def _get_one_by_id(self, id, requester_user, permission_type, exclude_fields=None, from_model_kwargs=None): """ :param exclude_fields: A list of object fields to exclude. :type exclude_fields: ``list`` """ instance = self._get_by_id(resource_id=id, exclude_fields=exclude_fields) if permission_type: rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user, resource_db=instance, permission_type=permission_type) if not instance: msg = 'Unable to identify resource with id "%s".' % id abort(http_client.NOT_FOUND, msg) from_model_kwargs = from_model_kwargs or {} from_model_kwargs.update(self.from_model_kwargs) result = self.resource_model_filter(model=self.model, instance=instance, requester_user=requester_user, **from_model_kwargs) if not result: LOG.debug('Not returning the result because RBAC resource isolation is enabled and ' 'current user doesn\'t match the resource user') raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user, resource_api_or_db=instance, permission_type=permission_type) return result
def _get_one(self, ref_or_id, requester_user, permission_type, exclude_fields=None, include_fields=None, from_model_kwargs=None): try: instance = self._get_by_ref_or_id(ref_or_id=ref_or_id, exclude_fields=exclude_fields, include_fields=include_fields) except Exception as e: LOG.exception(str(e)) abort(http_client.NOT_FOUND, str(e)) return if permission_type: rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user, resource_db=instance, permission_type=permission_type) # Perform resource isolation check (if supported) from_model_kwargs = from_model_kwargs or {} from_model_kwargs.update(self.from_model_kwargs) result = self.resource_model_filter(model=self.model, instance=instance, requester_user=requester_user, **from_model_kwargs) if not result: LOG.debug('Not returning the result because RBAC resource isolation is enabled and ' 'current user doesn\'t match the resource user') raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user, resource_api_or_db=instance, permission_type=permission_type) return Response(json=result)
def _get_one_by_id( self, id, requester_user, permission_type, exclude_fields=None, include_fields=None, from_model_kwargs=None, get_by_id_kwargs=None, ): """ :param exclude_fields: A list of object fields to exclude. :type exclude_fields: ``list`` :param include_fields: A list of object fields to include. :type include_fields: ``list`` :param get_by_id_kwargs: Additional keyword arguments which are passed to the "_get_by_id()" method. :type get_by_id_kwargs: ``dict`` or ``None`` """ instance = self._get_by_id( resource_id=id, exclude_fields=exclude_fields, include_fields=include_fields, **get_by_id_kwargs or {}, ) if permission_type: rbac_utils = get_rbac_backend().get_utils_class() rbac_utils.assert_user_has_resource_db_permission( user_db=requester_user, resource_db=instance, permission_type=permission_type, ) if not instance: msg = 'Unable to identify resource with id "%s".' % id abort(http_client.NOT_FOUND, msg) from_model_kwargs = from_model_kwargs or {} from_model_kwargs.update(self.from_model_kwargs) result = self.resource_model_filter( model=self.model, instance=instance, requester_user=requester_user, **from_model_kwargs, ) if not result: LOG.debug( "Not returning the result because RBAC resource isolation is enabled and " "current user doesn't match the resource user") raise ResourceAccessDeniedPermissionIsolationError( user_db=requester_user, resource_api_or_db=instance, permission_type=permission_type, ) return result
def _get_one(self, ref_or_id, requester_user, permission_type, exclude_fields=None, from_model_kwargs=None): try: instance = self._get_by_ref_or_id(ref_or_id=ref_or_id, exclude_fields=exclude_fields) except Exception as e: LOG.exception(e.message) abort(http_client.NOT_FOUND, e.message) return if permission_type: rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user, resource_db=instance, permission_type=permission_type) from_model_kwargs = from_model_kwargs or {} from_model_kwargs.update(self.from_model_kwargs) result = self.resource_model_filter(model=self.model, instance=instance, requester_user=requester_user, **from_model_kwargs) if not result: LOG.debug('Not returning the result because RBAC resource isolation is enabled and ' 'current user doesn\'t match the resource user') raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user, resource_api_or_db=instance, permission_type=permission_type) if result and self.include_reference: pack = getattr(result, 'pack', None) name = getattr(result, 'name', None) result.ref = ResourceReference(pack=pack, name=name).ref return Response(json=result)