def _has_permission(self, user: UserClass, model: Type[Model], model_pk: int, permission_name: str): """Check if contributor has requested permissions. :raises RuntimeError: with detailed explanation when check fails. """ full_permission_name = get_full_perm(permission_name, model) object_ = model.objects.filter(pk=model_pk) if not object_: raise RuntimeError( f"Object {model._meta.model_name} with id {model_pk} not found." ) filtered_object = get_objects_for_user( user, [full_permission_name], object_, ) if not filtered_object: if object_: raise RuntimeError( f"No edit permission for {model._meta.model_name} with id {model_pk}." ) else: raise RuntimeError( f"Object {model._meta.model_name} with id {model_pk} not found." )
def filter_objects(self, user: UserClass, queryset: QuerySet, data: Data) -> QuerySet: """Filter the objects for the given user.""" inputs = queryset.filter(id__in=data.parents.all()) permission_name = get_full_perm("view", queryset.model) return (get_objects_for_user(user, permission_name, queryset).distinct().union(inputs))
def handle_get_relations(self, message: Message[int], manager: "Processor") -> Response[List[dict]]: """Get relations for the given collection object.""" collection = get_objects_for_user( manager.contributor, get_full_perm("view", Collection), Collection.objects.filter(id=message.message_data), ).get() return message.respond_ok(serialize_collection_relations(collection))
def to_internal_value(self, data): """Convert to internal value.""" # Allow None values only in case field is not required. if "id" in data and data["id"] is None and not self.required: return elif data.get("id", None) is not None: kwargs = {"id": data["id"]} elif data.get("slug", None) is not None: if self.root.instance: # ``self.root.instance != None`` means that an instance is # already present, so this is not "create" request. self.fail("slug_not_allowed") kwargs = {"slug": data["slug"]} else: self.fail("null", name=self.field_name) user = getattr(self.context.get("request"), "user") queryset = self.get_queryset() permission = get_full_perm(self.write_permission, queryset.model) try: return get_objects_for_user( user, permission, queryset.filter(**kwargs)).latest("version") except ObjectDoesNotExist: # Differentiate between "user has no permission" and "object does not exist" view_permission = get_full_perm("view", queryset.model) if permission != view_permission: try: get_objects_for_user( user, view_permission, queryset.filter(**kwargs)).latest("version") raise exceptions.PermissionDenied( "You do not have {} permission for {}: {}.".format( self.write_permission, self.model_name, data)) except ObjectDoesNotExist: pass self.fail("does_not_exist", value=smart_text(data), model_name=self.model_name)
def filter_objects(self, user: UserClass, queryset: QuerySet, data: Data) -> QuerySet: """Filter the objects for the given user. Snorage objects are special: we have to check if user has permission on the data model. The permission name must be given in the form 'app_label.permission_name' otherwise wrong content type is infered it the get_objects_for_user method. """ permission_name = "flow." + get_full_perm("view", Data) perms_filter = "data__pk__in" return (get_objects_for_user( user, permission_name, queryset, perms_filter=perms_filter).distinct().union( queryset.filter(contributor=user)))
def to_internal_value(self, data): """Convert to internal value.""" user = getattr(self.context.get('request'), 'user') queryset = self.get_queryset() permission = get_full_perm('view', queryset.model) try: return get_objects_for_user( user, permission, queryset.filter(**{self.slug_field: data}), ).latest() except ObjectDoesNotExist: self.fail( 'does_not_exist', slug_name=self.slug_field, value=smart_text(data), model_name=queryset.model._meta.model_name, # pylint: disable=protected-access ) except (TypeError, ValueError): self.fail('invalid')
def handle_get_process_requirements( self, message: Message[int], manager: "Processor") -> Response[dict]: """Return the requirements for the process with the given id.""" process_id = message.message_data filtered_process = get_objects_for_user( manager.contributor, get_full_perm("view", Process), Process.objects.filter(pk=process_id), ) process_requirements, process_slug = filtered_process.values_list( "requirements", "slug").get() resources = process_requirements.get("resources", {}) # Get limit defaults and overrides. limit_defaults = getattr(settings, "FLOW_PROCESS_RESOURCE_DEFAULTS", {}) limit_overrides = getattr(settings, "FLOW_PROCESS_RESOURCE_OVERRIDES", {}) limits = {} limits["cores"] = int(resources.get("cores", 1)) max_cores = getattr(settings, "FLOW_PROCESS_MAX_CORES", None) if max_cores: limits["cores"] = min(limits["cores"], max_cores) memory = limit_overrides.get("memory", {}).get(process_slug, None) if memory is None: memory = int( resources.get( "memory", # If no memory resource is configured, check settings. limit_defaults.get("memory", 4096), )) limits["memory"] = memory process_requirements["resources"] = limits return message.respond_ok(process_requirements)
def get_owner_names_value(self, obj): """Extract owners' names.""" return [ self._get_user(user) for user in get_users_with_permission(obj, get_full_perm('owner', obj)) ]
def get_owner_ids_value(self, obj): """Extract owners' ids.""" return [ user.pk for user in get_users_with_permission(obj, get_full_perm('owner', obj)) ]
def filter_objects(self, user: UserClass, queryset: QuerySet, data: Data) -> QuerySet: """Filter the objects for the given user.""" permission_name = get_full_perm("view", queryset.model) return get_objects_for_user(user, permission_name, queryset)
def test_get_full_perm(self): self.assertEqual(get_full_perm('view', self.collection), 'view_collection') self.assertEqual(get_full_perm('view', self.descriptor_schema), 'view_descriptorschema')
def get_owner_names_value(self, obj): """Extract owners' names.""" return [ self._get_user(user) for user in get_users_with_permission( obj, get_full_perm('owner', obj)) ]
def get_owner_ids_value(self, obj): """Extract owners' ids.""" return [ user.pk for user in get_users_with_permission( obj, get_full_perm('owner', obj)) ]
def filter_permission(self, queryset, name, value): """Filter queryset by permissions.""" user = self.request.user or AnonymousUser() perm = get_full_perm(value, queryset.model) return get_objects_for_user(user, perm, queryset)
def test_get_full_perm(self): self.assertEqual(get_full_perm('view', self.collection), 'view_collection') self.assertEqual(get_full_perm('view', self.descriptor_schema), 'view_descriptorschema')
def test_get_full_perm(self): self.assertEqual(get_full_perm("view", self.collection), "view_collection") self.assertEqual(get_full_perm("view", self.descriptor_schema), "view_descriptorschema")