def add_permissions_to_groups(data, db_session, username):
logger.info(LogMsg.START, username)
schema_validate(data, GROUP_ADD_SCHEMA_PATH)
logger.debug(LogMsg.SCHEMA_CHECKED)
permissions = set(data.get('permissions'))
groups = set(data.get('groups'))
validate_permissions(permissions, db_session)
validate_groups(groups, db_session)
final_res = {}
for group_id in groups:
result = []
for permission_id in permissions:
if group_has_permission(permission_id, group_id, db_session):
logger.error(LogMsg.PERMISSION_GROUP_ALREADY_HAS, {
'permission_id': permission_id,
'group_id': group_id
})
raise Http_error(409, Message.ALREADY_EXISTS)
result.append(
group_permission_to_dict(
add(permission_id, group_id, db_session, username)))
final_res.update({group_id: result})
logger.info(LogMsg.END)
return final_res
def delete_permissions_of_groups(data, db_session, username):
logger.info(LogMsg.START, username)
schema_validate(data, GROUP_ADD_SCHEMA_PATH)
logger.debug(LogMsg.SCHEMA_CHECKED)
permissions = set(data.get('permissions'))
groups = set(data.get('groups'))
validate_permissions(permissions, db_session)
validate_groups(groups, db_session)
for group_id in groups:
group = get_group(group_id, db_session, username)
logger.debug(LogMsg.PERMISSION_CHECK, username)
validate_permissions_and_access(username,
db_session,
'GROUP_PERMISSION_DELETE',
model=group,
access_level=Access_level.Premium)
logger.debug(LogMsg.PERMISSION_VERIFIED, username)
for permission_id in permissions:
if not group_has_permission(permission_id, group_id, db_session):
logger.error(LogMsg.PERMISSION_NOT_HAS_GROUP, {
'permission_id': permission_id,
'group_id': group_id
})
raise Http_error(404, Message.PERMISSION_NOT_FOUND)
delete_permission_for_group(permission_id, group_id, db_session)
logger.info(LogMsg.END)
return {'result': 'successful'}
def add_users_to_groups(data, db_session, username):
logger.info(LogMsg.START, username)
if username not in ADMINISTRATORS:
logger.error(LogMsg.NOT_ACCESSED, {'username': username})
raise Http_error(403, Message.ACCESS_DENIED)
users = set(data.get('users'))
groups = set(data.get('groups'))
validate_users(users, db_session)
validate_groups(groups, db_session)
final_res = {}
for group_id in groups:
result = []
for user_id in users:
if user_is_in_group(user_id, group_id, db_session):
logger.error(LogMsg.GROUP_USER_IS_IN_GROUP,
{'user_id': user_id, 'group_id': group_id})
raise Http_error(409, Message.ALREADY_EXISTS)
result.append(
model_to_dict(add(user_id, group_id, db_session, username)))
final_res.update({group_id: result})
logger.info(LogMsg.END)
return final_res
def add_permissions_to_groups(data, db_session, username):
logger.info(LogMsg.START, username)
if username not in ADMINISTRATORS:
logger.error(LogMsg.NOT_ACCESSED, {'username': username})
raise Http_error(403, Message.ACCESS_DENIED)
permissions = set(data.get('permissions'))
groups = set(data.get('groups'))
validate_permissions(permissions, db_session)
validate_groups(groups, db_session)
final_res = {}
for group_id in groups:
result = []
for permission_id in permissions:
if group_has_permission(permission_id, group_id, db_session):
logger.error(LogMsg.PERMISSION_GROUP_ALREADY_HAS, {
'permission_id': permission_id,
'group_id': group_id
})
raise Http_error(409, Message.ALREADY_EXISTS)
result.append(
group_permission_to_dict(
add(permission_id, group_id, db_session, username)))
final_res.update({group_id: result})
logger.info(LogMsg.END)
return final_res
def get_user_group_list(user_id, db_session):
result = db_session.query(GroupUser).filter(
GroupUser.user_id == user_id).all()
groups = []
for item in result:
groups.append(item.group_id)
group_persons_list = validate_groups(groups, db_session)
group_persons = {}
for item in group_persons_list:
group_persons.update({item.id: item.person_id})
return group_persons
def delete_users_from_groups(data, db_session, username):
logger.info(LogMsg.START, username)
