def _update_for_post(self, actor, obj, user):
if obj is None:
return
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
if isinstance(obj, Document) and repository.has_access(user, obj):
self.new_documents.append(obj)
elif isinstance(obj, WikiPage):
self.new_wiki_pages.append(obj)
elif isinstance(obj, Thread):
self.new_conversations.append(obj)
elif isinstance(obj, Post):
if obj.thread.id not in self.seen_entities:
# save actor and oldest/first modified Post in thread
# oldest post because Activities are ordered_by
# Asc(A.happened_at)
self.updated_conversations[obj.thread] = {
"actors": [actor],
"post": obj,
}
# Mark this post's Thread as seen to avoid duplicates
self.seen_entities.add(obj.thread.id)
elif obj.thread not in self.new_conversations:
# this post's Thread has already been seen in another Activity
# exclude it to avoid duplicates but save the Post's actor
self.updated_conversations[obj.thread]["actors"].append(actor)
def _update_for_post(self, actor, obj, user):
if obj is None:
return
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
if isinstance(obj, Document) and repository.has_access(user, obj):
self.new_documents.append(obj)
elif isinstance(obj, WikiPage):
self.new_wiki_pages.append(obj)
elif isinstance(obj, Thread):
self.new_conversations.append(obj)
elif isinstance(obj, Post):
if obj.thread.id not in self.seen_entities:
# save actor and oldest/first modified Post in thread
# oldest post because Activities are ordered_by
# Asc(A.happened_at)
self.updated_conversations[obj.thread] = {
"actors": [actor],
"post": obj,
}
# Mark this post's Thread as seen to avoid duplicates
self.seen_entities.add(obj.thread.id)
elif obj.thread not in self.new_conversations:
# this post's Thread has already been seen in another Activity
# exclude it to avoid duplicates but save the Post's actor
self.updated_conversations[obj.thread]["actors"].append(actor)
def check_read_access(obj):
"""Checks the current user has appropriate read access on the given object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have read access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return True
if security.has_role(current_user, Admin):
return True
if repository.has_access(current_user, obj):
return True
raise Forbidden()
def check_read_access(obj):
"""Checks the current user has appropriate read access on the given object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have read access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return True
if security.has_role(current_user, Admin):
return True
if repository.has_access(current_user, obj):
return True
raise Forbidden()
def check_manage_access(obj):
"""Checks the current user has appropriate manage access on the given
object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have manage access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return
if security.has_role(current_user, Admin):
return
if repository.has_access(current_user, obj) and repository.has_permission(
current_user, MANAGE, obj):
return
raise Forbidden()
def check_manage_access(obj):
"""Checks the current user has appropriate manage access on the given
object.
Will raise appropriates errors in case the object doesn't exist
(404), or the current user doesn't have manage access on the object
(403).
"""
if not obj:
raise NotFound()
if not security.running:
return
if security.has_role(current_user, Admin):
return
if repository.has_access(current_user, obj) and repository.has_permission(
current_user, MANAGE, obj
):
return
raise Forbidden()
def _update_for_update(self, actor, obj, user):
if obj is None:
return
# special case for Wikipage, we want to know each updater
if isinstance(obj, WikiPage):
if obj in self.updated_wiki_pages:
page = self.updated_wiki_pages[obj]
if actor in page:
page[actor] += 1
else:
page[actor] = 1
else:
self.updated_wiki_pages[obj] = {actor: 1}
# fast return for all other objects
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
# all objects here need to be accounted only once
if isinstance(obj, Document) and repository.has_access(user, obj):
self.updated_documents.append(obj)
def _update_for_update(self, actor, obj, user):
if obj is None:
return
# special case for Wikipage, we want to know each updater
if isinstance(obj, WikiPage):
if obj in self.updated_wiki_pages:
page = self.updated_wiki_pages[obj]
if actor in page:
page[actor] += 1
else:
page[actor] = 1
else:
self.updated_wiki_pages[obj] = {actor: 1}
# fast return for all other objects
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
# all objects here need to be accounted only once
if isinstance(obj, Document) and repository.has_access(user, obj):
self.updated_documents.append(obj)
def update_from_activity(self, activity, user):
