def run(): namespaces = SecureNamespaceAPI(session.auth.user) try: result = namespaces.get([path], withDescriptions=returnDescription, withNamespaces=returnNamespaces, withTags=returnTags) except UnknownPathError as error: unknownPath = error.paths.pop() raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(path_, category, action) if not result: raise TNonexistentNamespace(path.encode('utf-8')) else: namespace = TNamespace() namespace.objectId = str(result[path]['id']) namespace.path = path if returnDescription: namespace.description = result[path]['description'] if returnNamespaces: namespace.namespaces = result[path]['namespaceNames'] if returnTags: namespace.tags = result[path]['tagNames'] return namespace
def run(): permissions = SecurePermissionAPI(session.auth.user) try: permissions.set([(path, operation, policy, exceptions)]) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] if operation in Operation.TAG_OPERATIONS: raise TNonexistentTag(unknownPath.encode('utf-8')) if operation in Operation.NAMESPACE_OPERATIONS: raise TNonexistentNamespace(unknownPath.encode('utf-8')) raise except UnknownUserError as error: # FIXME There could be more than one unknown username, but # TNoSuchUser can only be passed a single username, so we'll # only pass the first one. Ideally, we'd be able to pass all # of them. raise TNoSuchUser(error.usernames[0].encode('utf-8')) except UserNotAllowedInExceptionError as error: raise TInvalidUsername(str(error)) except PermissionDeniedError as error: session.log.exception(error) deniedPath, deniedOperation = error.pathsAndOperations[0] deniedCategory, deniedAction = getCategoryAndAction( deniedOperation) raise TPathPermissionDenied(deniedPath, deniedCategory, deniedAction)
def run(): tagValues = SecureTagValueAPI(session.auth.user) objects = SecureObjectAPI(session.auth.user) objectIDs = self._resolveQuery(session, objects, parsedQuery) values = [] if tags is None: # delete all tags user has permissions for result = objects.getTagsByObjects(objectIDs, Operation.DELETE_TAG_VALUE) for objectID, paths in result.iteritems(): for path in paths: values.append((objectID, path)) else: # delete only tags requested by user result = objects.getTagsByObjects(objectIDs) for objectID, paths in result.iteritems(): for path in paths: if tags is None or path in tags: values.append((objectID, path)) if values: try: tagValues.delete(values) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def run(): objects = SecureObjectAPI(session.auth.user) try: searchQueries = objects.search(valuesByQuery.keys()) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentTag(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] if operation == Operation.CREATE_OBJECT: raise TUnauthorized() else: raise TNonexistentTag(path_) # Run queries. try: with session.timer.track('index-search'): result = blockingCallFromThread(reactor, searchQueries.get) except SearchError as error: session.log.exception(error) raise TParseError(query, error.message) # Build a result set from the searches. values = {} for parsedQuery, objectIDs in result.iteritems(): for objectID in objectIDs: for tagAndValue in valuesByQuery[parsedQuery]: value = guessValue(tagAndValue.value) # FIXME: this code sucks, but I rather not having # to modify guessValue to return a list, as that # would break other code. # Hopefully, we'll be able to remove this pretty # soon. if isinstance(value, list): value = [item.decode('utf-8') for item in value] if objectID not in values: values[objectID] = {} values[objectID][tagAndValue.path] = value # Update values. if values: tagValues = SecureTagValueAPI(session.auth.user) try: result = tagValues.set(values) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except MalformedPathError as error: # FIXME: Modify MalformedPathError to have a path field. raise TInvalidPath(str(error).encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def createNamespace(self, *args, **kwargs): """ Make something (unspecified) appear to go wrong with perms checking. @param args: Positional arguments for the new namespace. @param kwargs: Keyword arguments for the new namespace. @raise C{TPathPermissionDenied} no matter what. """ raise TPathPermissionDenied()
def run(): try: SecureTagValueAPI(session.auth.user).delete(values) except UnknownPathError as error: session.log.exception(error) raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, path_)
