def permissions_index(id):
collection = get_db_collection(id, request.authz.WRITE)
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role': role
})
return jsonify({
'total': len(permissions),
'results': PermissionSchema().dump(permissions, many=True)
})
def permissions_index(collection):
request.authz.require(request.authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
permissions = []
roles_seen = set()
for permission in q.all():
if check_visible(permission.role):
permissions.append(permission)
roles_seen.add(permission.role.id)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in Role.all_groups():
if check_visible(role):
if role.id not in roles_seen:
roles_seen.add(role.id)
permissions.append({
'write': False,
'read': False,
'role': role,
'role_id': role.id
})
return jsonify({'total': len(permissions), 'results': permissions})
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
roles = Role.all_groups(request.authz).all()
if request.authz.is_admin:
roles.extend(Role.all_system())
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({'total': len(permissions), 'results': permissions})
def index():
require(request.authz.logged_in)
q = Role.all_groups(request.authz)
return jsonify({
'total': q.count(),
'results': RoleSerializer().serialize_many(q.all())
})
def index():
"""
---
get:
summary: List groups
description: >-
Get the list of groups the user belongs to. Groups are used for
authorization.
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
require(request.authz.logged_in)
q = Role.all_groups(request.authz)
return jsonify(
{"total": q.count(), "results": RoleSerializer().serialize_many(q.all())}
)
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
record_audit(Audit.ACT_COLLECTION, id=id)
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({
'total': len(permissions),
'results': permissions
})
def update_role(role):
"""Synchronize denormalised role configuration."""
db.session.flush()
for group in Role.all_groups():
Subscription.unsubscribe(role=role, channel=channel(group))
Subscription.subscribe(role, channel(role))
Subscription.subscribe(role, Notification.GLOBAL)
for group in role.roles:
Subscription.subscribe(role, channel(group))
def update_subscriptions(role_id):
role = Role.by_id(role_id, deleted=True)
if role is None:
return
Subscription.unsubscribe(role=role, channel=channel(role))
for group in Role.all_groups():
Subscription.unsubscribe(role=role, channel=channel(group))
if role.deleted_at is None and role.type == Role.USER:
Subscription.subscribe(role, channel(role))
Subscription.subscribe(role, Notification.GLOBAL)
for group in role.roles:
Subscription.subscribe(role, channel(group))
db.session.commit()
def update_role(role):
"""Synchronize denormalised role configuration."""
db.session.flush()
log.info("Updating: %r", role)
Subscription.unsubscribe(role=role, channel=channel(role))
for group in Role.all_groups():
Subscription.unsubscribe(role=role, channel=channel(group))
if role.deleted_at is None and role.type == Role.USER:
Subscription.subscribe(role, channel(role))
Subscription.subscribe(role, Notification.GLOBAL)
for group in role.roles:
Subscription.subscribe(role, channel(group))
db.session.commit()
def index(collection_id):
"""
---
get:
summary: Get permissions for a collection
description: >-
Get the list of all permissions for the collection with id
`collection_id`
parameters:
- in: path
name: collection_id
required: true
schema:
type: integer
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Permission'
tags:
- Permission
- Collection
"""
collection = get_db_collection(collection_id, request.authz.WRITE)
roles = Role.all_groups(request.authz).all()
if request.authz.is_admin:
roles.extend(Role.all_system())
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
"collection_id": collection.id,
"write": False,
"read": False,
"role_id": str(role.id),
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({"total": len(permissions), "results": permissions})
