def add_service_getcapabilities_perms(service, db_session, group_name=None): if service.type in SERVICES_PHOENIX_ALLOWED and \ Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[service.type].permissions: if group_name is None: group_name = get_constant("MAGPIE_ANONYMOUS_USER") group = GroupService.by_group_name(group_name, db_session=db_session) perm = ResourceService.perm_by_group_and_perm_name( service.resource_id, group.id, Permission.GET_CAPABILITIES.value, db_session) if perm is None: # not set, create it create_group_resource_permission_response( group, service, Permission.GET_CAPABILITIES, db_session)
def _apply_session(_usr_name=None, _grp_name=None): """ Apply operation using db session. """ from magpie.api.management.user import user_utils as ut from magpie.api.management.group import group_utils as gt res = ResourceService.by_resource_id(resource_id, db_session=cookies_or_session) if _usr_name: usr = UserService.by_user_name(_usr_name, db_session=cookies_or_session) if create_perm: return ut.create_user_resource_permission_response( usr, res, perm, db_session=cookies_or_session) else: return ut.delete_user_resource_permission_response( usr, res, perm, db_session=cookies_or_session) if _grp_name: grp = GroupService.by_group_name(_grp_name, db_session=cookies_or_session) if create_perm: return gt.create_group_resource_permission_response( grp, res, perm, db_session=cookies_or_session) else: return gt.delete_group_resource_permission_response( grp, res, perm, db_session=cookies_or_session)
def create_group_resource_permissions_view(request): """ Create a permission on a specific resource for a group. """ group = ar.get_group_matchdict_checked(request) resource = ar.get_resource_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, resource) return gu.create_group_resource_permission_response(group, resource, permission, db_session=request.db)
def create_group_service_permission_view(request): """ Create a permission on a specific resource for a group. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, service) return gu.create_group_resource_permission_response(group, service, permission, request.db, overwrite=False)
def replace_group_resource_permissions_view(request): """ Create or modify an existing permission on a resource for a group. Can be used to adjust permission modifiers. """ group = ar.get_group_matchdict_checked(request) resource = ar.get_resource_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, resource) return gu.create_group_resource_permission_response(group, resource, permission, request.db, overwrite=True)