def run(): value = {path: description} try: SecureTagAPI(session.auth.user).set(value) except UnknownPathError as error: session.log.exception(error) raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath)
def run(): namespaces = SecureNamespaceAPI(session.auth.user) try: namespaces.set({path: description}) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path_, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) path_ = path_.encode('utf-8') raise TPathPermissionDenied(path_, category, action)
def run(): try: SecureUserAPI(session.auth.user).delete([username]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(username) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) except NotEmptyError as error: session.log.exception(error) raise TBadRequest("Can't delete user %r because they have " 'data.' % username)
def run(): try: [(objectID, _)] = SecureUserAPI(session.auth.user).set([ (info.username, info.password, info.name, info.email, info.role) ]) except UnknownUserError as error: session.log.exception(error) raise TNoSuchUser(info.username.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) return str(objectID)
def run(): secureUserAPI = SecureUserAPI(session.auth.user) values = [(username, password, name, email)] try: [(objectID, _)] = secureUserAPI.create(values) except MalformedUsernameError as error: session.log.exception(error) # This looks weird, but I think it's better to keep only one # exception for bad usernames in the model layer. if len(username) > 128: raise TUsernameTooLong(username.encode('utf-8')) else: raise TInvalidUsername(username.encode('utf-8')) except DuplicateUserError as error: session.log.exception(error) raise TUserAlreadyExists(username.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) raise TPathPermissionDenied() return str(objectID)
def run(): tags = SecureTagAPI(session.auth.user) path = u'/'.join([parentNamespace, name]) try: [(objectID, _)] = tags.create([(path, description)]) except DuplicatePathError as error: session.log.exception(error) raise TTagAlreadyExists(path.encode('utf-8')) except UnknownPathError as error: session.log.exception(error) path = error.paths[0] raise TNonexistentTag(path.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) deniedPath, operation = error.pathsAndOperations[0] deniedPath = deniedPath.encode('utf-8') category, action = getCategoryAndAction(operation) raise TPathPermissionDenied(category, action, deniedPath) except MalformedPathError as error: session.log.exception(error) raise TInvalidPath(path.encode('utf-8')) return str(objectID)
def run(): permissions = SecurePermissionAPI(session.auth.user) try: result = permissions.get([(path, operation)]) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] if operation in Operation.TAG_OPERATIONS: raise TNonexistentTag(unknownPath.encode('utf-8')) if operation in Operation.NAMESPACE_OPERATIONS: raise TNonexistentNamespace(unknownPath.encode('utf-8')) raise except PermissionDeniedError as error: session.log.exception(error) deniedPath, deniedOperation = error.pathsAndOperations[0] deniedCategory, deniedAction = getCategoryAndAction( deniedOperation) raise TPathPermissionDenied(deniedPath, deniedCategory, deniedAction) policy, exceptions = result[(path, operation)] policy = str(policy).lower() return TPolicyAndExceptions(policy=policy, exceptions=exceptions)
def run(): namespaces = SecureNamespaceAPI(session.auth.user) path = u'/'.join([parentNamespace, name]) try: result = namespaces.create([(path, description)]) [objectID ] = [objectID for objectID, path_ in result if path_ == path] except DuplicatePathError as error: session.log.exception(error) raise TNamespaceAlreadyExists(path.encode('utf-8')) except UnknownPathError as error: session.log.exception(error) unknownPath = error.paths[0] raise TNonexistentNamespace(unknownPath.encode('utf-8')) except PermissionDeniedError as error: session.log.exception(error) path, operation = error.pathsAndOperations[0] category, action = getCategoryAndAction(operation) path = path.encode('utf-8') raise TPathPermissionDenied(path, category, action) except MalformedPathError as error: session.log.exception(error) raise TInvalidPath(path.encode('utf-8')) return str(objectID)