def handle(self, *args, **options):
if options['username'] is None or options['resource_id'] is None:
usage()
exit(1)
username = options['username']
resource_id = options['resource_id']
user = user_from_name(username)
if user is None:
usage()
exit(1)
try:
resource = get_resource_by_shortkey(resource_id, or_404=False)
except BaseResource.DoesNotExist:
print("No such resource {}.".format(resource_id))
usage()
exit(1)
print(access_provenance(user, resource))
def handle(self, *args, **options):
if len(options['command']) > 0:
cname = options['command'][0]
else:
cname = None
if len(options['command']) > 1:
command = options['command'][1]
else:
command = None
# resolve owner: used in several update commands as grantor
if options['owner'] is not None:
oname = options['owner']
else:
oname = 'admin'
owner = user_from_name(oname)
if owner is None:
usage()
exit(1)
privilege = PrivilegeCodes.VIEW
# not specifing a community lists active communities
if cname is None:
print("All communities:")
for c in Community.objects.all():
print(" '{}' (id={})".format(c.name, str(c.id)))
exit(0)
if command is None or command == 'list':
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
print("community '{}' (id={}):".format(community.name,
community.id))
print(" description: {}".format(community.description))
print(" purpose: {}".format(community.purpose))
print(" owners:")
for ucp in UserCommunityPrivilege.objects.filter(
community=community, privilege=PrivilegeCodes.OWNER):
print(" {} (grantor {})".format(ucp.user.username,
ucp.grantor.username))
print(" member groups:")
for gcp in GroupCommunityPrivilege.objects.filter(
community=community):
if gcp.privilege == PrivilegeCodes.CHANGE:
others = "can edit community resources"
else:
others = "can view community resources"
print(" '{}' (id={}) (grantor={}):".format(
gcp.group.name, gcp.group.id, gcp.grantor.username))
print(" {}.".format(others))
print(" '{}' (id={}) owners are:".format(
gcp.group.name, str(gcp.group.id)))
for ugp in UserGroupPrivilege.objects.filter(
group=gcp.group, privilege=PrivilegeCodes.OWNER):
print(" {}".format(ugp.user.username))
exit(0)
# These are idempotent actions. Creating a community twice does nothing.
if command == 'update' or command == 'create':
try:
community = Community.objects.get(name=cname)
if options['description'] is not None:
community.description = options['description']
community.save()
if options['purpose'] is not None:
community.purpose = options['purpose']
community.save()
UserCommunityPrivilege.update(user=owner,
community=community,
privilege=PrivilegeCodes.OWNER,
grantor=owner)
except Community.DoesNotExist: # create it
if options['description'] is not None:
description = options['description']
else:
description = "No description"
purpose = options['purpose']
print(
"creating community '{}' with owner '{}' and description '{}'"
.format(cname, owner, description))
owner.uaccess.create_community(cname,
description,
purpose=purpose)
elif command == 'owner':
# at this point, community must exist
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
if len(options['command']) < 3:
# list owners
print("owners of community '{}' (id={})".format(
community.name, str(community.id)))
for ucp in UserCommunityPrivilege.objects.filter(
community=community, privilege=PrivilegeCodes.OWNER):
print(" {}".format(ucp.user.username))
exit(0)
oname = options['command'][2]
owner = user_from_name(oname)
if owner is None:
usage()
exit(1)
if len(options['command']) < 4:
print("user {} owns community '{}' (id={})".format(
owner.username, community.name, str(community.id)))
action = options['command'][3]
if action == 'add':
print("adding {} as owner of {} (id={})".format(
owner.username, community.name, str(community.id)))
UserCommunityPrivilege.share(user=owner,
community=community,
privilege=PrivilegeCodes.OWNER,
grantor=owner)
elif action == 'remove':
print("removing {} as owner of {} (id={})".format(
owner.username, community.name, str(community.id)))
UserCommunityPrivilege.unshare(user=owner,
community=community,
grantor=owner)
else:
print("unknown owner action '{}'".format(action))
usage()
exit(1)
elif command == 'group':
# at this point, community must exist
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
# not specifying a group should list groups
if len(options['command']) < 3:
print("Community '{}' groups:")
for gcp in GroupCommunityPrivilege.objects.filter(
community=community):
if gcp.privilege == PrivilegeCodes.CHANGE:
others = "can edit community resources"
else:
others = "can view community resources"
print(" '{}' (grantor {}):".format(
gcp.group.name, gcp.grantor.username))
print(" {}.".format(others))
exit(0)
gname = options['command'][2]
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
if len(options['command']) < 4:
print("community groups: no action specified.")
