def unregister_service_view(request):
"""
Unregister a service.
"""
service = ar.get_service_matchdict_checked(request)
service_push = asbool(
ar.get_multiformat_delete(request, "service_push", default=False))
svc_content = sf.format_service(service, show_private_url=True)
svc_res_id = service.resource_id
ax.evaluate_call(lambda: models.resource_tree_service.delete_branch(
resource_id=svc_res_id, db_session=request.db),
fallback=lambda: request.db.rollback(),
httpError=HTTPForbidden,
msgOnFail="Delete service from resource tree failed.",
content=svc_content)
def remove_service_magpie_and_phoenix(svc, svc_push, db_session):
db_session.delete(svc)
if svc_push and svc.type in SERVICES_PHOENIX_ALLOWED:
sync_services_phoenix(db_session.query(models.Service))
ax.evaluate_call(
lambda: remove_service_magpie_and_phoenix(service, service_push,
request.db),
fallback=lambda: request.db.rollback(),
httpError=HTTPForbidden,
msgOnFail=s.Service_DELETE_ForbiddenResponseSchema.description,
content=svc_content)
return ax.valid_http(httpSuccess=HTTPOk,
detail=s.Service_DELETE_OkResponseSchema.description)
def get_user_service_resources_view(request):
"""
List all resources under a service a user has permission on.
"""
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
service_perms = uu.get_user_service_permissions(
user,
service,
request=request,
inherit_groups_permissions=inherit_groups_perms)
resources_perms_dict = uu.get_user_service_resources_permissions_dict(
user,
service,
request=request,
inherit_groups_permissions=inherit_groups_perms)
user_svc_res_json = format_service_resources(
service=service,
db_session=request.db,
service_perms=service_perms,
resources_perms_dict=resources_perms_dict,
show_all_children=False,
show_private_url=False,
)
return ax.valid_http(
httpSuccess=HTTPOk,
detail=s.UserServiceResources_GET_OkResponseSchema.description,
content={u"service": user_svc_res_json})
def get_group_service_resources_view(request):
"""
List all resources under a service a group has permission on.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
return gu.get_group_service_resources_response(group, service, request.db)
def get_user_service_permissions_view(request):
"""
List all permissions a user has on a service.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
perms = ax.evaluate_call(
lambda: uu.get_user_service_permissions(service=service,
user=user,
request=request,
inherit_groups_permissions=
inherit_groups_perms),
fallback=lambda: request.db.rollback(),
httpError=HTTPNotFound,
msgOnFail=s.UserServicePermissions_GET_NotFoundResponseSchema.
description,
content={
u"service_name": str(service.resource_name),
u"user_name": str(user.user_name)
})
return ax.valid_http(
httpSuccess=HTTPOk,
detail=s.UserServicePermissions_GET_OkResponseSchema.description,
content={u"permission_names": sorted(p.value for p in perms)})
def get_user_service_permissions_view(request):
"""
List all permissions a user has on a service.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
inherit_groups_perms = asbool(
ar.get_query_param(request, ["inherit", "inherited"]))
resolve_groups_perms = asbool(
ar.get_query_param(request, ["resolve", "resolved"]))
perm_type = PermissionType.INHERITED if inherit_groups_perms else PermissionType.DIRECT
perms = ax.evaluate_call(
lambda: uu.get_user_service_permissions(
service=service,
user=user,
request=request,
inherit_groups_permissions=inherit_groups_perms,
resolve_groups_permissions=resolve_groups_perms),
fallback=lambda: request.db.rollback(),
http_error=HTTPNotFound,
msg_on_fail=s.UserServicePermissions_GET_NotFoundResponseSchema.
description,
content={
"service_name": str(service.resource_name),
"user_name": str(user.user_name)
})
return ax.valid_http(
http_success=HTTPOk,
content=format_permissions(perms, perm_type),
detail=s.UserServicePermissions_GET_OkResponseSchema.description)
def create_service_resource_view(request):
"""
Register a new resource directly under a service or under one of its children resources.
"""
service = ar.get_service_matchdict_checked(request)
resource_name = ar.get_multiformat_body(request, "resource_name")
resource_display_name = ar.get_multiformat_body(request, "resource_display_name", default=resource_name)
resource_type = ar.get_multiformat_body(request, "resource_type")
parent_id = ar.get_multiformat_body(request, "parent_id") # no check because None/empty is allowed
db_session = request.db
if parent_id is None:
parent_id = service.resource_id
else:
parent_id = ax.evaluate_call(lambda: int(parent_id),
http_error=HTTPUnprocessableEntity,
msg_on_fail=s.ServiceResources_POST_UnprocessableEntityResponseSchema.description)
# validate target service is actually the root service of the provided parent resource ID
root_service = ru.get_resource_root_service_by_id(parent_id, db_session=db_session)
ax.verify_param(root_service, not_none=True, param_name="parent_id",
msg_on_fail=s.ServiceResources_POST_NotFoundResponseSchema.description,
http_error=HTTPNotFound)
ax.verify_param(root_service.resource_id, is_equal=True,
param_compare=service.resource_id, param_name="parent_id",
msg_on_fail=s.ServiceResources_POST_ForbiddenResponseSchema.description,
http_error=HTTPForbidden)
return ru.create_resource(resource_name, resource_display_name, resource_type,
parent_id=parent_id, db_session=db_session)
def get_group_service_permissions_view(request):
"""
List all permissions a group has on a specific service.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
return gu.get_group_service_permissions_response(group, service,
request.db)
def get_service_view(request):
"""
Get a service information.
