from guillotina import configure # Add new permission configure.permission("guillotina.ManageAMQP", "Manage guillotina amqp endpoints") configure.permission("guillotina.DebugAMQP", "Debug guillotina amqp tasks") # Grant it to guillotina.Manager configure.grant(permission="guillotina.ManageAMQP", role="guillotina.Manager") configure.grant(permission="guillotina.DebugAMQP", role="guillotina.Manager")
# -*- coding: utf-8 -*- from guillotina import configure from guillotina.i18n import MessageFactory _ = MessageFactory('guillotina_dbusers') app_settings = { "auth_user_identifiers": ["guillotina_dbusers.users.DBUserIdentifier"] } configure.permission("guillotina.NotAuthenticated", "") configure.permission("guillotina.Authenticated", "") configure.permission("guillotina.AddUser", title="Add plone user") configure.permission("guillotina.AddGroup", title="Add plone group") configure.grant(permission="guillotina.AccessContent", role="guillotina.Anonymous") configure.grant(permission="guillotina.NotAuthenticated", role="guillotina.Anonymous") configure.grant(permission="guillotina.Authenticated", role="guillotina.Authenticated") configure.grant(permission="guillotina.AddUser", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.AddGroup", role="guillotina.ContainerAdmin") def includeme(root, settings): configure.scan('guillotina_dbusers.content.users') configure.scan('guillotina_dbusers.content.groups') configure.scan('guillotina_dbusers.install') configure.scan('guillotina_dbusers.services')
from guillotina import configure configure.permission("guillotina.Nobody", "Permission not assigned to anyone") configure.permission("guillotina.ManageUsers", "Manage Users on site", "Be able to manage users on site") configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
'port': 6379, 'ttl': 3600, 'memory_cache_size': 209715200, 'updates_channel': 'guillotina', 'pool': { 'minsize': 5, 'maxsize': 100 }, 'cluster_mode': False }, "load_utilities": { "guillotina_rediscache.cache": { 'provides': 'guillotina_rediscache.interfaces.IRedisChannelUtility', # noqa 'factory': 'guillotina_rediscache.utility.RedisChannelUtility', 'settings': {} } } } configure.permission('guillotina_rediscache.Manage', 'Manage redis cache') configure.grant(permission="guillotina_rediscache.Manage", role="guillotina.Manager") def includeme(root, settings): configure.scan('guillotina_rediscache.cache_strategy') configure.scan('guillotina_rediscache.utility') configure.scan('guillotina_rediscache.api') configure.scan('guillotina_rediscache.serialize')
from guillotina import configure app_settings = { } configure.role("guillotina_chat.ConversationParticipant", "Conversation Participant", "Users that are part of a conversation", False) configure.grant( permission="guillotina.ViewContent", role="guillotina_chat.ConversationParticipant") configure.grant( permission="guillotina.AccessContent", role="guillotina_chat.ConversationParticipant") configure.grant( permission="guillotina.AddContent", role="guillotina_chat.ConversationParticipant") def includeme(root): """ custom application initialization here """ configure.scan('guillotina_chat.install') configure.scan('guillotina_chat.content') configure.scan('guillotina_chat.subscribers') configure.scan('guillotina_chat.serialize') configure.scan('guillotina_chat.services') configure.scan('guillotina_chat.utility') configure.scan('guillotina_chat.ws')
configure.role("guillotina.Reader", "Reader", "can read content", True) configure.role("guillotina.Editor", "Editor", "can edit content", True) configure.role("guillotina.Reviewer", "Reviewer", "can review content", True) configure.role("guillotina.Owner", "Content Manager", "can add/delete content", True) configure.role("guillotina.Manager", "Site Manager", False) configure.role("guillotina.SiteAdmin", "Site Administrator", "can set settings on site", False) configure.role("guillotina.SiteCreator", "Site DB Manager", "Can create sites and db connections", False) configure.role("guillotina.SiteDeleter", "Site Remover", "Can destroy a site", False) # Anonymous configure.grant(permission="guillotina.AccessPreflight", role="guillotina.Anonymous") # Reader configure.grant(permission="guillotina.ViewContent", role="guillotina.Reader") configure.grant(permission="guillotina.AccessContent", role="guillotina.Reader") # Reviewer configure.grant(permission="guillotina.ViewContent", role="guillotina.Reviewer") configure.grant(permission="guillotina.AccessContent", role="guillotina.Reviewer") # Owner configure.grant(permission="guillotina.DeleteContent", role="guillotina.Owner") configure.grant(permission="guillotina.AddContent", role="guillotina.Owner")
