def setUp(self): """Create a fake role.""" from invenio.modules.access.control import acc_add_role from invenio.modules.access.firerole import compile_role_definition, \ serialize self.role_name = 'test' self.role_description = 'test role' self.role_definition = 'allow email /.*@cern.ch/' self.role_id, dummy, dummy, dummy = acc_add_role(self.role_name, self.role_description, serialize(compile_role_definition(self.role_definition)), self.role_definition)
def setUp(self): """Create a fake role.""" from invenio.modules.access.control import acc_add_role from invenio.modules.access.firerole import compile_role_definition, \ serialize self.role_name = 'test' self.role_description = 'test role' self.role_definition = 'allow email /.*@cern.ch/' self.role_id, dummy, dummy, dummy = acc_add_role( self.role_name, self.role_description, serialize(compile_role_definition(self.role_definition)), self.role_definition)
def save_acl(self, c): # Role - use Community id, because role name is limited to 32 chars. role_name = 'project_role_%s' % self.id role = AccROLE.query.filter_by(name=role_name).first() if not role: rule = 'allow group "%s"\ndeny any' % self.get_group_name() role = AccROLE(name=role_name, description='Owner of project %s' % self.title, firerole_def_ser=serialize( compile_role_definition(rule)), firerole_def_src=rule) db.session.add(role) # Argument fields = dict(keyword='collection', value=c.name) arg = AccARGUMENT.query.filter_by(**fields).first() if not arg: arg = AccARGUMENT(**fields) db.session.add(arg) # Action action = AccACTION.query.filter_by(name='viewrestrcoll').first() # User role alluserroles = UserAccROLE.query.filter_by(role=role).all() userrole = None if alluserroles: # Remove any user which is not the owner for ur in alluserroles: if ur.id_user == self.id_user: db.session.delete(ur) else: userrole = ur if not userrole: userrole = UserAccROLE(id_user=self.id_user, role=role) db.session.add(userrole) # Authorization auth = AccAuthorization.query.filter_by(role=role, action=action, argument=arg).first() if not auth: auth = AccAuthorization(role=role, action=action, argument=arg, argumentlistid=1)
def save_acl(self, c): # Role - use Community id, because role name is limited to 32 chars. role_name = 'instrument_role_%s' % self.id role = AccROLE.query.filter_by(name=role_name).first() if not role: rule = 'allow group "%s"\ndeny any' % self.get_group_name() role = AccROLE( name=role_name, description='Owner of instruments %s' % self.name, firerole_def_ser=serialize(compile_role_definition(rule)), firerole_def_src=rule) db.session.add(role) # Argument fields = dict(keyword='collection', value=c.name) arg = AccARGUMENT.query.filter_by(**fields).first() if not arg: arg = AccARGUMENT(**fields) db.session.add(arg) # Action action = AccACTION.query.filter_by(name='viewrestrcoll').first() # User role alluserroles = UserAccROLE.query.filter_by(role=role).all() userrole = None if alluserroles: # Remove any user which is not the owner for ur in alluserroles: if ur.id_user == self.user_id: db.session.delete(ur) else: userrole = ur if not userrole: userrole = UserAccROLE(id_user=self.user_id, role=role) db.session.add(userrole) # Authorization auth = AccAuthorization.query.filter_by(role=role, action=action, argument=arg).first() if not auth: auth = AccAuthorization(role=role, action=action, argument=arg, argumentlistid=1)