"""
service = ar.get_service_matchdict_checked(request)
service_info = sf.format_service(service, show_private_url=True,
show_resources_allowed=True, show_configuration=True)
return ax.valid_http(http_success=HTTPOk, detail=s.Service_GET_OkResponseSchema.description,
content={"service": service_info})
def create_user_service_permission_view(request):
"""
Create a permission on a service for a user.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_post_checked(request, service)
return uu.create_user_resource_permission_response(user, service,
permission, request.db)
def get_service_resources_view(request):
"""
List all resources registered under a service.
"""
service = ar.get_service_matchdict_checked(request)
svc_res_json = sf.format_service_resources(service, db_session=request.db,
show_all_children=True, show_private_url=True)
return ax.valid_http(http_success=HTTPOk, content={svc_res_json["service_name"]: svc_res_json},
detail=s.ServiceResources_GET_OkResponseSchema.description)
def delete_user_service_permission_name_view(request):
"""
Delete a permission by name from a service for a user (not including his groups permissions).
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_matchdict_checked(request, service)
return uu.delete_user_resource_permission_response(user, service,
permission, request.db)
def update_service_view(request):
"""
Update service information.
"""
service = ar.get_service_matchdict_checked(request)
service_push = asbool(ar.get_multiformat_body(request, "service_push", default=False))
def select_update(new_value, old_value):
return new_value if new_value is not None and not new_value == "" else old_value
# None/Empty values are accepted in case of unspecified
svc_name = select_update(ar.get_multiformat_body(request, "service_name"), service.resource_name)
svc_url = select_update(ar.get_multiformat_body(request, "service_url"), service.url)
ax.verify_param(svc_name, param_compare="types", not_equal=True,
param_name="service_name", http_error=HTTPForbidden,
msg_on_fail=s.Service_PATCH_ForbiddenResponseSchema_ReservedKeyword.description)
ax.verify_param(svc_name == service.resource_name and svc_url == service.url, not_equal=True,
param_compare=True, param_name="service_name/service_url",
http_error=HTTPBadRequest, msg_on_fail=s.Service_PATCH_BadRequestResponseSchema.description)
# config explicitly provided as None (null) means override (erase)
# to leave it as is, just don't specific the field
old_svc_config = service.configuration
new_svc_config = ar.get_multiformat_body(request, "configuration")
if old_svc_config != new_svc_config:
if new_svc_config is not None:
ax.verify_param(new_svc_config, param_compare=dict, is_type=True, http_error=HTTPUnprocessableEntity,
msg_on_fail=s.Service_CheckConfig_UnprocessableEntityResponseSchema.description)
service.configuration = new_svc_config
if svc_name != service.resource_name:
all_services = request.db.query(models.Service)
all_svc_names = [svc.resource_name for svc in all_services]
ax.verify_param(svc_name, not_in=True, param_compare=all_svc_names, with_param=False,
http_error=HTTPConflict, content={"service_name": str(svc_name)},
msg_on_fail=s.Service_PATCH_ConflictResponseSchema.description)
def update_service_magpie_and_phoenix(_svc, new_name, new_url, svc_push, db_session):
_svc.resource_name = new_name
_svc.url = new_url
has_getcap = Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[_svc.type].permissions
if svc_push and _svc.type in SERVICES_PHOENIX_ALLOWED and has_getcap:
# (re)apply getcapabilities to updated service to ensure updated push
su.add_service_getcapabilities_perms(_svc, db_session)
sync_services_phoenix(db_session.query(models.Service)) # push all services
old_svc_content = sf.format_service(service, show_private_url=True)
err_svc_content = {"service": old_svc_content, "new_service_name": svc_name, "new_service_url": svc_url}
ax.evaluate_call(lambda: update_service_magpie_and_phoenix(service, svc_name, svc_url, service_push, request.db),
fallback=lambda: request.db.rollback(),
http_error=HTTPForbidden, msg_on_fail=s.Service_PATCH_ForbiddenResponseSchema.description,
content=err_svc_content)
return ax.valid_http(http_success=HTTPOk, detail=s.Service_PATCH_OkResponseSchema.description,
content={"service": sf.format_service(service, show_private_url=True)})
def delete_group_service_permission_name_view(request):
"""
Delete a permission by name from a specific service for a group.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_matchdict_checked(request, service)
return gu.delete_group_resource_permission_response(group,
service,
permission,
db_session=request.db)
def get_service_permissions_view(request):
"""
List all applicable permissions for a service.