actor = activity.actor
obj = activity.object
# TODO ?
#target = activity.target
if activity.verb == 'join':
self.new_members.append(actor)
elif activity.verb == 'post':
if obj is None:
return
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
if isinstance(obj, Document) and repository.has_access(user, obj):
self.new_documents.append(obj)
elif isinstance(obj, WikiPage):
self.new_wiki_pages.append(obj)
elif isinstance(obj, Thread):
self.new_conversations.append(obj)
elif isinstance(obj, Post):
if obj.thread.id not in self.seen_entities:
# save actor and oldest/first modified Post in thread
# oldest post because Activities are ordered_by Asc(A.happened_at)
self.updated_conversations[obj.thread] = {
'actors': [actor],
'post': obj
}
# Mark this post's Thread as seen to avoid duplicates
self.seen_entities.add(obj.thread.id)
elif obj.thread not in self.new_conversations:
# this post's Thread has already been seen in another Activity
# exclude it to avoid duplicates but save the Post's actor
self.updated_conversations[obj.thread]['actors'].append(
actor)
elif activity.verb == 'update':
if obj is None:
return
# special case for Wikipage, we want to know each updater
if isinstance(obj, WikiPage):
if obj in self.updated_wiki_pages:
page = self.updated_wiki_pages[obj]
if actor in page:
page[actor] += 1
else:
page[actor] = 1
else:
self.updated_wiki_pages[obj] = {actor: 1}
# fast return for all other objects
if obj.id in self.seen_entities:
return
self.seen_entities.add(obj.id)
# all objects here need to be accounted only once
if isinstance(obj, Document) and repository.has_access(user, obj):
self.updated_documents.append(obj)
def permissions(folder_id):
folder = get_folder(folder_id)
check_manage_access(folder)
bc = breadcrumbs_for(folder)
actions.context["object"] = folder
local_roles_assignments = folder.get_local_roles_assignments()
principals = {p for p, r in local_roles_assignments}
security._fill_role_cache_batch(principals)
users_and_local_roles = [
(user, role, repository.has_access(user, folder))
for user, role in local_roles_assignments
if isinstance(user, User)
]
groups_and_local_roles = [
t for t in local_roles_assignments if isinstance(t[0], Group)
]
users_and_inherited_roles = groups_and_inherited_roles = ()
if folder.inherit_security:
inherited_roles_assignments = folder.get_inherited_roles_assignments()
users_and_inherited_roles = [
(user, role, False)
for user, role in inherited_roles_assignments
if isinstance(user, User)
]
groups_and_inherited_roles = [
t for t in inherited_roles_assignments if isinstance(t[0], Group)
]
query = Group.query
query = query.order_by(func.lower(Group.name))
all_groups = query.all()
class EntryPresenter:
_USER_FMT = (
'<a href="{{ url_for("social.user", user_id=user.id) }}">'
"{{ user.name }}</a>"
)
_GROUP_FMT = (
'<a href="{{ url_for("social.group_home", group_id=group.id)'
' }}">{{ group.name }}</a>'
)
def __init__(self, e):
render = render_template_string
self.entry = e
self.date = e.happened_at.strftime("%Y-%m-%d %H:%M")
self.manager = render(
'<img src="{{ user_photo_url(e.manager, size=16) }}" alt="" />'
'<a href="{{ url_for("social.user", user_id=e.manager_id) }}">'
"{{ e.manager.name }}</a>",
e=e,
)
if e.op == e.SET_INHERIT:
msg = _("On {date}, {manager} has activated inheritance")
elif e.op == e.UNSET_INHERIT:
msg = _("On {date}, {manager} has deactivated inheritance")
elif e.op == e.GRANT:
msg = _('On {date}, {manager} has given role "{role}" to {principal}')
elif e.op == e.REVOKE:
msg = _(
'On {date}, {manager} has revoked role "{role}" from ' "{principal}"