if username not in ADMINISTRATORS:
logger.error(LogMsg.NOT_ACCESSED, {'username': username})
raise Http_error(403, Message.ACCESS_DENIED)
users = set(data.get('users'))
groups = set(data.get('groups'))
validate_users(users, db_session)
validate_groups(groups, db_session)
for group_id in groups:
for user_id in users:
if not user_is_in_group(user_id, group_id, db_session):
logger.error(LogMsg.GROUP_USER_NOT_IN_GROUP,
{'user_id': user_id, 'group_id': group_id})
raise Http_error(404, Message.NOT_IN_GROUP)
delete_user_group(user_id, group_id, db_session)
logger.info(LogMsg.END)
return {'result': 'successful'}
def delete_permissions_of_groups(data, db_session, username):
logger.info(LogMsg.START, username)
if username not in ADMINISTRATORS:
logger.error(LogMsg.NOT_ACCESSED, {'username': username})
raise Http_error(403, Message.ACCESS_DENIED)
permissions = set(data.get('permissions'))
groups = set(data.get('groups'))
validate_permissions(permissions, db_session)
validate_groups(groups, db_session)
for group_id in groups:
for permission_id in permissions:
if not group_has_permission(permission_id, group_id, db_session):
logger.error(LogMsg.PERMISSION_NOT_HAS_GROUP, {
'permission_id': permission_id,
'group_id': group_id
})
raise Http_error(404, Message.PERMISSION_NOT_FOUND)
delete_permission_for_group(permission_id, group_id, db_session)
logger.info(LogMsg.END)
return {'result': 'successful'}
def add_users_to_groups(data, db_session, username):
logger.info(LogMsg.START, username)
user = check_user(username, db_session)
schema_validate(data, USER_ADD_SCHEMA_PATH)
logger.debug(LogMsg.SCHEMA_CHECKED)
users = set(data.get('users'))
groups = set(data.get('groups'))
validate_users(users, db_session)
group_entities = validate_groups(groups, db_session)
if username not in ADMINISTRATORS:
permissions, presses = get_user_permissions(username, db_session)
permit = has_permission_or_not(
[Permissions.PERMISSION_GROUP_USER_ADD_PREMIUM], permissions)
if not permit:
press_permit = has_permission_or_not(
[Permissions.PERMISSION_GROUP_USER_ADD_PRESS], permissions)
if not (press_permit
and is_user_group_owner(user.person_id, group_entities)):
logger.error(LogMsg.PERMISSION_DENIED,
{'PERMISSION_GROUP_USER_ADD': username})
raise Http_error(403, Message.ACCESS_DENIED)
final_res = {}
for group_id in groups:
result = []
for user_id in users:
if user_is_in_group(user_id, group_id, db_session):
logger.error(LogMsg.GROUP_USER_IS_IN_GROUP, {
'user_id': user_id,
'group_id': group_id
})
raise Http_error(409, Message.ALREADY_EXISTS)
result.append(
model_to_dict(add(user_id, group_id, db_session, username)))
final_res.update({group_id: result})
logger.info(LogMsg.END)
return final_res
def delete_users_from_groups(data, db_session, username):
logger.info(LogMsg.START, username)
user = check_user(username, db_session)
schema_validate(data, USER_ADD_SCHEMA_PATH)
logger.debug(LogMsg.SCHEMA_CHECKED)
users = set(data.get('users'))
groups = set(data.get('groups'))
validate_users(users, db_session)
group_entities = validate_groups(groups, db_session)
if username not in ADMINISTRATORS:
permissions, presses = get_user_permissions(username, db_session)
permit = has_permission_or_not(
[Permissions.PERMISSION_GROUP_USER_DELETE_PREMIUM], permissions)
if not permit:
press_permit = has_permission_or_not(
[Permissions.PERMISSION_GROUP_USER_DELETE_PRESS], permissions)
if not (press_permit
and is_user_group_owner(user.person_id, group_entities)):
logger.error(LogMsg.PERMISSION_DENIED,
{'PERMISSION_GROUP_USER_ADD': username})
raise Http_error(403, Message.ACCESS_DENIED)
for group_id in groups:
for user_id in users:
if not user_is_in_group(user_id, group_id, db_session):
logger.error(LogMsg.GROUP_USER_NOT_IN_GROUP, {
'user_id': user_id,
'group_id': group_id
})
raise Http_error(404, Message.NOT_IN_GROUP)
delete_user_group(user_id, group_id, db_session)
logger.info(LogMsg.END)
return {'result': 'successful'}