예제 #1
0
def index(request, obj_id):
    aclbase_obj, error = get_obj_with_check_perm(request.user, ACLBase, obj_id, ACLType.Full)
    if error:
        return error
    target_obj = aclbase_obj.get_subclass_object()

    # Some type of objects needs object that refers target_obj (e.g. Attribute)
    # for showing breadcrumb navigation.
    parent_obj = None
    try:
        if isinstance(target_obj, Attribute):
            parent_obj = target_obj.parent_entry
        elif isinstance(target_obj, EntityAttr):
            parent_obj = target_obj.parent_entity
    except StopIteration:
        Logger.warning("failed to get related parent object")

    context = {
        "object": target_obj,
        "parent": parent_obj,
        "acltypes": [{"id": x.id, "name": x.label} for x in ACLType.all()],
        "roles": [
            {
                "id": x.id,
                "name": x.name,
                "description": x.description,
                "current_permission": x.get_current_permission(target_obj),
            }
            for x in Role.objects.filter(is_active=True)
            if request.user.is_superuser or x.is_belonged_to(request.user)
        ],
    }
    return render(request, "edit_acl.html", context)
예제 #2
0
def _set_permission(role, acl_obj, acl_type):
    # clear unset permissions of target ACLbased object
    for _acltype in ACLType.all():
        if _acltype != acl_type and _acltype != ACLType.Nothing:
            role.permissions.remove(getattr(acl_obj, _acltype.name))

    # set new permissoin to be specified except for 'Nothing' permission
    if acl_type != ACLType.Nothing:
        role.permissions.add(getattr(acl_obj, acl_type.name))
예제 #3
0
파일: views.py 프로젝트: nakacya/airone 
def set(request, recv_data):
    user = User.objects.get(id=request.user.id)
    acl_obj = getattr(_get_acl_model(recv_data['object_type']),
                      'objects').get(id=recv_data['object_id'])

    if not user.has_permission(acl_obj, ACLType.Full):
        return HttpResponse(
            "User(%s) doesn't have permission to change this ACL" %
            user.username,
            status=400)

    if not user.may_permitted(
            acl_obj, ACLType.Full, **{
                'is_public': True if 'is_public' in recv_data else False,
                'default_permission': int(recv_data['default_permission']),
                'acl_settings': recv_data['acl']
            }):
        return HttpResponse(
            "Inadmissible setting. By this change you will never change this ACL",
            status=400)

    acl_obj.is_public = False
    if 'is_public' in recv_data:
        acl_obj.is_public = True

    acl_obj.default_permission = int(recv_data['default_permission'])

    # update the Public/Private flag parameter
    acl_obj.save()

    for acl_data in [x for x in recv_data['acl'] if x['value']]:
        if acl_data['member_type'] == 'user':
            member = User.objects.get(id=acl_data['member_id'])
        else:
            member = Group.objects.get(id=acl_data['member_id'])

        acl_type = [x for x in ACLType.all() if x == int(acl_data['value'])][0]

        # update permissios for the target ACLBased object
        _set_permission(member, acl_obj, acl_type)

    redirect_url = '/'
    if isinstance(acl_obj, Entity):
        redirect_url = '/entity/'
    elif isinstance(acl_obj, EntityAttr):
        redirect_url = '/entity/edit/%s' % acl_obj.parent_entity.id
    elif isinstance(acl_obj, Entry):
        redirect_url = '/entry/show/%s' % acl_obj.id
    elif isinstance(acl_obj, Attribute):
        redirect_url = '/entry/edit/%s' % acl_obj.parent_entry.id

    return JsonResponse({
        'redirect_url': redirect_url,
        'msg': 'Success to update ACL of "%s"' % acl_obj.name,
    })
예제 #4
0
def index(request, obj_id):
    user = User.objects.get(id=request.user.id)
    aclbase_obj, error = get_object_with_check_permission(
        user, ACLBase, obj_id, ACLType.Full)
    if error:
        return error
    target_obj = aclbase_obj.get_subclass_object()