)
else:
raise Exception("Unknown audit entry type %s" % e.op)
principal = ""
if self.entry.user:
principal = render(self._USER_FMT, user=self.entry.user)
elif self.entry.group:
principal = render(self._GROUP_FMT, group=self.entry.group)
self.msg = Markup(
msg.format(
date=self.date,
manager=self.manager,
role=self.entry.role,
principal=principal,
)
)
audit_entries = [EntryPresenter(e) for e in security.entries_for(folder)]
ctx = {
"folder": folder,
"users_and_local_roles": users_and_local_roles,
"users_and_inherited_roles": users_and_inherited_roles,
"groups_and_local_roles": groups_and_local_roles,
"groups_and_inherited_roles": groups_and_inherited_roles,
"audit_entries": audit_entries,
"all_groups": all_groups,
"breadcrumbs": bc,
}
return render_template("documents/permissions.html", **ctx)
def permissions(folder_id):
folder = get_folder(folder_id)
check_manage_access(folder)
bc = breadcrumbs_for(folder)
actions.context["object"] = folder
local_roles_assignments = folder.get_local_roles_assignments()
principals = {p for p, r in local_roles_assignments}
security._fill_role_cache_batch(principals)
users_and_local_roles = [(user, role, repository.has_access(user, folder))
for user, role in local_roles_assignments
if isinstance(user, User)]
groups_and_local_roles = [
t for t in local_roles_assignments if isinstance(t[0], Group)
]
users_and_inherited_roles = groups_and_inherited_roles = ()
if folder.inherit_security:
inherited_roles_assignments = folder.get_inherited_roles_assignments()
users_and_inherited_roles = [
(user, role, False) for user, role in inherited_roles_assignments
if isinstance(user, User)
]
groups_and_inherited_roles = [
t for t in inherited_roles_assignments if isinstance(t[0], Group)
]
query = Group.query
query = query.order_by(func.lower(Group.name))
all_groups = query.all()
class EntryPresenter(object):
_USER_FMT = ('<a href="{{ url_for("social.user", user_id=user.id) }}">'
"{{ user.name }}</a>")
_GROUP_FMT = (
'<a href="{{ url_for("social.group_home", group_id=group.id)'
' }}">{{ group.name }}</a>')
def __init__(self, e):
render = render_template_string
self.entry = e
self.date = e.happened_at.strftime("%Y-%m-%d %H:%M")
self.manager = render(
'<img src="{{ user_photo_url(e.manager, size=16) }}" alt="" />'
'<a href="{{ url_for("social.user", user_id=e.manager_id) }}">'
"{{ e.manager.name }}</a>",
e=e,
)
if e.op == e.SET_INHERIT:
msg = _("On {date}, {manager} has activated inheritance")
elif e.op == e.UNSET_INHERIT:
msg = _("On {date}, {manager} has deactivated inheritance")
elif e.op == e.GRANT:
msg = _(
'On {date}, {manager} has given role "{role}" to {principal}'
)
elif e.op == e.REVOKE:
msg = _('On {date}, {manager} has revoked role "{role}" from '
"{principal}")
else:
raise Exception("Unknown audit entry type %s" % e.op)
principal = ""
if self.entry.user:
principal = render(self._USER_FMT, user=self.entry.user)
elif self.entry.group:
principal = render(self._GROUP_FMT, group=self.entry.group)
self.msg = Markup(
msg.format(
date=self.date,
manager=self.manager,
role=self.entry.role,
principal=principal,
))
audit_entries = [EntryPresenter(e) for e in security.entries_for(folder)]
ctx = {
"folder": folder,
"users_and_local_roles": users_and_local_roles,
"users_and_inherited_roles": users_and_inherited_roles,
"groups_and_local_roles": groups_and_local_roles,
"groups_and_inherited_roles": groups_and_inherited_roles,
"audit_entries": audit_entries,
"all_groups": all_groups,
"breadcrumbs": bc,
}
return render_template("documents/permissions.html", **ctx)