.scan('guillotina_dbusers.content.groups')
configure.scan('guillotina_dbusers.install')
configure.scan('guillotina_dbusers.services')
from guillotina import configure
configure.permission("guillotina.Nobody", "Permission not assigned to anyone")
configure.permission("guillotina.ManageUsers", "Manage Users on site",
"Be able to manage users on site")
configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
'port': 6379,
'ttl': 3600,
'memory_cache_size': 209715200,
'updates_channel': 'guillotina',
'pool': {
'minsize': 5,
'maxsize': 100
},
'cluster_mode': False
},
"load_utilities": {
"guillotina_rediscache.cache": {
'provides':
'guillotina_rediscache.interfaces.IRedisChannelUtility', # noqa
'factory': 'guillotina_rediscache.utility.RedisChannelUtility',
'settings': {}
}
}
}
configure.permission('guillotina_rediscache.Manage', 'Manage redis cache')
configure.grant(permission="guillotina_rediscache.Manage",
role="guillotina.Manager")
def includeme(root, settings):
configure.scan('guillotina_rediscache.cache_strategy')
configure.scan('guillotina_rediscache.utility')
configure.scan('guillotina_rediscache.api')
configure.scan('guillotina_rediscache.serialize')
from guillotina import configure
app_settings = {
}
configure.role("guillotina_chat.ConversationParticipant",
"Conversation Participant",
"Users that are part of a conversation", False)
configure.grant(
permission="guillotina.ViewContent",
role="guillotina_chat.ConversationParticipant")
configure.grant(
permission="guillotina.AccessContent",
role="guillotina_chat.ConversationParticipant")
configure.grant(
permission="guillotina.AddContent",
role="guillotina_chat.ConversationParticipant")
def includeme(root):
"""
custom application initialization here
"""
configure.scan('guillotina_chat.install')
configure.scan('guillotina_chat.content')
configure.scan('guillotina_chat.subscribers')
configure.scan('guillotina_chat.serialize')
configure.scan('guillotina_chat.services')
configure.scan('guillotina_chat.utility')
configure.scan('guillotina_chat.ws')
configure.role("guillotina.Reader", "Reader", "can read content", True)
configure.role("guillotina.Editor", "Editor", "can edit content", True)
configure.role("guillotina.Reviewer", "Reviewer", "can review content", True)
configure.role("guillotina.Owner", "Content Manager", "can add/delete content",
True)
configure.role("guillotina.Manager", "Site Manager", False)
configure.role("guillotina.SiteAdmin", "Site Administrator",
"can set settings on site", False)
configure.role("guillotina.SiteCreator", "Site DB Manager",
"Can create sites and db connections", False)
configure.role("guillotina.SiteDeleter", "Site Remover", "Can destroy a site",
False)
# Anonymous
configure.grant(permission="guillotina.AccessPreflight",
role="guillotina.Anonymous")
# Reader
configure.grant(permission="guillotina.ViewContent", role="guillotina.Reader")
configure.grant(permission="guillotina.AccessContent",
role="guillotina.Reader")
# Reviewer
configure.grant(permission="guillotina.ViewContent",
role="guillotina.Reviewer")
configure.grant(permission="guillotina.AccessContent",
role="guillotina.Reviewer")
# Owner
configure.grant(permission="guillotina.DeleteContent", role="guillotina.Owner")
configure.grant(permission="guillotina.AddContent", role="guillotina.Owner")
from guillotina import configure
configure.permission('guillotina.ManageVersioning',
'Ability to modify versioning on an object')
configure.permission('guillotina.ManageConstraints',
'Allow to check and change type constraints')
configure.permission('guillotina.ReviewContent', 'Review content permission')
configure.permission('guillotina.RequestReview',
'Request review content permission')
configure.grant(permission='guillotina.ManageVersioning',
role='guillotina.Manager')
configure.grant(permission='guillotina.ManageConstraints',
role='guillotina.Manager')
configure.grant(permission='guillotina.ManageConstraints',
role='guillotina.ContainerAdmin')
configure.grant(permission='guillotina.ReviewContent',
role='guillotina.Reviewer')
configure.grant(permission='guillotina.ReviewContent',
role='guillotina.Manager')