"""
service = ar.get_service_matchdict_checked(request)
svc_content = sf.format_service(service, show_private_url=True)
svc_perms = ax.evaluate_call(lambda: [p.value for p in SERVICE_TYPE_DICT[service.type].permissions],
fallback=request.db.rollback(), http_error=HTTPBadRequest, content=svc_content,
msg_on_fail=s.ServicePermissions_GET_BadRequestResponseSchema.description)
return ax.valid_http(http_success=HTTPOk, detail=s.ServicePermissions_GET_OkResponseSchema.description,
content=format_permissions(svc_perms, PermissionType.ALLOWED))
def create_group_service_permission_view(request):
"""
Create a permission on a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return gu.create_group_resource_permission_response(group,
service,
permission,
request.db,
overwrite=False)
def replace_user_service_permissions_view(request):
"""
Create or modify an existing permission on a service for a user.
Can be used to adjust permission modifiers.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return uu.create_user_resource_permission_response(user,
service,
permission,
request.db,
overwrite=True)
def replace_group_service_permissions_view(request):
"""
Create or modify an existing permission on a service for a group.
Can be used to adjust permission modifiers.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return gu.create_group_resource_permission_response(group,
service,
permission,
request.db,
overwrite=True)
def create_service_direct_resource_view(request):
"""
Register a new resource directly under a service.
"""
service = ar.get_service_matchdict_checked(request)
resource_name = ar.get_multiformat_post(request, "resource_name")
resource_display_name = ar.get_multiformat_post(request,
"resource_display_name",
default=resource_name)
resource_type = ar.get_multiformat_post(request, "resource_type")
parent_id = ar.get_multiformat_post(
request, "parent_id") # no check because None/empty is allowed
if not parent_id:
parent_id = service.resource_id
return create_resource(resource_name,
resource_display_name,
resource_type,
parent_id=parent_id,
db_session=request.db)
def update_service_view(request):
"""
Update a service information.
"""
service = ar.get_service_matchdict_checked(request)
service_push = asbool(
ar.get_multiformat_post(request, "service_push", default=False))
def select_update(new_value, old_value):
return new_value if new_value is not None and not new_value == "" else old_value
# None/Empty values are accepted in case of unspecified
svc_name = select_update(ar.get_multiformat_post(request, "service_name"),
service.resource_name)
svc_url = select_update(ar.get_multiformat_post(request, "service_url"),
service.url)
ax.verify_param(
svc_name,
paramCompare="types",
notEqual=True,
paramName="service_name",
httpError=HTTPBadRequest,
msgOnFail=s.Service_PUT_BadRequestResponseSchema_ReservedKeyword.
description)
ax.verify_param(
svc_name == service.resource_name and svc_url == service.url,
notEqual=True,
paramCompare=True,
paramName="service_name/service_url",
httpError=HTTPBadRequest,
msgOnFail=s.Service_PUT_BadRequestResponseSchema.description)
if svc_name != service.resource_name:
all_svc_names = list()
for svc_type in SERVICE_TYPE_DICT:
for svc in su.get_services_by_type(svc_type,
db_session=request.db):
all_svc_names.append(svc.resource_name)
ax.verify_param(
svc_name,
notIn=True,
paramCompare=all_svc_names,
httpError=HTTPConflict,
msgOnFail=s.Service_PUT_ConflictResponseSchema.description,
content={u"service_name": str(svc_name)})
def update_service_magpie_and_phoenix(_svc, new_name, new_url, svc_push,
db_session):
_svc.resource_name = new_name
_svc.url = new_url
has_getcap = Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[
_svc.type].permissions
if svc_push and svc.type in SERVICES_PHOENIX_ALLOWED and has_getcap:
# (re)apply getcapabilities to updated service to ensure updated push
su.add_service_getcapabilities_perms(_svc, db_session)
sync_services_phoenix(db_session.query(
models.Service)) # push all services
old_svc_content = sf.format_service(service, show_private_url=True)
err_svc_content = {
u"service": old_svc_content,
u"new_service_name": svc_name,
u"new_service_url": svc_url
}
ax.evaluate_call(
lambda: update_service_magpie_and_phoenix(service, svc_name, svc_url,
service_push, request.db),
fallback=lambda: request.db.rollback(),
httpError=HTTPForbidden,
msgOnFail=s.Service_PUT_ForbiddenResponseSchema.description,
content=err_svc_content)
return ax.valid_http(httpSuccess=HTTPOk,
detail=s.Service_PUT_OkResponseSchema.description,
content={
u"service":
sf.format_service(service, show_private_url=True)
})
