def members_add(actor, group_id=None, group_key=None, group=None, user_id=None, user_key=None, user=None):
permission_verify(actor, "member", "update")
user_key = user_key or build_user_key( user_id ) or user.key
group_key = group_key or build_group_key(group_id) or group.key
user = user or user_key.get()
group = group or group_key.get()
if not group.users:
group.users = [ user_key ]
else:
users = set(group.users)
users.add(user_key)
group.users = users
group.put()
if user:
if not user.groups:
user.groups = [ group.key ]
else:
groups = set(user.groups)
groups.add(group.key)
user.groups = groups
user.put()
def members_add(actor,
group_id=None,
group_key=None,
group=None,
user_id=None,
user_key=None,
user=None):
permission_verify(actor, "member", "update")
user_key = user_key or build_user_key(user_id) or user.key
group_key = group_key or build_group_key(group_id) or group.key
user = user or user_key.get()
group = group or group_key.get()
if not group.users:
group.users = [user_key]
else:
users = set(group.users)
users.add(user_key)
group.users = users
group.put()
if user:
if not user.groups:
user.groups = [group.key]
else:
groups = set(user.groups)
groups.add(group.key)
user.groups = groups
user.put()
def create(actor,
alias_key=None,
alias_id=None,
user_id=None,
user_key=None,
user=None,
group_id=None,
group_key=None,
group=None,
**kwargs):
permission_verify(actor, "alias", "create")
user_key = user_key or build_user_key(user or user_id)
group_key = group_key or build_group_key(group or group_id)
if not user_key and not group_key:
raise IllegalError("Aliases must specify either a user or a group")
if user_key and group_key:
raise IllegalError("Aliases must specify either a user or a group")
alias_key = alias_key or key(alias_id)
alias = Alias(key=alias_key)
alias.alias = users.User(alias_key.id())
alias.user = user_key
alias.group = group_key
alias.created_by = build_user_key(actor)
alias.put()
return alias
def permission_get(type, action, target, user, groups, keys_only=True):
if user and groups:
return Permission.query().filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target,
ndb.OR(Permission.user == build_user_key(user),
Permission.group.IN([build_group_key(group) for group in groups])))).get(keys_only=keys_only)
elif user:
return Permission.query(ancestor=build_user_key(user)).filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target)).get(keys_only=keys_only)
elif groups:
return Permission.query().filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target,
Permission.group.IN([build_group_key(group) for group in groups]))).get(keys_only=keys_only)
def permission_get(type, action, target, user, groups, keys_only=True):
if user and groups:
return Permission.query().filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target,
ndb.OR(Permission.user == build_user_key(user),
Permission.group.IN([build_group_key(group) for group in groups])))).get(keys_only=keys_only)
elif user:
return Permission.query(ancestor=build_user_key(user)).filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target)).get(keys_only=keys_only)
elif groups:
return Permission.query().filter( \
ndb.AND(Permission.type == type,
Permission.action == action,
Permission.target == target,
Permission.group.IN([build_group_key(group) for group in groups]))).get(keys_only=keys_only)
def members_clear(actor, group_id=None, group_key=None, group=None):
permission_verify(actor, "member", "update")
group = group or (group_key or build_group_key(group_id)).get()
for user_key in group.users:
user = user_key.get()
if user and user.groups and group.key in user.groups:
user.groups.remove(group.key)
user.put()
group.users = []
group.put()
def members_clear(actor, group_id=None, group_key=None, group=None):
permission_verify(actor, "member", "update")
group = group or (group_key or build_group_key(group_id)).get()
for user_key in group.users:
user = user_key.get()
if user and user.groups and group.key in user.groups:
user.groups.remove(group.key)
user.put()
group.users = []
group.put()
def permission_revoke(viewer, type, action, target=None, user=None, group=None):
permission_verify(viewer, "permissions", "revoke")
key = permission_get(type, action, target, user, [group] if group else None)
if key:
key.delete()
log.debug("Permission Revoked: %s - %s.%s (%s)" % (build_user_key(user) or build_group_key(group), type, action, target))
if user:
memcache.delete(build_user_key(user).id())
else:
memcache.flush_all()
else:
log.debug("Permission wasn't granted")
def members_remove(actor, group_id=None, group_key=None, group=None, user_id=None, user_key=None, user=None):
permission_verify(actor, "member", "update")
user_key = user_key or build_user_key( user_id ) or user.key
group_key = group_key or build_group_key(group_id) or group.key
user = user or user_key.get()
group = group or group_key.get()
if group.users: group.users.remove(user_key)
if user and user.groups: user.groups.remove(group_key)
group.put()
user.put()
def permission_grant(viewer, type, action, target=None, user=None, group=None):
permission_verify(viewer, "permissions", "grant")
if not permission_get(type, action, target, user, [group] if group else None):
user = build_user_key(user)
group = build_group_key(group)
permission = Permission(parent=user or group)
permission.user = user
permission.group = group
permission.type = type or target.kind()
permission.action = action
permission.target = target
permission.granted_by = build_user_key(viewer)
permission.put()
log.debug("Permission Granted: %s - %s.%s (%s)" % (user or group, type, action, target))
else:
log.warn("Permission already granted")
def members_remove(actor,
group_id=None,
group_key=None,
group=None,
user_id=None,
user_key=None,
user=None):
permission_verify(actor, "member", "update")
user_key = user_key or build_user_key(user_id) or user.key
group_key = group_key or build_group_key(group_id) or group.key
user = user or user_key.get()
group = group or group_key.get()
if group.users: group.users.remove(user_key)
if user and user.groups: user.groups.remove(group_key)
group.put()
user.put()
def permission_revoke(viewer,
type,
action,
target=None,
user=None,
group=None):
permission_verify(viewer, "permissions", "revoke")
key = permission_get(type, action, target, user,
[group] if group else None)
if key:
key.delete()
log.debug("Permission Revoked: %s - %s.%s (%s)" %
(build_user_key(user)
or build_group_key(group), type, action, target))
if user:
memcache.delete(build_user_key(user).id())
else:
memcache.flush_all()
else:
log.debug("Permission wasn't granted")
def permission_grant(viewer, type, action, target=None, user=None, group=None):
permission_verify(viewer, "permissions", "grant")
if not permission_get(type, action, target, user,
[group] if group else None):
user = build_user_key(user)
group = build_group_key(group)
permission = Permission(parent=user or group)
permission.user = user
permission.group = group
permission.type = type or target.kind()
permission.action = action
permission.target = target
permission.granted_by = build_user_key(viewer)
permission.put()
log.debug("Permission Granted: %s - %s.%s (%s)" %
(user or group, type, action, target))
else:
log.warn("Permission already granted")
def members_user_list(actor, group_id=None, group_key=None, group=None):
group = group or (group_key or build_group_key(group_id)).get()
return [key.get() for key in group.users]
def members_user_list(actor, group_id=None, group_key=None, group=None):
group = group or (group_key or build_group_key(group_id)).get()
return [key.get() for key in group.users]