configure.grant(permission='guillotina.RequestReview',
role='guillotina.Manager')
configure.grant(permission='guillotina.RequestReview', role='guillotina.Owner')
from guillotina import configure
configure.grant(permission="guillotina.SearchContent",
role="guillotina.Manager")
from guillotina import configure
configure.permission("guillotina.AddUser", title="Add plone user")
configure.permission("guillotina.AddGroup", title="Add plone group")
configure.permission("guillotina.Nobody", "Permission not assigned to anyone")
configure.permission("guillotina.ManageUsers", "Manage Users on site",
"Be able to manage users on site")
configure.grant(permission="guillotina.AddUser", role="guillotina.Manager")
configure.grant(permission="guillotina.AddGroup", role="guillotina.Manager")
configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
configure.grant(permission="guillotina.AddUser",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.AddGroup",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.ManageUsers",
role="guillotina.ContainerAdmin")
from guillotina import configure
configure.permission("guillotina.swagger.View", "View swagger definition")
configure.grant(permission="guillotina.swagger.View",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.swagger.View",
role="guillotina.Authenticated")
app_settings = {
"static": {
"swagger_static": "guillotina.contrib.swagger:static"
},
"swagger": {
"authentication_allowed": True,
"base_url": None,
"auth_storage_search_keys": ["auth"],
"base_configuration": {
"swagger": "2.0",
"info": {
"version": "",
"title": "Guillotina",
"description": "The REST Resource API",
},
"host": "",
"basePath": "",
"schemes": [],
"produces": ["application/json"],
"consumes": ["application/json"],
"paths": {},
"definitions": {},
},
configure.permission("guillotina.ManageVersioning",
"Ability to modify versioning on an object")
configure.permission("guillotina.ManageConstraints",
"Allow to check and change type constraints")
configure.permission("guillotina.ReviewContent", "Review content permission")
configure.permission("guillotina.RequestReview",
"Request review content permission")
configure.permission("guillotina.ViewComments", "View comments")
configure.permission("guillotina.ModifyComments", "Modify comments")
configure.permission("guillotina.AddComments", "Add comments")
configure.permission("guillotina.DeleteComments", "Delete comments")
configure.permission("guillotina.DeleteAllComments", "Delete all comments")
configure.grant(permission="guillotina.ManageVersioning",
role="guillotina.Manager")
configure.grant(permission="guillotina.ManageConstraints",
role="guillotina.Manager")
configure.grant(permission="guillotina.ManageConstraints",
role="guillotina.ContainerAdmin")
configure.grant(permission="guillotina.ReviewContent",
role="guillotina.Reviewer")
configure.grant(permission="guillotina.ReviewContent",
role="guillotina.Manager")
configure.grant(permission="guillotina.RequestReview",
role="guillotina.Manager")
from . import settings
from guillotina import configure
from guillotina.interfaces import IFolder
import json
import pytest
pytestmark = pytest.mark.asyncio
configure.permission("dbusers.SeeTopSecret", "SeeTopSecret", "Ability to see TopSecret docs")
configure.role("dbusers.DoubleO", "00 Agent")
configure.grant(permission="dbusers.SeeTopSecret", role="dbusers.DoubleO")
@configure.service(
context=IFolder, method="GET", permission="dbusers.SeeTopSecret", name="@top-secret",
)
async def top_secret(context, request):
return {"documents": ["abcd"]}
@pytest.mark.app_settings(settings.DEFAULT_SETTINGS)
async def test_roles_in_groups(dbusers_requester):
async with dbusers_requester as requester:
# Create the group 'top-agents' and assign the role "dbusers.DoubleO"
resp, status = await requester(
"POST",
"/db/guillotina/groups",
data=json.dumps({"id": "top-agents", "@type": "Group", "user_roles": ["dbusers.DoubleO"]}),
from guillotina import configure
configure.permission('hive.Manage', 'Manage Hive Cluster')
configure.permission('hive.Schedulle', 'Schedulle tasks')
configure.grant(
permission="hive.Manage",
role="guillotina.ContainerAdmin")