    # get ACLTypeID of target_obj if a permission is set
    def get_current_permission(member):
        permissions = [
            x for x in member.permissions.all()
            if x.get_objid() == target_obj.id
        ]
        if permissions:
            return permissions[0].get_aclid()
        else:
            return 0

    # Some type of objects needs object that refers target_obj (e.g. Attribute)
    # for showing breadcrumb navigation.
    parent_obj = None
    try:
        if isinstance(target_obj, Attribute):
            parent_obj = target_obj.parent_entry
        elif isinstance(target_obj, EntityAttr):
            parent_obj = target_obj.parent_entity
    except StopIteration:
        Logger.warning('failed to get related parent object')

    context = {
        'object':
        target_obj,
        'parent':
        parent_obj,
        'acltypes': [{
            'id': x.id,
            'name': x.label
        } for x in ACLType.all()],
        'members': [{
            'id': x.id,
            'name': x.username,
            'current_permission': get_current_permission(x),
            'type': 'user'
        } for x in User.objects.filter(is_active=True)] +
        [{
            'id': x.id,
            'name': x.name,
            'current_permission': get_current_permission(x),
            'type': 'group'
        } for x in Group.objects.filter(is_active=True)]
    }
    return render(request, 'edit_acl.html', context)
예제 #5
0
    def update(self, instance, validated_data):
        acl_obj = getattr(self._get_acl_model(validated_data["objtype"]),
                          "objects").get(id=instance.id)
        acl_obj.is_public = validated_data["is_public"]
        acl_obj.default_permission = validated_data["default_permission"]
        acl_obj.save()

        for item in [x for x in validated_data["acl"] if x["value"]]:
            role = Role.objects.get(id=item["member_id"])
            acl_type = [x for x in ACLType.all() if x == int(item["value"])][0]

            # update permissios for the target ACLBased object
            self._set_permission(role, acl_obj, acl_type)

        return acl_obj
예제 #6
0
    def update(self, instance, validated_data):
        acl_obj = getattr(self._get_acl_model(validated_data['objtype']),
                          'objects').get(id=instance.id)
        acl_obj.is_public = validated_data['is_public']
        acl_obj.default_permission = validated_data['default_permission']
        acl_obj.save()

        for item in [x for x in validated_data['acl'] if x['value']]:
            if item['member_type'] == 'user':
                member = User.objects.get(id=item['member_id'])
            else:
                member = Group.objects.get(id=item['member_id'])
            acl_type = [x for x in ACLType.all() if x == int(item['value'])][0]

            # update permissios for the target ACLBased object
            self._set_permission(member, acl_obj, acl_type)

        return acl_obj
예제 #7
0
파일: models.py 프로젝트: takano32/airone 
def _get_objid(permission):
    if not any([permission.name == x.name for x in ACLType.all()]):
        return 0
    return int(permission.codename.split(".")[0])
예제 #8
0
def set(request, recv_data):
    acl_obj = getattr(_get_acl_model(recv_data["object_type"]), "objects").get(
        id=recv_data["object_id"]
    )

    # This checks that user currently has permission to change it
    if not request.user.has_permission(acl_obj, ACLType.Full):
        return HttpResponse(
            "User(%s) doesn't have permission to change this ACL" % request.user.username,
            status=400,
        )

    # This checks that user will have permission as user specifies by this change
    # (NOTE: this processing is completely different from above permissoin check)
    if not request.user.is_permitted_to_change(
        **{
            "target_obj": acl_obj,
            "expected_permission": ACLType.Full,
            "will_be_public": recv_data.get("is_public", False),
            "default_permission": int(recv_data["default_permission"]),
            "acl_settings": [
                {
                    "role": Role.objects.filter(id=x["role_id"], is_active=True).first(),
                    "value": int(x["value"]),
                }
                for x in recv_data["acl"]
            ],
        }
    ):
        return HttpResponse(
            "Inadmissible setting. By this change you will never change this ACL", status=400
        )

    acl_obj.is_public = bool(recv_data.get("is_public", False))
    acl_obj.default_permission = int(recv_data["default_permission"])

