def check_permissions(self,
success,
failure=None,
permissions=None): # pylint: disable=W0221
"""Check that the user is allowed to use the resources
defined in permissions.
permissions - a dictionary with each entry having a
resource type as the key, and a list of permissions
as the values, e.g.
{'author': ['read', 'create', 'update', 'delete']}
success - the callback to run on success.
failure - the callback to run on failure.
"""
if not permissions:
permissions = {arg: dejsonify(self.request.arguments[arg][0])
for arg in self.request.arguments}
if not failure:
failure = self.permission_denied
# 1. get user
# 2. get relevant groups
# 2. get models
# 3. combine them together
# 4. Test it against the input
if not self.get_secure_cookie("user"):
# We are not logged in, go to the next stage
return self._get_models_for_check_perms(
groups=None,
error=None,
user=None,
permissions=permissions,
success=success,
failure=failure)
callback = partial(self._get_relevant_groups,
permissions=permissions,
success=success,
failure=failure)
coll = self.get_collection('_user')
coll.find_one({'_id': self.get_secure_cookie("user")},
callback=callback,
fields=['_permissions'])
def check_permissions(self, success, failure=None, permissions=None): # pylint: disable=W0221
"""Check that the user is allowed to use the resources
defined in permissions.
permissions - a dictionary with each entry having a
resource type as the key, and a list of permissions
as the values, e.g.
{'author': ['read', 'create', 'update', 'delete']}
success - the callback to run on success.
failure - the callback to run on failure.
"""
if not permissions:
permissions = {
arg: dejsonify(self.request.arguments[arg][0])
for arg in self.request.arguments
}
if not failure:
failure = self.permission_denied
# 1. get user
# 2. get relevant groups
# 2. get models
# 3. combine them together
# 4. Test it against the input
if not self.get_secure_cookie("user"):
# We are not logged in, go to the next stage
return self._get_models_for_check_perms(groups=None,
error=None,
user=None,
permissions=permissions,
success=success,
failure=failure)
callback = partial(self._get_relevant_groups,
permissions=permissions,
success=success,
failure=failure)
coll = self.get_collection('_user')
coll.find_one({'_id': self.get_secure_cookie("user")},
callback=callback,
fields=['_permissions'])
def _parse_arguments(self, resource):
"""Parse the critera to make friendly searches."""
kwargs = {}
count = None
arguments = self.request.arguments
if arguments:
query = dict((key, value[0]) for \
key, value in six.iteritems(arguments))
if '_limit' in query:
try:
kwargs['limit'] = int(dejsonify(query['_limit']))
except ValueError:
print("Warning: Invalid _limit parameter.")
del query['_limit']
if '_sort' in query:
kwargs['sort'] = dejsonify(query['_sort'])
del query['_sort']
if '_skip' in query:
try:
kwargs['skip'] = int(dejsonify(query['_skip']))
except ValueError:
print("Warning: Invalid _skip parameter.")
del query['_skip']
if '_count' in query:
count = dejsonify(query['_count'])
del query['_count']
if '_fields' in query:
kwargs['fields'] = dejsonify(query['_fields'])
del query['_fields']
if query:
# Decode any decoded values
kwargs['spec'] = {}
for key, value in six.iteritems(query):
kwargs['spec'][key] = dejsonify(value)
if count == "true":
return self._count_results(resource, kwargs)
return self._get_results(count=None,
error=None,
resource=resource,
kwargs=kwargs)
def _parse_arguments(self, resource):
"""Parse the critera to make friendly searches."""
kwargs = {}
count = None
arguments = self.request.arguments
if arguments:
query = dict((key, value[0]) for \
key, value in six.iteritems(arguments))
if '_limit' in query:
try:
kwargs['limit'] = int(dejsonify(query['_limit']))
except ValueError:
print("Warning: Invalid _limit parameter.")
del query['_limit']
if '_sort' in query:
kwargs['sort'] = dejsonify(query['_sort'])
del query['_sort']
if '_skip' in query:
try:
kwargs['skip'] = int(dejsonify(query['_skip']))
except ValueError:
print("Warning: Invalid _skip parameter.")
del query['_skip']
if '_count' in query:
count = dejsonify(query['_count'])
del query['_count']
if '_fields' in query:
kwargs['fields'] = dejsonify(query['_fields'])
del query['_fields']
if query:
# Decode any decoded values
kwargs['spec'] = {}
for key, value in six.iteritems(query):
kwargs['spec'][key] = dejsonify(value)
if count == "true":
return self._count_results(resource, kwargs)
return self._get_results(count=None, error=None,
resource=resource, kwargs=kwargs)