usage()
exit(1)
action = options['command'][3]
if action == 'update' or action == 'add':
# resolve privilege of group
privilege = PrivilegeCodes.VIEW
try:
print(
"Updating group '{}' (id={}) status in community '{}' (id={})."
.format(gname, str(group.id), cname,
str(community.id)))
gcp = GroupCommunityPrivilege.objects.get(
group=group, community=community)
# pass privilege changes through the privilege system to record provenance.
if gcp.privilege != privilege or owner != gcp.grantor:
GroupCommunityPrivilege.share(group=group,
community=community,
privilege=privilege,
grantor=owner)
except GroupCommunityPrivilege.DoesNotExist:
print(
"Adding group '{}' (id={}) to community '{}' (id={})".
format(gname, str(group.id), cname, str(community.id)))
# create the privilege record
GroupCommunityPrivilege.share(group=group,
community=community,
privilege=privilege,
grantor=owner)
# update view status if different than default
gcp = GroupCommunityPrivilege.objects.get(
group=group, community=community)
elif action == 'remove':
print(
"removing group '{}' (id={}) from community '{}' (id={})".
format(group.name, str(group.id), community.name,
str(community.id)))
GroupCommunityPrivilege.unshare(group=group,
community=community,
grantor=owner)
else:
print("unknown group command '{}'.".format(action))
usage()
exit(1)
elif command == 'remove':
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
print("removing community '{}' (id={}).".format(
community.name, community.id))
community.delete()
else:
print("unknown command '{}'.".format(command))
usage()
exit(1)
def handle(self, *args, **options):
if options['username'] is None:
usage()
exit(1)
username = options['username']
user = user_from_name(username)
if user is None:
usage()
exit(1)
print("resources: [on my resources landing page]")
print(" OWNED by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.OWNER, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print("groups: [on my resources landing page]")
print(" OWNED by user {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.OWNER)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
print(" EDITABLE by user {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
print(" VIEWABLE by {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print("communities: [on community landing page]")
print(" OWNED by {}".format(user.username))
communities = user.uaccess.get_communities_with_explicit_access(PrivilegeCodes.OWNER)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" {} has EDIT membership:".format(user.username))
communities = user.uaccess.get_communities_with_explicit_membership(PrivilegeCodes.CHANGE)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" groups where {} is granted edit:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" groups where {} is granted view:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" {} has VIEW membership:".format(user.username))
communities = user.uaccess.get_communities_with_explicit_membership(PrivilegeCodes.VIEW)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" groups where {} has edit:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" groups where {} has view:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id))
def handle(self, *args, **options):
if options['username'] is None:
usage()
exit(1)
username = options['username']
user = user_from_name(username)
if user is None:
usage()
exit(1)
print("resources: [on my resources landing page]")
print(" OWNED by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.OWNER, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.CHANGE, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by user {}:".format(user.username))
resources = user.uaccess.get_resources_with_explicit_access(
PrivilegeCodes.VIEW, via_user=True, via_group=False, via_community=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print("groups: [on my resources landing page]")
print(" OWNED by user {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.OWNER)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
print(" EDITABLE by user {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
print(" VIEWABLE by {}:".format(user.username))
groups = user.uaccess.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print("communities: [on community landing page]")
print(" OWNED by {}".format(user.username))
communities = user.uaccess.get_communities_with_explicit_access(PrivilegeCodes.OWNER)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" {} has EDIT membership:".format(user.username))
