def _get_one_by_id(self, id, requester_user, permission_type, exclude_fields=None,
from_model_kwargs=None):
"""
:param exclude_fields: A list of object fields to exclude.
:type exclude_fields: ``list``
"""
instance = self._get_by_id(resource_id=id, exclude_fields=exclude_fields)
if permission_type:
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=instance,
permission_type=permission_type)
if not instance:
msg = 'Unable to identify resource with id "%s".' % id
abort(http_client.NOT_FOUND, msg)
from_model_kwargs = from_model_kwargs or {}
from_model_kwargs.update(self.from_model_kwargs)
result = self.resource_model_filter(model=self.model, instance=instance,
requester_user=requester_user,
**from_model_kwargs)
if not result:
LOG.debug('Not returning the result because RBAC resource isolation is enabled and '
'current user doesn\'t match the resource user')
raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user,
resource_api_or_db=instance,
permission_type=permission_type)
return result
def _get_one(self, ref_or_id, requester_user, permission_type, exclude_fields=None,
include_fields=None, from_model_kwargs=None):
try:
instance = self._get_by_ref_or_id(ref_or_id=ref_or_id, exclude_fields=exclude_fields,
include_fields=include_fields)
except Exception as e:
LOG.exception(str(e))
abort(http_client.NOT_FOUND, str(e))
return
if permission_type:
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=instance,
permission_type=permission_type)
# Perform resource isolation check (if supported)
from_model_kwargs = from_model_kwargs or {}
from_model_kwargs.update(self.from_model_kwargs)
result = self.resource_model_filter(model=self.model, instance=instance,
requester_user=requester_user,
**from_model_kwargs)
if not result:
LOG.debug('Not returning the result because RBAC resource isolation is enabled and '
'current user doesn\'t match the resource user')
raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user,
resource_api_or_db=instance,
permission_type=permission_type)
return Response(json=result)
def _get_one_by_id(
self,
id,
requester_user,
permission_type,
exclude_fields=None,
include_fields=None,
from_model_kwargs=None,
get_by_id_kwargs=None,
):
"""
:param exclude_fields: A list of object fields to exclude.
:type exclude_fields: ``list``
:param include_fields: A list of object fields to include.
:type include_fields: ``list``
:param get_by_id_kwargs: Additional keyword arguments which are passed to the
"_get_by_id()" method.
:type get_by_id_kwargs: ``dict`` or ``None``
"""
instance = self._get_by_id(
resource_id=id,
exclude_fields=exclude_fields,
include_fields=include_fields,
**get_by_id_kwargs or {},
)
if permission_type:
rbac_utils = get_rbac_backend().get_utils_class()
rbac_utils.assert_user_has_resource_db_permission(
user_db=requester_user,
resource_db=instance,
permission_type=permission_type,
)
if not instance:
msg = 'Unable to identify resource with id "%s".' % id
abort(http_client.NOT_FOUND, msg)
from_model_kwargs = from_model_kwargs or {}
from_model_kwargs.update(self.from_model_kwargs)
result = self.resource_model_filter(
model=self.model,
instance=instance,
requester_user=requester_user,
**from_model_kwargs,
)
if not result:
LOG.debug(
"Not returning the result because RBAC resource isolation is enabled and "
"current user doesn't match the resource user")
raise ResourceAccessDeniedPermissionIsolationError(
user_db=requester_user,
resource_api_or_db=instance,
permission_type=permission_type,
)
return result
def _get_one(self, ref_or_id, requester_user, permission_type, exclude_fields=None,
from_model_kwargs=None):
try:
instance = self._get_by_ref_or_id(ref_or_id=ref_or_id, exclude_fields=exclude_fields)
except Exception as e:
LOG.exception(e.message)
abort(http_client.NOT_FOUND, e.message)
return
if permission_type:
rbac_utils.assert_user_has_resource_db_permission(user_db=requester_user,
resource_db=instance,
permission_type=permission_type)
from_model_kwargs = from_model_kwargs or {}
from_model_kwargs.update(self.from_model_kwargs)
result = self.resource_model_filter(model=self.model, instance=instance,
requester_user=requester_user,
**from_model_kwargs)
if not result:
LOG.debug('Not returning the result because RBAC resource isolation is enabled and '
'current user doesn\'t match the resource user')
raise ResourceAccessDeniedPermissionIsolationError(user_db=requester_user,
resource_api_or_db=instance,
permission_type=permission_type)
if result and self.include_reference:
pack = getattr(result, 'pack', None)
name = getattr(result, 'name', None)
result.ref = ResourceReference(pack=pack, name=name).ref
return Response(json=result)