async def sharing_post(context, request): """Change permissions""" lroles = local_roles() data = await request.json() if 'prinrole' not in data and \ 'roleperm' not in data and \ 'prinperm' not in data: raise AttributeError('prinrole or roleperm or prinperm missing') if 'type' not in data: raise AttributeError('type missing') setting = data['type'] # we need to check if we are changing any info changed = False if 'prinrole' in data: if setting not in PermissionMap['prinrole']: raise AttributeError('Invalid Type') manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) for user, roles in data['prinrole'].items(): for role in roles: if role in lroles: changed = True func(role, user) else: raise KeyError('No valid local role') if 'prinperm' in data: if setting not in PermissionMap['prinperm']: raise AttributeError('Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) for user, permissions in data['prinperm'].items(): for permision in permissions: changed = True func(permision, user) if 'roleperm' in data: if setting not in PermissionMap['roleperm']: raise AttributeError('Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) for role, permissions in data['roleperm'].items(): for permission in permissions: changed = True func(permission, role) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data): lroles = role.local_roles() changed = False for perminhe in data.get('perminhe') or []: setting = perminhe.get('setting') if setting not in PermissionMap['perminhe']: raise PreconditionFailed(context, 'Invalid Type {}'.format(setting)) manager = IInheritPermissionManager(context) operation = PermissionMap['perminhe'][setting] func = getattr(manager, operation) changed = True func(perminhe['permission']) for prinrole in data.get('prinrole') or []: setting = prinrole.get('setting') if setting not in PermissionMap['prinrole']: raise PreconditionFailed(context, 'Invalid Type {}'.format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) if prinrole['role'] in lroles: changed = True func(prinrole['role'], prinrole['principal']) else: raise PreconditionFailed(context, 'No valid local role') for prinperm in data.get('prinperm') or []: setting = prinperm['setting'] if setting not in PermissionMap['prinperm']: raise PreconditionFailed(context, 'Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) changed = True func(prinperm['permission'], prinperm['principal']) for roleperm in data.get('roleperm') or []: setting = roleperm['setting'] if setting not in PermissionMap['roleperm']: raise PreconditionFailed(context, 'Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) changed = True func(roleperm['permission'], roleperm['role']) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def addPerms(obj, perms, changed=False): """apply some permissions. Copied almost verbatim from sharingPOST service """ lroles = local_roles() groles = global_roles() if ("prinrole" not in perms and "roleperm" not in perms and "prinperm" not in perms): raise PreconditionFailed(obj, "prinrole or roleperm or prinperm missing") for prinrole in perms.get("prinrole") or []: setting = prinrole.get("setting") if setting not in PermissionMap["prinrole"]: raise PreconditionFailed(obj, "Invalid Type {}".format(setting)) manager = IPrincipalRoleManager(obj) operation = PermissionMap["prinrole"][setting] func = getattr(manager, operation) if (obj.type_name == "Container" and prinrole["role"] not in groles + lroles): raise PreconditionFailed( obj, "Not a valid role: {}".format(prinrole["role"])) if obj.type_name != "Container" and prinrole["role"] not in lroles: raise PreconditionFailed( obj, "Not a valid local role: {}".format(prinrole["role"])) changed = True func(prinrole["role"], prinrole["principal"]) for prinperm in perms.get("prinperm") or []: setting = prinperm["setting"] if setting not in PermissionMap["prinperm"]: raise PreconditionFailed(obj, "Invalid Type") manager = IPrincipalPermissionManager(obj) operation = PermissionMap["prinperm"][setting] func = getattr(manager, operation) changed = True func(prinperm["permission"], prinperm["principal"]) for roleperm in perms.get("roleperm") or []: setting = roleperm["setting"] if setting not in PermissionMap["roleperm"]: raise PreconditionFailed(obj, "Invalid Type") manager = IRolePermissionManager(obj) operation = PermissionMap["roleperm"][setting] func = getattr(manager, operation) changed = True func(roleperm["permission"], roleperm["role"]) if changed: obj._p_register() # make sure data is saved
async def __call__(self, changed=False): """Change permissions""" context = self.context request = self.request lroles = local_roles() data = await request.json() if 'prinrole' not in data and \ 'roleperm' not in data and \ 'prinperm' not in data: raise PreconditionFailed( self.context, 'prinrole or roleperm or prinperm missing') for prinrole in data.get('prinrole') or []: setting = prinrole.get('setting') if setting not in PermissionMap['prinrole']: raise PreconditionFailed(self.context, 'Invalid Type {}'.format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap['prinrole'][setting] func = getattr(manager, operation) if prinrole['role'] in lroles: changed = True func(prinrole['role'], prinrole['principal']) else: raise PreconditionFailed(self.context, 'No valid local role') for prinperm in data.get('prinperm') or []: setting = prinperm['setting'] if setting not in PermissionMap['prinperm']: raise PreconditionFailed(self.context, 'Invalid Type') manager = IPrincipalPermissionManager(context) operation = PermissionMap['prinperm'][setting] func = getattr(manager, operation) changed = True func(prinperm['permission'], prinperm['principal']) for roleperm in data.get('roleperm') or []: setting = roleperm['setting'] if setting not in PermissionMap['roleperm']: raise PreconditionFailed(self.context, 'Invalid Type') manager = IRolePermissionManager(context) operation = PermissionMap['roleperm'][setting] func = getattr(manager, operation) changed = True func(roleperm['permission'], roleperm['role']) if changed: context._p_register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data): lroles = role.local_roles() changed = False for perminhe in data.get("perminhe") or []: if not isinstance(perminhe, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(perminhe)) setting = perminhe.get("setting") if setting not in PermissionMap["perminhe"]: raise PreconditionFailed(context, "Invalid Type {}".format(setting)) manager = IInheritPermissionManager(context) operation = PermissionMap["perminhe"][setting] func = getattr(manager, operation) changed = True func(perminhe["permission"]) for prinrole in data.get("prinrole") or []: if not isinstance(prinrole, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(prinrole)) setting = prinrole.get("setting") if setting not in PermissionMap["prinrole"]: raise PreconditionFailed(context, "Invalid Type {}".format(setting)) manager = IPrincipalRoleManager(context) operation = PermissionMap["prinrole"][setting] func = getattr(manager, operation) if prinrole["role"] in lroles: changed = True func(prinrole["role"], prinrole["principal"]) else: raise PreconditionFailed(context, "No valid local role") for prinperm in data.get("prinperm") or []: if not isinstance(prinperm, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(prinperm)) setting = prinperm["setting"] if setting not in PermissionMap["prinperm"]: raise PreconditionFailed(context, "Invalid Type") manager = IPrincipalPermissionManager(context) operation = PermissionMap["prinperm"][setting] func = getattr(manager, operation) changed = True func(prinperm["permission"], prinperm["principal"]) for roleperm in data.get("roleperm") or []: if not isinstance(roleperm, dict): raise PreconditionFailed( context, "Invalid Type, must be list {}".format(roleperm)) setting = roleperm["setting"] if setting not in PermissionMap["roleperm"]: raise PreconditionFailed(context, "Invalid Type") manager = IRolePermissionManager(context) operation = PermissionMap["roleperm"][setting] func = getattr(manager, operation) changed = True func(roleperm["permission"], roleperm["role"]) if changed: context.register() # make sure data is saved await notify(ObjectPermissionsModifiedEvent(context, data))