def get_role_object(self, role_defn): assert isinstance(role_defn, dict) assert role_defn.get("type") == "object.Role" role_name = role_defn.get("name", None) if role_name == None: raise ValueError("Role must have name value.") role_sid = role_defn.get("sid", None) if role_sid == None: raise ValueError("Role must have sid value.") role_item_defns = role_defn.get("role_items", []) role = Role(name=role_name, sid=role_sid) for role_item_defn in role_item_defns: assert isinstance(role_item_defn, dict) check_role_item(role_item_defn) role_item = RoleItem(**role_item_defn) role.role_items.append(role_item) return role
def before_role_insert(object_service, object_name, data, access_type): assert object_name == COSMOS_ROLE_OBJECT_NAME assert isinstance(data, dict) assert access_type == AccessType.INSERT sid = data.get("sid", None) if not sid: data["sid"] = str(uuid.uuid4()) else: sid = sid.strip() data["sid"] = sid if sid != ANONYMOUS_USER_ROLE_SID and sid != LOGGED_IN_USER_ROLE_SID: for role in WELL_KNOWN_ROLES: if role.sid == sid: raise tornado.web.HTTPError( 409, "Conflict: Duplicate role sid") query = {"sid": sid} columns = ["sid"] cursor = object_service.find(SYSTEM_USER, COSMOS_ROLE_OBJECT_NAME, query, columns) if (yield cursor.fetch_next): user = cursor.next_object() if user: raise tornado.web.HTTPError(409, "Conflict: Duplicate role sid") try: role_items = data.get("role_items") if len(role_items) < 1: raise ValueError("Role items can not be empty for a role") for role_item_def in role_items: check_role_item(role_item_def) except ValueError as ve: raise tornado.web.HTTPError(400, ve.message)
def before_role_insert(object_service, object_name, data, access_type): assert object_name == COSMOS_ROLE_OBJECT_NAME assert isinstance(data, dict) assert access_type == AccessType.INSERT sid = data.get("sid", None) if not sid: data["sid"] = str(uuid.uuid4()) else: sid = sid.strip() data["sid"] = sid if sid != ANONYMOUS_USER_ROLE_SID and sid != LOGGED_IN_USER_ROLE_SID: for role in WELL_KNOWN_ROLES: if role.sid == sid: raise tornado.web.HTTPError(409, "Conflict: Duplicate role sid") query = {"sid": sid} columns=["sid"] cursor = object_service.find(SYSTEM_USER, COSMOS_ROLE_OBJECT_NAME, query, columns) if(yield cursor.fetch_next): user = cursor.next_object() if user: raise tornado.web.HTTPError(409, "Conflict: Duplicate role sid") try: role_items = data.get("role_items") if len(role_items) < 1: raise ValueError("Role items can not be empty for a role") for role_item_def in role_items: check_role_item(role_item_def) except ValueError as ve: raise tornado.web.HTTPError(400, ve.message)