from guillotina import configure configure.permission('guillotina.ManageVersioning', 'Ability to modify versioning on an object') configure.permission('guillotina.ManageConstraints', 'Allow to check and change type constraints') configure.permission('guillotina.ReviewContent', 'Review content permission') configure.permission('guillotina.RequestReview', 'Request review content permission') configure.grant(permission='guillotina.ManageVersioning', role='guillotina.Manager') configure.grant(permission='guillotina.ManageConstraints', role='guillotina.Manager') configure.grant(permission='guillotina.ManageConstraints', role='guillotina.ContainerAdmin') configure.grant(permission='guillotina.ReviewContent', role='guillotina.Reviewer') configure.grant(permission='guillotina.ReviewContent', role='guillotina.Manager') configure.grant(permission='guillotina.RequestReview', role='guillotina.Manager') configure.grant(permission='guillotina.RequestReview', role='guillotina.Owner')
from guillotina import configure configure.grant(permission="guillotina.SearchContent", role="guillotina.Manager")
from guillotina import configure configure.permission("guillotina.AddUser", title="Add plone user") configure.permission("guillotina.AddGroup", title="Add plone group") configure.permission("guillotina.Nobody", "Permission not assigned to anyone") configure.permission("guillotina.ManageUsers", "Manage Users on site", "Be able to manage users on site") configure.grant(permission="guillotina.AddUser", role="guillotina.Manager") configure.grant(permission="guillotina.AddGroup", role="guillotina.Manager") configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager") configure.grant(permission="guillotina.AddUser", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.AddGroup", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.ManageUsers", role="guillotina.ContainerAdmin")
from guillotina import configure configure.permission("guillotina.swagger.View", "View swagger definition") configure.grant(permission="guillotina.swagger.View", role="guillotina.Anonymous") configure.grant(permission="guillotina.swagger.View", role="guillotina.Authenticated") app_settings = { "static": { "swagger_static": "guillotina.contrib.swagger:static" }, "swagger": { "authentication_allowed": True, "base_url": None, "auth_storage_search_keys": ["auth"], "base_configuration": { "swagger": "2.0", "info": { "version": "", "title": "Guillotina", "description": "The REST Resource API", }, "host": "", "basePath": "", "schemes": [], "produces": ["application/json"], "consumes": ["application/json"], "paths": {}, "definitions": {}, },
configure.permission("guillotina.ManageVersioning", "Ability to modify versioning on an object") configure.permission("guillotina.ManageConstraints", "Allow to check and change type constraints") configure.permission("guillotina.ReviewContent", "Review content permission") configure.permission("guillotina.RequestReview", "Request review content permission") configure.permission("guillotina.ViewComments", "View comments") configure.permission("guillotina.ModifyComments", "Modify comments") configure.permission("guillotina.AddComments", "Add comments") configure.permission("guillotina.DeleteComments", "Delete comments") configure.permission("guillotina.DeleteAllComments", "Delete all comments") configure.grant(permission="guillotina.ManageVersioning", role="guillotina.Manager") configure.grant(permission="guillotina.ManageConstraints", role="guillotina.Manager") configure.grant(permission="guillotina.ManageConstraints", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.ReviewContent", role="guillotina.Reviewer") configure.grant(permission="guillotina.ReviewContent", role="guillotina.Manager") configure.grant(permission="guillotina.RequestReview", role="guillotina.Manager")
from . import settings from guillotina import configure from guillotina.interfaces import IFolder import json import pytest pytestmark = pytest.mark.asyncio configure.permission("dbusers.SeeTopSecret", "SeeTopSecret", "Ability to see TopSecret docs") configure.role("dbusers.DoubleO", "00 Agent") configure.grant(permission="dbusers.SeeTopSecret", role="dbusers.DoubleO") @configure.service( context=IFolder, method="GET", permission="dbusers.SeeTopSecret", name="@top-secret", ) async def top_secret(context, request): return {"documents": ["abcd"]} @pytest.mark.app_settings(settings.DEFAULT_SETTINGS) async def test_roles_in_groups(dbusers_requester): async with dbusers_requester as requester: # Create the group 'top-agents' and assign the role "dbusers.DoubleO" resp, status = await requester( "POST", "/db/guillotina/groups", data=json.dumps({"id": "top-agents", "@type": "Group", "user_roles": ["dbusers.DoubleO"]}),
