def _add_role_membership(user: User, role: Role):
"""
Adds a membership manually because the identities API can't add memberships to non-group roles.
"""
io.start('Making user {} a member of role {}'.format(
highlight(user.username), highlight(role.name)))
membership = {'user': user.id, 'role': role.id, 'from': timestamp()}
data = {'entities': [membership]}
post(api.rest2('sys_sec_RoleMembership'), data=data)
def _is_member(user: User, role: Role) -> bool:
memberships = get(api.rest2('sys_sec_RoleMembership'),
params={
'attrs':
'id',
'q':
"user=={};role=={};(to=='',to=ge={})".format(
user.id, role.id, timestamp())
}).json()['items']
return len(memberships) > 0
def _get_group_membership(user: User,
group: Group) -> Optional[RoleMembership]:
group_roles = _get_group_roles(group)
group_role_ids = [role.id for role in group_roles]
memberships = get(
api.rest2('sys_sec_RoleMembership'),
params={
'attrs':
'id,user(id,username),role(id,name,label,group(id,name))',
'q':
"user=={};role=in=({});(to=='',to=ge={})".format(
user.id, ','.join(group_role_ids), timestamp())
}).json()['items']
if len(memberships) == 0:
return None
else:
return map_to_role_membership(memberships[0])