@configure.service(context=IApplication,
method="GET",
permission="guillotina.AccessContent",
name="@raise-http-exception")
@configure.service(context=IApplication,
method="POST",
permission="guillotina.AccessContent",
name="@raise-http-exception")
async def raise_http_exception(context, request):
raise HTTPUnprocessableEntity()
# Create a new permission and grant it to authenticated users only
configure.permission("example.EndpointPermission", "example permission")
configure.grant(permission="example.EndpointPermission",
role="guillotina.Authenticated")
@configure.service(context=IApplication,
method="GET",
permission="example.EndpointPermission",
name="@myEndpoint")
async def my_endpoint(context, request):
return {"foo": "bar"}
@configure.service(
context=IApplication,
method="GET",
permission="guillotina.AccessContent",
name="@json-schema-validation",
from guillotina import configure
configure.permission("guillotina.AddJinjaTemplate", title="Add Jinja template")
configure.grant(permission="guillotina.AddJinjaTemplate",
role="guillotina.Manager")
configure.grant(permission="guillotina.AddJinjaTemplate",
role="guillotina.ContainerAdmin")
from guillotina import configure
# Add new permission
configure.permission('guillotina.ManageAMQP', 'Manage guillotina amqp endpoints')
# Grant it to guillotina.Manager
configure.grant(
permission='guillotina.ManageAMQP',
role='guillotina.Manager')
},
"hive_tasks": {},
"hive": {
"image": None,
"default_namespace": "hive",
"orchestrator": "k8s",
"cluster_config": {},
"guillotina_default": {
"entrypoint": None,
"volumes": None,
"volumeMounts": None,
"envFrom": None,
"container_args": ["guillotina", "hive-worker"]
},
'quota': None,
'settings_serializer': 'guillotina_hive.utils.settings_serializer'
}
}
configure.permission('guillotina_hive.Manage', 'Manage hive')
configure.grant(permission="guillotina_hive.Manage", role="guillotina.Manager")
def includeme(root):
configure.scan('guillotina_hive.content')
configure.scan('guillotina_hive.client')
configure.scan('guillotina_hive.install')
configure.scan('guillotina_hive.permissions')
configure.scan('guillotina_hive.api')
configure.scan('guillotina_hive.builtins')
configure.role("guillotina.Reader", "Reader", "can read content", True)
configure.role("guillotina.Editor", "Editor", "can edit content", True)
configure.role("guillotina.Reviewer", "Reviewer", "can review content", True)
configure.role("guillotina.Owner", "Content Manager", "can add/delete content",
True)
configure.role("guillotina.Manager", "Container Manager", False)
configure.role("guillotina.ContainerAdmin", "Container Administrator",
"can set settings on container", False)
configure.role("guillotina.ContainerCreator", "Container DB Manager",
"Can create containers and db connections", False)
configure.role("guillotina.ContainerDeleter", "Container Remover",
"Can destroy a container", False)
# Anonymous
configure.grant(permission="guillotina.AccessPreflight",
role="guillotina.Anonymous")
configure.grant(permission="guillotina.Public", role="guillotina.Anonymous")
# Authenticated
configure.grant(permission="guillotina.RefreshToken",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.SeeSession",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.Logout",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.AccessPreflight",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.Public",
role="guillotina.Authenticated")
configure.grant(permission="guillotina.UseWebSockets",
"mailer": {
"default_sender": "*****@*****.**",
"endpoints": {
"default": {
"type": "smtp",
"host": "localhost",
"port": 25
}
},
"debug": False,
"utility": "guillotina_mailer.utility.MailerUtility",
"use_html2text": True,
"domain": None
}
}
configure.permission(id="mailer.SendMail", title="Request subscription")
configure.grant(permission="mailer.SendMail", role="guillotina.ContainerAdmin")
def includeme(root, settings):
factory = import_class(
settings.get('mailer', {}).get('utility',
app_settings['mailer']['utility']))
utility = factory()
provide_utility(utility, IMailer)
configure.scan('guillotina_mailer.api')
configure.scan('guillotina_mailer.utility')