communities = user.uaccess.get_communities_with_explicit_membership(PrivilegeCodes.CHANGE)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" groups where {} is granted edit:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" groups where {} is granted view:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" EDITABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" VIEWABLE by group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print(" resource '{}' ({})".format(shorten(r.title, 20), r.short_id))
print(" {} has VIEW membership:".format(user.username))
communities = user.uaccess.get_communities_with_explicit_membership(PrivilegeCodes.VIEW)
for c in communities:
print(" community '{}' (id={})".format(c.name, c.id))
print(" groups where {} has edit:".format(user.username))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.CHANGE)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" EDITABLE by group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" VIEWABLE by group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" groups where {} has view:".format(user.username)))
groups = c.get_groups_with_explicit_access(PrivilegeCodes.VIEW)
for g in groups:
print(" group '{}' (id={})".format(g.name, g.id))
print(" PUBLISHED and in group '{}' (id={})".format(g.name, g.id))
resources = g.gaccess.view_resources.filter(raccess__published=True)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" DISCOVERABLE and in group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.view_resources.filter(raccess__discoverable=True,
raccess__published=False)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" EDITABLE by group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.CHANGE)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
print((" VIEWABLE by group '{}' (id={})".format(g.name, g.id)))
resources = g.gaccess.get_resources_with_explicit_access(PrivilegeCodes.VIEW)
for r in resources:
print((" resource '{}' ({})".format(shorten(r.title, 20),
r.short_id)))
def handle(self, *args, **options):
if len(options['command']) > 0:
gname = options['command'][0]
else:
gname = None
if len(options['command']) > 1:
command = options['command'][1]
else:
command = None
# resolve grantor:
if options['grantor'] is not None:
oname = options['grantor']
else:
oname = 'admin'
grantor = user_from_name(oname)
if grantor is None:
usage()
exit(1)
privilege = PrivilegeCodes.VIEW
# not specifing a group lists groups
if gname is None:
print("All groups:")
for g in Group.objects.all():
print(" '{}' (id={})".format(g.name, str(g.id)))
exit(0)
if command is None or command == 'list':
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
print("group '{}' (id={}):".format(group.name, group.id))
print(" owners:")
for ugp in UserGroupPrivilege.objects.filter(
group=group, privilege=PrivilegeCodes.OWNER):
print(" {} (grantor {})".format(ugp.user.username,
ugp.grantor.username))
print(" resources:")
for grp in GroupResourcePrivilege.objects.filter(group=group):
print(" {} '{}' (grantor {}) privilege {}".format(
grp.resource.short_id, grp.resource.title,
grp.grantor.username, PrivilegeCodes.NAMES[grp.privilege]))
exit(0)
if command == 'owner':
# at this point, group must exist
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
if len(options['command']) < 3:
# list owners
print("owners of group '{}' (id={})".format(
group.name, str(group.id)))
for ugp in UserGroupPrivilege.objects.filter(
group=group, privilege=PrivilegeCodes.OWNER):
print(" {}".format(ugp.user.username))
exit(0)
oname = options['command'][2]
owner = user_from_name(oname)
if owner is None:
usage()
exit(1)
action = options['command'][3]
if action == 'add':
print("adding {} as owner of {} (id={})".format(
owner.username, group.name, str(group.id)))
UserGroupPrivilege.share(user=owner,
group=group,
privilege=PrivilegeCodes.VIEW,
grantor=grantor)
elif action == 'remove':
print("removing {} as owner of {} (id={})".format(
owner.username, group.name, str(group.id)))
UserGroupPrivilege.unshare(user=owner,
group=group,
grantor=grantor)
else:
print("unknown owner action '{}'".format(action))
usage()
exit(1)
elif command == 'resource':
# at this point, community must exist
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
# not specifying a resource should list resources
if len(options['command']) < 3:
print("Group '{}' ({}) resources:".format(
group.name, group.id))
for grp in GroupResourcePrivilege.objects.filter(group=group):
if grp.privilege == PrivilegeCodes.CHANGE:
others = "can edit"
else:
others = "can view"
print(" '{}' ({}) (grantor {}):".format(
grp.group.name, grp.group.id, grp.grantor.username))
print(" {}.".format(others))
exit(0)
