async def sharing_post(context, request):
"""Change permissions"""
lroles = local_roles()
data = await request.json()
if 'prinrole' not in data and \
'roleperm' not in data and \
'prinperm' not in data:
raise AttributeError('prinrole or roleperm or prinperm missing')
if 'type' not in data:
raise AttributeError('type missing')
setting = data['type']
# we need to check if we are changing any info
changed = False
if 'prinrole' in data:
if setting not in PermissionMap['prinrole']:
raise AttributeError('Invalid Type')
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
for user, roles in data['prinrole'].items():
for role in roles:
if role in lroles:
changed = True
func(role, user)
else:
raise KeyError('No valid local role')
if 'prinperm' in data:
if setting not in PermissionMap['prinperm']:
raise AttributeError('Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
for user, permissions in data['prinperm'].items():
for permision in permissions:
changed = True
func(permision, user)
if 'roleperm' in data:
if setting not in PermissionMap['roleperm']:
raise AttributeError('Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
for role, permissions in data['roleperm'].items():
for permission in permissions:
changed = True
func(permission, role)
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data):
lroles = role.local_roles()
changed = False
for perminhe in data.get('perminhe') or []:
setting = perminhe.get('setting')
if setting not in PermissionMap['perminhe']:
raise PreconditionFailed(context,
'Invalid Type {}'.format(setting))
manager = IInheritPermissionManager(context)
operation = PermissionMap['perminhe'][setting]
func = getattr(manager, operation)
changed = True
func(perminhe['permission'])
for prinrole in data.get('prinrole') or []:
setting = prinrole.get('setting')
if setting not in PermissionMap['prinrole']:
raise PreconditionFailed(context,
'Invalid Type {}'.format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
if prinrole['role'] in lroles:
changed = True
func(prinrole['role'], prinrole['principal'])
else:
raise PreconditionFailed(context, 'No valid local role')
for prinperm in data.get('prinperm') or []:
setting = prinperm['setting']
if setting not in PermissionMap['prinperm']:
raise PreconditionFailed(context, 'Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
changed = True
func(prinperm['permission'], prinperm['principal'])
for roleperm in data.get('roleperm') or []:
setting = roleperm['setting']
if setting not in PermissionMap['roleperm']:
raise PreconditionFailed(context, 'Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
changed = True
func(roleperm['permission'], roleperm['role'])
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def addPerms(obj, perms, changed=False):
"""apply some permissions. Copied almost verbatim from sharingPOST service
"""
lroles = local_roles()
groles = global_roles()
if ("prinrole" not in perms and "roleperm" not in perms
and "prinperm" not in perms):
raise PreconditionFailed(obj,
"prinrole or roleperm or prinperm missing")
for prinrole in perms.get("prinrole") or []:
setting = prinrole.get("setting")
if setting not in PermissionMap["prinrole"]:
raise PreconditionFailed(obj, "Invalid Type {}".format(setting))
manager = IPrincipalRoleManager(obj)
operation = PermissionMap["prinrole"][setting]
func = getattr(manager, operation)
if (obj.type_name == "Container"
and prinrole["role"] not in groles + lroles):
raise PreconditionFailed(
obj, "Not a valid role: {}".format(prinrole["role"]))
if obj.type_name != "Container" and prinrole["role"] not in lroles:
raise PreconditionFailed(
obj, "Not a valid local role: {}".format(prinrole["role"]))
changed = True
func(prinrole["role"], prinrole["principal"])
for prinperm in perms.get("prinperm") or []:
setting = prinperm["setting"]
if setting not in PermissionMap["prinperm"]:
raise PreconditionFailed(obj, "Invalid Type")
manager = IPrincipalPermissionManager(obj)
operation = PermissionMap["prinperm"][setting]
func = getattr(manager, operation)
changed = True
func(prinperm["permission"], prinperm["principal"])
for roleperm in perms.get("roleperm") or []:
setting = roleperm["setting"]
if setting not in PermissionMap["roleperm"]:
raise PreconditionFailed(obj, "Invalid Type")
manager = IRolePermissionManager(obj)
operation = PermissionMap["roleperm"][setting]
func = getattr(manager, operation)
changed = True
func(roleperm["permission"], roleperm["role"])
if changed:
obj._p_register() # make sure data is saved
async def __call__(self, changed=False):
"""Change permissions"""
context = self.context
request = self.request
lroles = local_roles()
data = await request.json()
if 'prinrole' not in data and \
'roleperm' not in data and \
'prinperm' not in data:
raise PreconditionFailed(
self.context, 'prinrole or roleperm or prinperm missing')
for prinrole in data.get('prinrole') or []:
setting = prinrole.get('setting')
if setting not in PermissionMap['prinrole']:
raise PreconditionFailed(self.context,
'Invalid Type {}'.format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
if prinrole['role'] in lroles:
changed = True
func(prinrole['role'], prinrole['principal'])
else:
raise PreconditionFailed(self.context, 'No valid local role')
for prinperm in data.get('prinperm') or []:
setting = prinperm['setting']
if setting not in PermissionMap['prinperm']:
raise PreconditionFailed(self.context, 'Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
changed = True
func(prinperm['permission'], prinperm['principal'])
for roleperm in data.get('roleperm') or []:
setting = roleperm['setting']
if setting not in PermissionMap['roleperm']:
raise PreconditionFailed(self.context, 'Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
changed = True
func(roleperm['permission'], roleperm['role'])
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data):
lroles = role.local_roles()
changed = False
for perminhe in data.get("perminhe") or []:
if not isinstance(perminhe, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(perminhe))
setting = perminhe.get("setting")
if setting not in PermissionMap["perminhe"]:
raise PreconditionFailed(context,
"Invalid Type {}".format(setting))
manager = IInheritPermissionManager(context)
operation = PermissionMap["perminhe"][setting]
func = getattr(manager, operation)
changed = True
func(perminhe["permission"])
for prinrole in data.get("prinrole") or []:
if not isinstance(prinrole, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(prinrole))
setting = prinrole.get("setting")
if setting not in PermissionMap["prinrole"]:
raise PreconditionFailed(context,
"Invalid Type {}".format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap["prinrole"][setting]
func = getattr(manager, operation)
if prinrole["role"] in lroles:
changed = True
func(prinrole["role"], prinrole["principal"])
else:
raise PreconditionFailed(context, "No valid local role")
for prinperm in data.get("prinperm") or []:
if not isinstance(prinperm, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(prinperm))
setting = prinperm["setting"]
if setting not in PermissionMap["prinperm"]:
raise PreconditionFailed(context, "Invalid Type")
manager = IPrincipalPermissionManager(context)
operation = PermissionMap["prinperm"][setting]
func = getattr(manager, operation)
changed = True
func(prinperm["permission"], prinperm["principal"])
for roleperm in data.get("roleperm") or []:
if not isinstance(roleperm, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(roleperm))
setting = roleperm["setting"]
if setting not in PermissionMap["roleperm"]:
raise PreconditionFailed(context, "Invalid Type")
manager = IRolePermissionManager(context)
operation = PermissionMap["roleperm"][setting]
func = getattr(manager, operation)
changed = True
func(roleperm["permission"], roleperm["role"])
if changed:
context.register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))