def put_global_roles_for_user(request):
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
session = User.db()
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
roles = set(session.query(Role).filter(Role.name.in_(data)).all())
data = set(data)
if len(roles) != len(data):
raise HTTPBadRequest("Not valid roles: %s" % (repr(
data - set((p.name for p in roles))),))
known_gu_roles = session.query(UserRole).join(Role).filter(
user=user).all()
gur_by_role = {gur.role.name: gur for gur in known_gu_roles}
known_roles = set(gur_by_role.keys())
for role in known_roles - roles:
session.query.delete(gur_by_role[role])
for role in roles - known_roles:
session.add(UserRole(user=user, role=role))
return {"added": list(roles - known_roles),
"removed": list(known_roles - roles)}
def put_discussion_roles_for_user(request):
discussion = request.context
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
session = Discussion.default_db
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
roles = set(session.query(Role).filter(Role.name.in_(data)).all())
data = set(data)
if len(roles) != len(data):
raise HTTPBadRequest("Not valid roles: %s" % (repr(
data - set((p.name for p in roles))),))
known_lu_roles = session.query(LocalUserRole).join(Role).filter(
user=user, discussion=discussion).all()
lur_by_role = {lur.role.name: lur for lur in known_lu_roles}
known_roles = set(lur_by_role.keys())
for role in known_roles - roles:
session.query.delete(lur_by_role[role])
for role in roles - known_roles:
session.add(LocalUserRole(
user=user, role=role, discussion=discussion))
return {"added": list(roles - known_roles),
"removed": list(known_roles - roles)}
def put_discussion_roles_for_user(request):
discussion_id = request.matchdict['discussion_id']
user_id = request.matchdict['user_id']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
session = Discussion.db()
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
roles = set(session.query(Role).filter(name in data).all())
data = set(data)
if len(roles) != len(data):
raise HTTPBadRequest("Not valid roles: %s" % (repr(
data - set((p.name for p in roles))),))
known_lu_roles = session.query(LocalUserRole).join(Role).filter(
user=user, discussion=discussion).all()
lur_by_role = {lur.role.name: lur for lur in known_lu_roles}
known_roles = set(lur_by_role.keys())
for role in known_roles - roles:
session.query.delete(lur_by_role(role))
for role in roles - known_roles:
session.add(LocalUserRole(
user=user, role=role, discussion=discussion))
return {"added": list(roles - known_roles),
"removed": list(known_roles - roles)}
def get_global_roles_for_user(request):
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
rolenames = User.default_db.query(Role.name).join(
UserRole).filter(UserRole.user == user)
return [x[0] for x in rolenames]
def get_global_roles_for_user(request):
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
rolenames = User.db.query(Role.name).join(
UserRole).filter(UserRole.user == user)
return [x[0] for x in rolenames]
def add_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
discussion = Discussion.get(discussion_id)
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
if "discussion" not in json:
json["discussion"] = Discussion.uri_generic(discussion_id)
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
req_user = User.get_instance(requested_user)
if not discussion.check_authorized_email(req_user):
raise HTTPForbidden()
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
try:
instances = ctx.create_object("LocalUserRole", json, user_id)
except HTTPClientError as e:
raise e
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# Side effect: materialize subscriptions.
if not first.requested:
# relationship may not be initialized
user = first.user or User.get(first.user_id)
user.get_notification_subscriptions(discussion_id, True)
# Update the user's AgentStatusInDiscussion
user.update_agent_status_subscribe(discussion)
view = request.GET.get('view', None) or 'default'
permissions = get_permissions(
user_id, ctx.get_discussion_id())
return CreationResponse(first, user_id, permissions, view)
def get_user_has_permission(request):
discussion = request.context
user_id = request.matchdict['user_id']
permission = request.matchdict['permission']
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
user_id = user.id
return a_user_has_permission(discussion.id, user_id, permission)
def add_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
discussion = Discussion.get(discussion_id)
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
if "discussion" not in json:
json["discussion"] = Discussion.uri_generic(discussion_id)
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
req_user = User.get_instance(requested_user)
if not discussion.check_authorized_email(req_user):
raise HTTPForbidden()
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
try:
instances = ctx.create_object("LocalUserRole", json, user_id)
except HTTPClientError as e:
raise e
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# Side effect: materialize subscriptions.
if not first.requested:
# relationship may not be initialized
user = first.user or User.get(first.user_id)
user.get_notification_subscriptions(discussion_id, True)
# Update the user's AgentStatusInDiscussion
user.update_agent_status_subscribe(discussion)
view = request.GET.get('view', None) or 'default'
permissions = get_permissions(user_id, ctx.get_discussion_id())
return CreationResponse(first, user_id, permissions, view)
def get_discussion_roles_for_user(request):
discussion = request.context
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
session = Discussion.default_db
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id,))
rolenames = session.query(Role.name).join(
LocalUserRole).filter(LocalUserRole.user == user,
LocalUserRole.discussion_id == discussion.id)
return [x[0] for x in rolenames]
def get_permissions_for_user(request):
discussion_id = request.matchdict['discussion_id']
user_id = request.matchdict['user_id']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
return a_permissions_for_user(discussion_id, user_id)
def get_discussion_roles_for_user(request):
discussion_id = int(request.matchdict['discussion_id'])
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
session = Discussion.db()
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id,))
rolenames = session.query(Role.name).join(
LocalUserRole).filter(LocalUserRole.user == user,
LocalUserRole.discussion_id == discussion_id)
return [x[0] for x in rolenames]
def get_permissions_for_user(request):
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, ))
user_id = request.matchdict['user_id']
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id, ))
user_id = user.id
return get_permissions(user_id, discussion_id)
def get_user_has_permission(request):
discussion_id = int(request.matchdict['discussion_id'])
user_id = request.matchdict['user_id']
permission = request.matchdict['permission']
discussion = Discussion.get_instance(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id,))
if user_id not in (Authenticated, Everyone):
user = User.get_instance(user_id)
if not user:
raise HTTPNotFound("User id %s does not exist" % (user_id,))
user_id = user.id
return a_user_has_permission(discussion_id, user_id, permission)
def get_all_roles_for_user(request):
discussion = request.context
user_id = request.matchdict['user_id']
user = User.get_instance(user_id)
db = Discussion.default_db
if not user:
raise HTTPNotFound("User id %d does not exist" % (user_id,))
rolenames = db.query(Role.name
).join(LocalUserRole
).filter(LocalUserRole.user == user,
LocalUserRole.discussion_id == discussion.id
).union(db.query(Role.name).join(
UserRole).filter(UserRole.user == user)).distinct()
return [x for (x,) in rolenames]
