def share(cls, **kwargs):
"""
Share a community with a group and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to share
:param community: target community with which to share
:param privilege: privilege 1-4.
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.share(group={X}, community={Y}, privilege={Z}, grantor={W}
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert 'privilege' in kwargs
assert \
kwargs['privilege'] >= PrivilegeCodes.OWNER and \
kwargs['privilege'] <= PrivilegeCodes.NONE
assert len(kwargs) == 4
cls.update(**kwargs)
GroupCommunityProvenance.update(**kwargs)
def unshare(cls, **kwargs):
"""
Unshare a group with a community and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to share
:param community: target community with which to unshare
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.unshare(group={X}, user={Y}, grantor={W})
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
Use UserAccess.unshare_group_with_community instead.
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 3
cls.update(privilege=PrivilegeCodes.NONE, **kwargs)
GroupCommunityProvenance.update(privilege=PrivilegeCodes.NONE,
**kwargs)
def unshare(cls, **kwargs):
"""
Unshare a group with a community and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to share
:param community: target community with which to unshare
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.unshare(group={X}, user={Y}, grantor={W})
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
Use UserAccess.unshare_group_with_community instead.
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 3
cls.update(privilege=PrivilegeCodes.NONE, **kwargs)
GroupCommunityProvenance.update(privilege=PrivilegeCodes.NONE, **kwargs)
def share(cls, **kwargs):
"""
Share a community with a group and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to share
:param community: target community with which to share
:param privilege: privilege 1-4.
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.share(group={X}, community={Y}, privilege={Z}, grantor={W}
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert 'privilege' in kwargs
assert \
kwargs['privilege'] >= PrivilegeCodes.OWNER and \
kwargs['privilege'] <= PrivilegeCodes.NONE
assert len(kwargs) == 4
cls.update(**kwargs)
GroupCommunityProvenance.update(**kwargs)
def undo_share(cls, **kwargs):
"""
Undo a share a group with a community and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to undo
:param community: target community with which to undo share
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.undo_share(community={X}, group={Y}, grantor={W})
In practice:
The "undo" operation is independent of the privileges a user currently holds.
Suppose -- for example -- that a user holds CHANGE, grants that to another user,
and then loses CHANGE. The undo of the other user is still possible, even though the
original user no longer has the privilege.
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 3
grantor = kwargs['grantor']
del kwargs['grantor']
# undo in provenance model; add a record that reinstates previous privilege.
GroupCommunityProvenance.undo_share(grantor=grantor, **kwargs)
# read that record and post to privilege table.
r = GroupCommunityProvenance.get_current_record(**kwargs)
cls.update(community=r.community,
group=r.group,
privilege=r.privilege,
grantor=r.grantor)
def undo_share(cls, **kwargs):
"""
Undo a share a group with a community and update provenance
***This completely bypasses access control*** but keeps provenance in sync.
:param group: source group to undo
:param community: target community with which to undo share
:param grantor: user who requested privilege.
Usage:
GroupCommunityPrivilege.undo_share(community={X}, group={Y}, grantor={W})
In practice:
The "undo" operation is independent of the privileges a user currently holds.
Suppose -- for example -- that a user holds CHANGE, grants that to another user,
and then loses CHANGE. The undo of the other user is still possible, even though the
original user no longer has the privilege.
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'group' in kwargs
assert isinstance(kwargs['group'], Group)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 3
grantor = kwargs['grantor']
del kwargs['grantor']
# undo in provenance model; add a record that reinstates previous privilege.
GroupCommunityProvenance.undo_share(grantor=grantor, **kwargs)
# read that record and post to privilege table.
r = GroupCommunityProvenance.get_current_record(**kwargs)
cls.update(community=r.community, group=r.group, privilege=r.privilege, grantor=r.grantor)
def get_undo_groups(cls, **kwargs):
""" Get a set of groups for which a grantor can undo privilege
:param community: community to check
:param grantor: user that will undo privilege
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 2
return GroupCommunityProvenance.get_undo_groups(**kwargs)
def get_undo_groups(cls, **kwargs):
""" Get a set of groups for which a grantor can undo privilege
:param community: community to check
:param grantor: user that will undo privilege
Important: this does not guard against removing a single owner.
**This is a system routine** that should not be called directly by developers!
"""
# prevent import loops
from hs_access_control.models.provenance import GroupCommunityProvenance
if __debug__:
assert 'community' in kwargs
assert isinstance(kwargs['community'], Community)
assert 'grantor' in kwargs
assert isinstance(kwargs['grantor'], User)
assert len(kwargs) == 2
return GroupCommunityProvenance.get_undo_groups(**kwargs)