# next thing is resource ID.
rid = options['command'][2]
resource = resource_from_id(rid)
if resource is None:
usage()
exit(1)
if len(options['command']) < 4:
print("no resource command specified.")
usage()
exit(1)
action = options['command'][3]
if action == 'add':
# resolve privilege of group
privilege = PrivilegeCodes.VIEW
print("Adding resource {} to group '{}' (id={}) .".format(
rid, gname, str(group.id)))
GroupResourcePrivilege.share(group=group,
resource=resource,
privilege=privilege,
grantor=grantor)
elif action == 'remove':
print("removing resource {} from group '{}' (id={})".format(
rid, group.name, str(group.id)))
GroupResourcePrivilege.unshare(group=group,
resource=resource,
grantor=grantor)
else:
print("unknown resource command '{}'.".format(action))
usage()
exit(1)
elif command == 'remove':
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
print("removing group '{}' (id={}).".format(group.name, group.id))
group.delete()
else:
print("unknown command '{}'.".format(command))
usage()
exit(1)
def handle(self, *args, **options):
if len(options['command']) > 0:
cname = options['command'][0]
else:
cname = None
if len(options['command']) > 1:
command = options['command'][1]
else:
command = None
# resolve owner: used in several update commands as grantor
if options['owner'] is not None:
oname = options['owner']
else:
oname = 'admin'
owner = user_from_name(oname)
if owner is None:
usage()
exit(1)
if options['allow_edit']: # this is a group privilege
privilege = PrivilegeCodes.CHANGE
else:
privilege = PrivilegeCodes.VIEW
# not specifing a community lists active communities
if cname is None:
print("All communities:")
for c in Community.objects.all():
print(" '{}' (id={})".format(c.name, str(c.id)))
exit(0)
if command is None or command == 'list':
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
print("community '{}' (id={}):".format(community.name, community.id))
print(" description: {}".format(community.description))
print(" purpose: {}".format(community.purpose))
print(" owners:")
for ucp in UserCommunityPrivilege.objects.filter(community=community,
privilege=PrivilegeCodes.OWNER):
print(" {} (grantor {})".format(ucp.user.username, ucp.grantor.username))
print(" member groups:")
for gcp in GroupCommunityPrivilege.objects.filter(community=community):
if gcp.privilege == PrivilegeCodes.CHANGE:
others = "can edit community resources"
else:
others = "can view community resources"
if gcp.allow_view:
myself = 'allows view of group resources'
else:
myself = 'prohibits view of group resources'
print(" '{}' (id={}) (grantor={}):"
.format(gcp.group.name, gcp.group.id, gcp.grantor.username))
print(" {}, {}.".format(myself, others))
print(" '{}' (id={}) owners are:".format(gcp.group.name, str(gcp.group.id)))
for ugp in UserGroupPrivilege.objects.filter(group=gcp.group,
privilege=PrivilegeCodes.OWNER):
print(" {}".format(ugp.user.username))
exit(0)
