def test_group_edge_roles_order_unchanged(): # The order of the GROUP_EDGE_ROLES tuple matters: new roles must be # appended. This test attempts exposes that information to help prevent # that from happening accidentally. assert GROUP_EDGE_ROLES.index("member") == 0 assert GROUP_EDGE_ROLES.index("manager") == 1 assert GROUP_EDGE_ROLES.index("owner") == 2 assert GROUP_EDGE_ROLES.index("np-owner") == 3
def user_permissions(session, user): user_groups = get_all_groups_by_user(session, user) non_np = [grp.name for grp, role in user_groups if role != GROUP_EDGE_ROLES.index("np-owner")] now = datetime.utcnow() permissions = session.query( Permission.name, PermissionMap.argument, PermissionMap.granted_on, Group, ).filter( PermissionMap.permission_id == Permission.id, PermissionMap.group_id == Group.id, GroupEdge.group_id == Group.id, GroupEdge.active == True, user.enabled == True, Group.enabled == True, Group.name.in_(non_np), or_( GroupEdge.expiration > now, GroupEdge.expiration == None ) ).order_by( asc("name"), asc("argument"), asc("groupname") ).all() return permissions
def user_role_index(user, members): if user_is_group_admin(user.session, user): return GROUP_EDGE_ROLES.index("owner") member = members.get(("User", user.name)) if not member: return None return member.role
def user_permissions(session, user): user_groups = get_all_groups_by_user(session, user) non_np = [ grp.name for grp, role in user_groups if role != GROUP_EDGE_ROLES.index("np-owner") ] now = datetime.utcnow() permissions = session.query( Permission.name, PermissionMap.argument, PermissionMap.granted_on, Group, ).filter( PermissionMap.permission_id == Permission.id, PermissionMap.group_id == Group.id, GroupEdge.group_id == Group.id, GroupEdge.active == True, user.enabled == True, Group.enabled == True, Group.name.in_(non_np), or_(GroupEdge.expiration > now, GroupEdge.expiration == None)).order_by(asc("name"), asc("argument"), asc("groupname")).all() return permissions