def get_group_queryset(request):
"""Obtain the queryset for groups."""
scope = request.query_params.get(SCOPE_KEY, ACCOUNT_SCOPE)
if scope != ACCOUNT_SCOPE:
return get_object_principal_queryset(request, scope, Group)
username = request.query_params.get('username')
if username:
get_principal(username, request.user.account)
return Group.objects.filter(principals__username__iexact=username) | Group.platform_default_set()
if has_group_all_access(request):
return get_annotated_groups() | Group.platform_default_set()
return Group.objects.none()
def obtain_groups_in(obj, request):
"""Shared function to get the groups the roles is in."""
scope_param = request.query_params.get("scope")
username_param = request.query_params.get("username")
policy_ids = list(obj.policies.values_list("id", flat=True))
if scope_param == "principal" or username_param:
principal = get_principal_from_request(request)
assigned_groups = Group.objects.filter(policies__in=policy_ids, principals__in=[principal])
return (assigned_groups | Group.platform_default_set()).distinct()
return Group.objects.filter(policies__in=policy_ids).distinct()
def get_group_queryset(request):
"""Obtain the queryset for groups."""
scope = request.query_params.get(SCOPE_KEY, ACCOUNT_SCOPE)
if scope != ACCOUNT_SCOPE:
return get_object_principal_queryset(request, scope, Group)
username = request.query_params.get("username")
if username:
principal = get_principal(username, request)
if principal.cross_account:
return Group.objects.none()
return Group.objects.filter(principals__username__iexact=username) | Group.platform_default_set()
if has_group_all_access(request):
return get_annotated_groups() | Group.platform_default_set()
access = user_has_perm(request, "group")
if access == "All":
return get_annotated_groups() | Group.platform_default_set()
if access == "None":
return Group.objects.none()
return Group.objects.filter(uuid__in=access) | Group.platform_default_set()