def _add_role_membership(user: User, role: Role): """ Adds a membership manually because the identities API can't add memberships to non-group roles. """ io.start('Making user {} a member of role {}'.format( highlight(user.username), highlight(role.name))) membership = {'user': user.id, 'role': role.id, 'from': timestamp()} data = {'entities': [membership]} post(api.rest2('sys_sec_RoleMembership'), data=data)
def _is_member(user: User, role: Role) -> bool: memberships = get(api.rest2('sys_sec_RoleMembership'), params={ 'attrs': 'id', 'q': "user=={};role=={};(to=='',to=ge={})".format( user.id, role.id, timestamp()) }).json()['items'] return len(memberships) > 0
def _get_group_membership(user: User, group: Group) -> Optional[RoleMembership]: group_roles = _get_group_roles(group) group_role_ids = [role.id for role in group_roles] memberships = get( api.rest2('sys_sec_RoleMembership'), params={ 'attrs': 'id,user(id,username),role(id,name,label,group(id,name))', 'q': "user=={};role=in=({});(to=='',to=ge={})".format( user.id, ','.join(group_role_ids), timestamp()) }).json()['items'] if len(memberships) == 0: return None else: return map_to_role_membership(memberships[0])