def _create_mapped_acls(self, acl, role_map): """Helper to propagate roles for auditors and captains""" audit = acl.object assert isinstance(audit, all_models.Audit), \ "`{}` role assigned to a non Audit object.".format(acl.ac_role.name) # Add Audit Captains Mapped role to all the objects in the audit snapshots_cache = self.caches["snapshots_cache"] acl_manager = self.caches["access_control_list_manager"] relationship_cache = self.caches["relationship_cache"] if audit.id not in snapshots_cache: snapshots_cache[audit.id] = all_models.Snapshot.query.filter( all_models.Snapshot.parent_id == audit.id, all_models.Snapshot.parent_type == "Audit").options( load_only("id")).all() for snapshot in snapshots_cache[audit.id]: acl_manager.get_or_create(snapshot, acl, acl.person, role_map["Snapshot"]) # Add Audit Captains Mapped to all related audit_stub = Stub(acl.object_type, acl.object_id) related_stubs = related([audit_stub], relationship_cache) for stub in related_stubs[audit_stub]: if stub.type not in ("Assessment", "AssessmentTemplate", "Issue", "Comment", "Document"): continue acl_manager.get_or_create(stub, acl, acl.person, role_map[stub.type]) # Add Audit Captains Mapped to all realted comments and documents mapped_stubs = related(related_stubs[audit_stub], relationship_cache) for parent in mapped_stubs: for stub in mapped_stubs[parent]: if stub.type not in ("Comment", "Document"): continue acl_manager.get_or_create(stub, acl, acl.person, role_map[stub.type])
def handle_acl_creation(session): """Create relations for mapped objects.""" base_objects = defaultdict(set) for obj in session.new: if isinstance(obj, all_models.AccessControlList): acr_id = obj.ac_role.id if obj.ac_role else obj.ac_role_id acr_name = get_custom_roles_for(obj.object_type).get(acr_id) if acr_name in Assignable.ASSIGNEE_TYPES: base_objects[Stub(obj.object_type, obj.object_id)].add(obj) if base_objects: related_objects = related(base_objects.keys(), RelationshipsCache()) snapshot_ids = collect_snapshot_ids(related_objects) if snapshot_ids: add_related_snapshots(snapshot_ids, related_objects) create_related_roles(base_objects, related_objects)
def handle_relationships(self, propagation, acl): """Hanle relationships""" relationship_cache = self.relationship_cache role_map = self.program_roles acl_manager = self.access_control_list_manager program_stub = Stub(acl.object_type, acl.object_id) related_stubs = related([program_stub], relationship_cache) for stub in related_stubs[program_stub]: if not (propagation["type"] == "any" or stub.type in propagation["type"].split(",")): continue role_id = role_map[ROLE_PROPAGATION[self._get_acr_name(acl)]] child = acl_manager.get_or_create(stub, acl, acl.person, role_id) if "propagate" in propagation: self.handle_propagation(propagation["propagate"], child)