def permissions_index(id): collection = get_db_collection(id, request.authz.WRITE) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role': role }) return jsonify({ 'total': len(permissions), 'results': PermissionSchema().dump(permissions, many=True) })
def permissions_index(collection): request.authz.require(request.authz.collection_write(collection)) q = Permission.all() q = q.filter(Permission.collection_id == collection) permissions = [] roles_seen = set() for permission in q.all(): if check_visible(permission.role): permissions.append(permission) roles_seen.add(permission.role.id) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in Role.all_groups(): if check_visible(role): if role.id not in roles_seen: roles_seen.add(role.id) permissions.append({ 'write': False, 'read': False, 'role': role, 'role_id': role.id }) return jsonify({'total': len(permissions), 'results': permissions})
def index(id): collection = get_db_collection(id, request.authz.WRITE) roles = Role.all_groups(request.authz).all() if request.authz.is_admin: roles.extend(Role.all_system()) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({'total': len(permissions), 'results': permissions})
def index(): require(request.authz.logged_in) q = Role.all_groups(request.authz) return jsonify({ 'total': q.count(), 'results': RoleSerializer().serialize_many(q.all()) })
def index(): """ --- get: summary: List groups description: >- Get the list of groups the user belongs to. Groups are used for authorization. responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Role' tags: - Role """ require(request.authz.logged_in) q = Role.all_groups(request.authz) return jsonify( {"total": q.count(), "results": RoleSerializer().serialize_many(q.all())} )
def index(id): collection = get_db_collection(id, request.authz.WRITE) record_audit(Audit.ACT_COLLECTION, id=id) roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({ 'total': len(permissions), 'results': permissions })
def update_role(role): """Synchronize denormalised role configuration.""" db.session.flush() for group in Role.all_groups(): Subscription.unsubscribe(role=role, channel=channel(group)) Subscription.subscribe(role, channel(role)) Subscription.subscribe(role, Notification.GLOBAL) for group in role.roles: Subscription.subscribe(role, channel(group))
def update_subscriptions(role_id): role = Role.by_id(role_id, deleted=True) if role is None: return Subscription.unsubscribe(role=role, channel=channel(role)) for group in Role.all_groups(): Subscription.unsubscribe(role=role, channel=channel(group)) if role.deleted_at is None and role.type == Role.USER: Subscription.subscribe(role, channel(role)) Subscription.subscribe(role, Notification.GLOBAL) for group in role.roles: Subscription.subscribe(role, channel(group)) db.session.commit()
def update_role(role): """Synchronize denormalised role configuration.""" db.session.flush() log.info("Updating: %r", role) Subscription.unsubscribe(role=role, channel=channel(role)) for group in Role.all_groups(): Subscription.unsubscribe(role=role, channel=channel(group)) if role.deleted_at is None and role.type == Role.USER: Subscription.subscribe(role, channel(role)) Subscription.subscribe(role, Notification.GLOBAL) for group in role.roles: Subscription.subscribe(role, channel(group)) db.session.commit()
def index(collection_id): """ --- get: summary: Get permissions for a collection description: >- Get the list of all permissions for the collection with id `collection_id` parameters: - in: path name: collection_id required: true schema: type: integer responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Permission' tags: - Permission - Collection """ collection = get_db_collection(collection_id, request.authz.WRITE) roles = Role.all_groups(request.authz).all() if request.authz.is_admin: roles.extend(Role.all_system()) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ "collection_id": collection.id, "write": False, "read": False, "role_id": str(role.id), }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({"total": len(permissions), "results": permissions})