from guillotina import configure configure.permission('hive.Manage', 'Manage Hive Cluster') configure.permission('hive.Schedulle', 'Schedulle tasks') configure.grant( permission="hive.Manage", role="guillotina.ContainerAdmin")
@configure.service(context=IApplication, method="GET", permission="guillotina.AccessContent", name="@raise-http-exception") @configure.service(context=IApplication, method="POST", permission="guillotina.AccessContent", name="@raise-http-exception") async def raise_http_exception(context, request): raise HTTPUnprocessableEntity() # Create a new permission and grant it to authenticated users only configure.permission("example.EndpointPermission", "example permission") configure.grant(permission="example.EndpointPermission", role="guillotina.Authenticated") @configure.service(context=IApplication, method="GET", permission="example.EndpointPermission", name="@myEndpoint") async def my_endpoint(context, request): return {"foo": "bar"} @configure.service( context=IApplication, method="GET", permission="guillotina.AccessContent", name="@json-schema-validation",
from guillotina import configure configure.permission("guillotina.AddJinjaTemplate", title="Add Jinja template") configure.grant(permission="guillotina.AddJinjaTemplate", role="guillotina.Manager") configure.grant(permission="guillotina.AddJinjaTemplate", role="guillotina.ContainerAdmin")
from guillotina import configure # Add new permission configure.permission('guillotina.ManageAMQP', 'Manage guillotina amqp endpoints') # Grant it to guillotina.Manager configure.grant( permission='guillotina.ManageAMQP', role='guillotina.Manager')
}, "hive_tasks": {}, "hive": { "image": None, "default_namespace": "hive", "orchestrator": "k8s", "cluster_config": {}, "guillotina_default": { "entrypoint": None, "volumes": None, "volumeMounts": None, "envFrom": None, "container_args": ["guillotina", "hive-worker"] }, 'quota': None, 'settings_serializer': 'guillotina_hive.utils.settings_serializer' } } configure.permission('guillotina_hive.Manage', 'Manage hive') configure.grant(permission="guillotina_hive.Manage", role="guillotina.Manager") def includeme(root): configure.scan('guillotina_hive.content') configure.scan('guillotina_hive.client') configure.scan('guillotina_hive.install') configure.scan('guillotina_hive.permissions') configure.scan('guillotina_hive.api') configure.scan('guillotina_hive.builtins')
configure.role("guillotina.Reader", "Reader", "can read content", True) configure.role("guillotina.Editor", "Editor", "can edit content", True) configure.role("guillotina.Reviewer", "Reviewer", "can review content", True) configure.role("guillotina.Owner", "Content Manager", "can add/delete content", True) configure.role("guillotina.Manager", "Container Manager", False) configure.role("guillotina.ContainerAdmin", "Container Administrator", "can set settings on container", False) configure.role("guillotina.ContainerCreator", "Container DB Manager", "Can create containers and db connections", False) configure.role("guillotina.ContainerDeleter", "Container Remover", "Can destroy a container", False) # Anonymous configure.grant(permission="guillotina.AccessPreflight", role="guillotina.Anonymous") configure.grant(permission="guillotina.Public", role="guillotina.Anonymous") # Authenticated configure.grant(permission="guillotina.RefreshToken", role="guillotina.Authenticated") configure.grant(permission="guillotina.SeeSession", role="guillotina.Authenticated") configure.grant(permission="guillotina.Logout", role="guillotina.Authenticated") configure.grant(permission="guillotina.AccessPreflight", role="guillotina.Authenticated") configure.grant(permission="guillotina.Public", role="guillotina.Authenticated") configure.grant(permission="guillotina.UseWebSockets",
"mailer": { "default_sender": "*****@*****.**", "endpoints": { "default": { "type": "smtp", "host": "localhost", "port": 25 } }, "debug": False, "utility": "guillotina_mailer.utility.MailerUtility", "use_html2text": True, "domain": None } } configure.permission(id="mailer.SendMail", title="Request subscription") configure.grant(permission="mailer.SendMail", role="guillotina.ContainerAdmin") def includeme(root, settings): factory = import_class( settings.get('mailer', {}).get('utility', app_settings['mailer']['utility'])) utility = factory() provide_utility(utility, IMailer) configure.scan('guillotina_mailer.api') configure.scan('guillotina_mailer.utility')