# These are idempotent actions. Creating a community twice does nothing.
if command == 'update' or command == 'create':
try:
community = Community.objects.get(name=cname)
if options['description'] is not None:
community.description = options['description']
community.save()
if options['purpose'] is not None:
community.purpose = options['purpose']
community.save()
UserCommunityPrivilege.update(user=owner,
community=community,
privilege=PrivilegeCodes.OWNER,
grantor=owner)
except Community.DoesNotExist: # create it
if options['description'] is not None:
description = options['description']
else:
description = "No description"
purpose = options['purpose']
print("creating community '{}' with owner '{}' and description '{}'"
.format(cname, owner, description))
owner.uaccess.create_community(cname, description, purpose=purpose)
elif command == 'owner':
# at this point, community must exist
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
if len(options['command']) < 3:
# list owners
print("owners of community '{}' (id={})".format(community.name, str(community.id)))
for ucp in UserCommunityPrivilege.objects.filter(community=community,
privilege=PrivilegeCodes.OWNER):
print(" {}".format(ucp.user.username))
exit(0)
oname = options['command'][2]
owner = user_from_name(oname)
if owner is None:
usage()
exit(1)
if len(options['command']) < 4:
print("user {} owns community '{}' (id={})"
.format(owner.username, community.name, str(community.id)))
action = options['command'][3]
if action == 'add':
print("adding {} as owner of {} (id={})"
.format(owner.username, community.name, str(community.id)))
UserCommunityPrivilege.share(user=owner, community=community,
privilege=PrivilegeCodes.OWNER, grantor=owner)
elif action == 'remove':
print("removing {} as owner of {} (id={})"
.format(owner.username, community.name, str(community.id)))
UserCommunityPrivilege.unshare(user=owner, community=community, grantor=owner)
else:
print("unknown owner action '{}'".format(action))
usage()
exit(1)
elif command == 'group':
# at this point, community must exist
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
# not specifying a group should list groups
if len(options['command']) < 3:
print("Community '{}' groups:")
for gcp in GroupCommunityPrivilege.objects.filter(community=community):
if gcp.privilege == PrivilegeCodes.CHANGE:
others = "can edit community resources"
else:
others = "can view community resources"
if gcp.allow_view:
myself = 'allows view of group resources'
else:
myself = 'prohibits view of group resources'
print(" '{}' (grantor {}):".format(gcp.group.name, gcp.grantor.username))
print(" {}, {}.".format(myself, others))
exit(0)
gname = options['command'][2]
group = group_from_name_or_id(gname)
if group is None:
usage()
exit(1)
if len(options['command']) < 4:
print("community groups: no action specified.")
usage()
exit(1)
action = options['command'][3]
if action == 'update' or action == 'add':
# resolve privilege of group
if options['allow_edit']:
privilege = PrivilegeCodes.CHANGE
else:
privilege = PrivilegeCodes.VIEW
try:
print("Updating group '{}' (id={}) status in community '{}' (id={})."
.format(gname, str(group.id), cname, str(community.id)))
gcp = GroupCommunityPrivilege.objects.get(group=group, community=community)
if gcp.allow_view != (not options['prohibit_view']):
gcp.allow_view = not options['prohibit_view']
gcp.save()
# pass privilege changes through the privilege system to record provenance.
if gcp.privilege != privilege or owner != gcp.grantor:
GroupCommunityPrivilege.share(group=group, community=community,
privilege=privilege, grantor=owner)
except GroupCommunityPrivilege.DoesNotExist:
print("Adding group '{}' (id={}) to community '{}' (id={})"
.format(gname, str(group.id), cname, str(community.id)))
# create the privilege record
GroupCommunityPrivilege.share(group=group, community=community,
privilege=privilege, grantor=owner)
# update view status if different than default
gcp = GroupCommunityPrivilege.objects.get(group=group, community=community)
if gcp.allow_view != (not options['prohibit_view']):
gcp.allow_view = not options['prohibit_view']
gcp.save()
elif action == 'remove':
print("removing group '{}' (id={}) from community '{}' (id={})"
.format(group.name, str(group.id), community.name, str(community.id)))
GroupCommunityPrivilege.unshare(group=group, community=community, grantor=owner)
else:
print("unknown group command '{}'.".format(action))
usage()
exit(1)
elif command == 'remove':
community = community_from_name_or_id(cname)
if community is None:
usage()
exit(1)
print("removing community '{}' (id={}).".format(community.name, community.id))
community.delete()
else:
print("unknown command '{}'.".format(command))
usage()
exit(1)