    # update the Public/Private flag parameter
    acl_obj.save()

    for acl_data in [x for x in recv_data["acl"] if x["value"]]:
        role = Role.objects.get(id=acl_data["role_id"])
        acl_type = [x for x in ACLType.all() if x == int(acl_data["value"])][0]

        # update permissios for the target ACLBased object
        _set_permission(role, acl_obj, acl_type)

    redirect_url = "/"
    if isinstance(acl_obj, Entity):
        redirect_url = "/entity/"
    elif isinstance(acl_obj, EntityAttr):
        redirect_url = "/entity/edit/%s" % acl_obj.parent_entity.id
    elif isinstance(acl_obj, Entry):
        redirect_url = "/entry/show/%s" % acl_obj.id
    elif isinstance(acl_obj, Attribute):
        redirect_url = "/entry/edit/%s" % acl_obj.parent_entry.id

    if isinstance(acl_obj, Attribute):
        acl_obj = acl_obj.parent_entry

    if isinstance(acl_obj, Entry):
        acl_obj.register_es()

    return JsonResponse(
        {
            "redirect_url": redirect_url,
            "msg": 'Success to update ACL of "%s"' % acl_obj.name,
        }
    )
예제 #9
0
        {"name": "object_type", "type": str, "checker": lambda x: x["object_type"]},
        {
            "name": "acl",
            "type": list,
            "meta": [
                {
                    "name": "role_id",
                    "type": str,
                    "checker": lambda x: Role.objects.filter(
                        id=x["role_id"], is_active=True
                    ).exists(),
                },
                {
                    "name": "value",
                    "type": (str, type(None)),
                    "checker": lambda x: [y for y in ACLType.all() if int(x["value"]) == y],
                },
            ],
        },
        {
            "name": "default_permission",
            "type": str,
            "checker": lambda x: any([y == int(x["default_permission"]) for y in ACLType.all()]),
        },
    ]
)
def set(request, recv_data):
    acl_obj = getattr(_get_acl_model(recv_data["object_type"]), "objects").get(
        id=recv_data["object_id"]
    )
예제 #10
0
 def validate_default_permission(self, default_permission: int):
     return default_permission in ACLType.all()
예제 #11
0
 def get_acltypes(self, obj: ACLBase) -> List[Dict[str, Any]]:
     return [{"id": x.id, "name": x.label} for x in ACLType.all()]
예제 #12
0
 def validate_default_permission(self, default_permission: int):
     if default_permission not in ACLType.all():
         raise ValidationError("invalid default_permission parameter")
     return default_permission
예제 #13
0
파일: views.py 프로젝트: nakacya/airone 
                'name':
                'member_id',
                'type':
                str,
                'checker':
                lambda x: any([
                    k.objects.filter(id=x['member_id']).exists()
                    for k in [User, Group]
                ])
            },
            {
                'name':
                'value',
                'type': (str, type(None)),
                'checker':
                lambda x: [y for y in ACLType.all() if int(x['value']) == y]
            },
        ]
    },
    {
        'name':
        'default_permission',
        'type':
        str,
        'checker':
        lambda x: any(
            [y == int(x['default_permission']) for y in ACLType.all()])
    },
])
def set(request, recv_data):
    user = User.objects.get(id=request.user.id)
예제 #14
0
파일: views.py 프로젝트: takano32/airone 
        "meta": [
            {
                "name":
                "role_id",
                "type":
                str,
                "checker":
                lambda x: Role.objects.filter(id=x["role_id"], is_active=True).
                exists(),
            },
            {
                "name":
                "value",
                "type": (str, type(None)),
                "checker":
                lambda x: [y for y in ACLType.all() if int(x["value"]) == y],
            },
        ],
    },
    {
        "name":
        "default_permission",
        "type":
        str,
        "checker":
        lambda x: any(
            [y == int(x["default_permission"]) for y in ACLType.all()]),
    },
])
def set(request, recv_data):
    acl_obj = getattr(_get_acl_model(recv_data["object_type"]),
예제 #15
0
파일: models.py 프로젝트: syucream/airone 
def _get_acltype(permission):
    if not any([permission.name == x.name for x in ACLType.all()]):
        return 0
    return int(permission.codename.split('.')[-1])