def get(self, resource_id): if not current_token.user_id: return error_response(message='request should be on behalf of a user', code=400) args = parse_json_args(self.get_parser.parse_args(), self.get_payload_json_parse_directives) actions = args['actions'] resource_json = g.objstore_colln.find_one( objstore_helper.resource_selector_doc(resource_id), projection=None ) if not resource_json: return error_response(message='resource not found', code=404) referred_objects_graph = PermissionResolver.get_referred_objects_graph( g.objstore_colln, resource_json, {resource_json['_id']: resource_json}) resolved_permissions = dict( ( action, PermissionResolver.resolve_permission_on_obj_with_referred_graph( resource_json, referred_objects_graph, action, current_token.user_id, current_token.group_ids) ) for action in actions ) return resolved_permissions
def get(self, agent_id): if not current_token.user_id: return error_response( message='request should be on behalf of a user', code=400) args = self.get_parser.parse_args() actions = jsonify_argument(args.get( 'actions', None), key='actions') or list(ObjectPermissions.ACTIONS) check_argument_type(actions, (list, ), key='actions') agent = objstore_helper.get_resource(g.users_colln, agent_id, projection=None) if not agent: return error_response(message='resource not found', code=404) resolved_permissions = dict( (action, PermissionResolver.resolve_permission(agent, action, current_token.user_id, current_token.group_ids, g.users_colln, true_if_none=False)) for action in actions) return resolved_permissions
def get(self, file_id): ool_data = g.objstore_colln.find_one({"_id": file_id}) if ool_data is None: return error_response(message="file not found", code=404) if not PermissionResolver.resolve_permission( ool_data, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.objstore_colln): return error_response(message='permission denied', code=403) namespace = ool_data.get('namespace', None) identifier = ool_data.get('identifier', None) url = ool_data.get('url', None) if None in (namespace, identifier, url): return error_response(message='resource is not ool_data', code=404) if namespace == '_vedavaapi': local_namespace_data = ool_data.get('namespaceData', {}) mimetype = local_namespace_data.get('mimetype', None) print({"mimetype": mimetype}, file=sys.stderr) file_path = os.path.join(g.data_dir_path, identifier.lstrip('/')) if not os.path.isfile(file_path): return error_response(message='no representation available', code=404) file_dir = os.path.dirname(file_path) file_name = os.path.basename(file_path) from flask import send_from_directory return send_from_directory( directory=file_dir, filename=file_name, mimetype=mimetype ) else: return flask.redirect(url)
def get(self, user_id): args = self.get_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) user = JsonObject.make_from_dict( g.users_colln.find_one(user_selector_doc, projection=None)) if user is None: return error_response(message='user not found', code=404) if not PermissionResolver.resolve_permission( user, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) user_json = user.to_json_map() projected_user_json = users_helper.project_user_json( user_json, projection=projection) return projected_user_json
def get(self, group_identifier): args = self.get_parser.parse_args() identifier_type = args.get('identifier_type', '_id') group_selector_doc = self._group_selector_doc(group_identifier, identifier_type) projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) group = JsonObject.make_from_dict( g.users_colln.find_one(group_selector_doc, projection=None)) if group is None: return error_response(message='group not found', code=404) if not PermissionResolver.resolve_permission( group, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) group_json = group.to_json_map() projected_group_json = projection_helper.project_doc( group_json, projection) return projected_group_json
def get(self, user_id): ''' if not current_token.user_id: return error_response() ''' args = self.get_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) groups_projection = jsonify_argument(args.get('groups_projection', None), key='groups_projection') check_argument_type(groups_projection, (dict, ), allow_none=True) _validate_projection(groups_projection) user_json = g.users_colln.find_one(user_selector_doc, projection={ "_id": 1, "permissions": 1 }) if not user_json: return error_response(message='user not found', code=404) if not PermissionResolver.resolve_permission( user_json, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) user_group_jsons = groups_helper.get_user_groups( g.users_colln, user_id, groups_projection=None) permitted_user_group_jsons = [] for group_json in user_group_jsons: if PermissionResolver.resolve_permission(group_json, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): projection_helper.project_doc(group_json, groups_projection, in_place=True) permitted_user_group_jsons.append(group_json) return permitted_user_group_jsons, 200
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids): group = JsonObject.make_from_dict( users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1})) if group is None: raise ObjModelException('group not found', 404) if current_user_id and not PermissionResolver.resolve_permission( group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln): raise ObjModelException('permission denied', 403) update_doc = {"$pull": {"members": {"$in": user_ids}}} response = users_colln.update_one(group_selector_doc, update_doc) return response.modified_count
def get(self, resource_id): args = self.get_parser.parse_args() args = parse_json_args(args, self.get_payload_json_parse_directives) projection = args['projection'] resource_json = g.objstore_colln.find_one( objstore_helper.resource_selector_doc(resource_id), projection=None ) if not resource_json: return error_response(message='resource not found', code=404) if not PermissionResolver.resolve_permission( resource_json, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.objstore_colln): return error_response(message='permission denied', code=403) projection_helper.project_doc(resource_json, projection, in_place=True) return resource_json
def get(self, group_identifier): args = self.get_parser.parse_args() identifier_type = args.get('identifier_type', '_id') # noinspection PyProtectedMember group_selector_doc = GroupResource._group_selector_doc( group_identifier, identifier_type) group = JsonObject.make_from_dict( g.users_colln.find_one(group_selector_doc, projection=None)) if group is None: return error_response(message='group not found', code=404) if not PermissionResolver.resolve_permission( group, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) member_ids = group.members if hasattr(group, 'members') else [] return member_ids
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids): group = JsonObject.make_from_dict( users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1})) if group is None: raise ObjModelException('group not found', 404) if current_user_id and not PermissionResolver.resolve_permission( group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln): raise ObjModelException('permission denied', 403) for user_id in user_ids: from . import users_helper user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1}) if user_json is None: raise ObjModelException('user "{}" not found'.format(user_id), 403) update_doc = {"$addToSet": {"members": {"$each": user_ids}}} response = users_colln.update_one(group_selector_doc, update_doc) return response.modified_count