def delRole(self, name): ''' Delete a role from the auth system. Args: name (str): The user name to delete. Returns: True: True if the operation succeeded. Raises: s_exc.NoSuchRole: If the role does not exist. ''' with self.lenv.begin(write=True) as xact: role = self.roles.pop(name, None) if role is None: raise s_exc.NoSuchRole(name=name) nenc = name.encode('utf8') xact.delete(nenc, db=self._db_roles) for user in self.users.values(): role = user.roles.pop(name, None) if role is not None: nenc = user.name.encode('utf8') data = user._getAuthData() data['vers'] = authver byts = s_msgpack.en(data) xact.put(nenc, byts, db=self._db_users) return True
def addUserRole(self, username, rolename): user = self.cell.auth.users.get(username) if user is None: raise s_exc.NoSuchUser(user=username) role = self.cell.auth.roles.get(rolename) if role is None: raise s_exc.NoSuchRole(role=rolename) user.addRole(rolename)
async def revoke(self, name): role = self.auth.rolesbyname.get(name) if role is None: raise s_exc.NoSuchRole(name=name) roles = list(self.roles) if role.iden not in roles: return roles.remove(role.iden) await self.info.set('roles', roles)
async def revoke(self, name): role = self.auth.rolesbyname.get(name) if role is None: raise s_exc.NoSuchRole(name=name) if role.name == 'all': raise s_exc.CantRevokeAllRole(mesg='role "all" may not be revoked') roles = list(self.info.get('roles')) if role.iden not in roles: return roles.remove(role.iden) await self.auth.setUserInfo(self.iden, 'roles', roles)
async def delRole(self, name): role = self.rolesbyname.get(name) if role is None: raise s_exc.NoSuchRole(name=name) self.rolesbyiden.pop(role.iden) self.rolesbyname.pop(role.name) path = self.node.full + ('roles', role.iden) for user in self._getUsersInRole(role): await user.revokeRole(role) # directly set the nodes value and let events prop await self.node.hive.pop(path)
async def grant(self, name, indx=None): role = self.auth.rolesbyname.get(name) if role is None: raise s_exc.NoSuchRole(name=name) roles = list(self.roles) if role.iden in roles: return if indx is None: roles.append(role.iden) else: roles.insert(indx, role.iden) await self.info.set('roles', roles)
def reqRole(self, role): ''' Get a role object. Args: role (str): Name of the role object to get. Returns: Role: Role object. Raises: s_exc.NoSuchRole: If the role does not exist. ''' role = self.roles.get(role) if not role: raise s_exc.NoSuchRole(role=role) return role
def addRole(self, name): ''' Grant a role to a user. Args: name (str): The name of the role to grant. Returns: True: Raises: s_exc.NoSuchRole: If the role does not exist. ''' role = self.auth.roles.get(name) if role is None: raise s_exc.NoSuchRole(name=name) self.roles[name] = role self._saveAuthData() return True
async def delRole(self, name): if name == 'all': raise s_exc.CantDelAllRole(mesg='role "all" may not be deleted') role = self.rolesbyname.get(name) if role is None: raise s_exc.NoSuchRole(name=name) for user in self._getUsersInRole(role): await user.revoke(role.name) for gate in self.authgates.values(): await gate._delGateRole(role.iden) self.rolesbyiden.pop(role.iden) self.rolesbyname.pop(role.name) await role.fini() # directly set the node's value and let events prop path = self.node.full + ('roles', role.iden) await self.node.hive.pop(path)
async def reqRoleByName(self, name): role = await self.getRoleByName(name) if role is None: mesg = f'No role named {name}.' raise s_exc.NoSuchRole(mesg=mesg) return role