def get(cls, entry_id, db_session=None): """ get entry by primary key from session """ if not entry_id: return None db_session = get_db_session(db_session) query = db_session.query(cls.model) return query.get(entry_id)
def get_paginator( cls, page=1, item_count=None, items_per_page=50, db_session=None, filter_params=None, **kwargs ): """ returns paginator over users belonging to the group""" if filter_params is None: filter_params = {} db_session = get_db_session(db_session) query = db_session.query(User) user_name_like = filter_params.get("user_name_like") if user_name_like: query = query.filter(User.user_name.like(user_name_like + "%")) query = query.order_by(User.id) return SqlalchemyOrmPage( query, page=page, item_count=item_count, items_per_page=items_per_page, **kwargs )
def delete_branch(cls, resource_id=None, db_session=None, *args, **kwargs): """ This deletes whole branch with children starting from resource_id :param resource_id: :param db_session: :return: """ tablename = cls.model.__table__.name # lets lock rows to prevent bad tree states resource = ResourceService.lock_resource_for_update( resource_id=resource_id, db_session=db_session) parent_id = resource.parent_id ordering = resource.ordering raw_q = """ WITH RECURSIVE subtree AS ( SELECT res.resource_id FROM {tablename} AS res WHERE res.resource_id = :resource_id UNION ALL SELECT res_u.resource_id FROM {tablename} res_u, subtree st WHERE res_u.parent_id = st.resource_id ) DELETE FROM resources where resource_id in (select * from subtree); """.format(tablename=tablename) db_session = get_db_session(db_session) text_obj = sa.text(raw_q) db_session.execute(text_obj, params={'resource_id': resource_id}) cls.shift_ordering_down(parent_id, ordering, db_session=db_session) return True
def path_upper(cls, object_id, limit_depth=1000000, db_session=None, *args, **kwargs): """ This returns you path to root node starting from object_id currently only for postgresql :param object_id: :param limit_depth: :param db_session: :return: """ tablename = cls.model.__table__.name raw_q = """ WITH RECURSIVE subtree AS ( SELECT res.*, 1 as depth FROM {tablename} res WHERE res.resource_id = :resource_id UNION ALL SELECT res_u.*, depth+1 as depth FROM {tablename} res_u, subtree st WHERE res_u.resource_id = st.parent_id ) SELECT * FROM subtree WHERE depth<=:depth; """.format(tablename=tablename) db_session = get_db_session(db_session) q = db_session.query(cls.model).from_statement(sa.text(raw_q)).params( resource_id=object_id, depth=limit_depth) return q
def from_resource_deeper( cls, resource_id=None, limit_depth=1000000, db_session=None, *args, **kwargs ): """ This returns you subtree of ordered objects relative to the start resource_id (currently only implemented in postgresql) :param resource_id: :param limit_depth: :param db_session: :return: """ tablename = cls.model.__table__.name raw_q = """ WITH RECURSIVE subtree AS ( SELECT res.*, 1 AS depth, LPAD(res.ordering::CHARACTER VARYING, 7, '0') AS sorting, res.resource_id::CHARACTER VARYING AS path FROM {tablename} AS res WHERE res.resource_id = :resource_id UNION ALL SELECT res_u.*, depth+1 AS depth, (st.sorting::CHARACTER VARYING || '/' || LPAD(res_u.ordering::CHARACTER VARYING, 7, '0') ) AS sorting, (st.path::CHARACTER VARYING || '/' || res_u.resource_id::CHARACTER VARYING ) AS path FROM {tablename} res_u, subtree st WHERE res_u.parent_id = st.resource_id ) SELECT * FROM subtree WHERE depth<=:depth ORDER BY sorting; """.format( tablename=tablename ) # noqa db_session = get_db_session(db_session) text_obj = sa.text(raw_q) query = db_session.query(cls.model, "depth", "sorting", "path") query = query.from_statement(text_obj) query = query.params(resource_id=resource_id, depth=limit_depth) return query
def set_position(cls, resource_id, to_position, db_session=None, *args, **kwargs): """ Sets node position for new node in the tree :param resource_id: resource to move :param to_position: new position :param db_session: :return:def count_children(cls, resource_id, db_session=None): """ db_session = get_db_session(db_session) # lets lock rows to prevent bad tree states resource = ResourceService.lock_resource_for_update( resource_id=resource_id, db_session=db_session) cls.check_node_position(resource.parent_id, to_position, on_same_branch=True, db_session=db_session) cls.shift_ordering_up(resource.parent_id, to_position, db_session=db_session) db_session.flush() db_session.expire(resource) resource.ordering = to_position return True
def check_node_position(cls, parent_id, position, on_same_branch, db_session=None, *args, **kwargs): """ Checks if node position for given parent is valid, raises exception if this is not the case :param parent_id: :param position: :param on_same_branch: indicates that we are checking same branch :param db_session: :return: """ db_session = get_db_session(db_session) if not position or position < 1: raise ZigguratResourceOutOfBoundaryException( 'Position is lower than {}', value=1) item_count = cls.count_children(parent_id, db_session=db_session) max_value = item_count if on_same_branch else item_count + 1 if position > max_value: raise ZigguratResourceOutOfBoundaryException( 'Maximum resource ordering is {}', value=max_value)
def users_for_perms(cls, perm_names, db_session=None): """ return users hat have one of given permissions :param perm_names: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query(cls.model) query = query.filter( cls.models_proxy.User.id == cls.models_proxy.UserGroup.user_id ) query = query.filter( cls.models_proxy.UserGroup.group_id == cls.models_proxy.GroupPermission.group_id ) query = query.filter(cls.models_proxy.GroupPermission.perm_name.in_(perm_names)) query2 = db_session.query(cls.model) query2 = query2.filter( cls.models_proxy.User.id == cls.models_proxy.UserPermission.user_id ) query2 = query2.filter( cls.models_proxy.UserPermission.perm_name.in_(perm_names) ) users = query.union(query2).order_by(cls.model.id) return users
def check_node_parent(cls, resource_id, new_parent_id, db_session=None, *args, **kwargs): """ Checks if parent destination is valid for node :param resource_id: :param new_parent_id: :param db_session: :return: """ db_session = get_db_session(db_session) new_parent = ResourceService.lock_resource_for_update( resource_id=new_parent_id, db_session=db_session) # we are not moving to "root" so parent should be found if not new_parent and new_parent_id is not None: raise ZigguratResourceTreeMissingException( 'New parent node not found') else: result = cls.path_upper(new_parent_id, db_session=db_session) path_ids = [r.resource_id for r in result] if resource_id in path_ids: raise ZigguratResourceTreePathException( 'Trying to insert node into itself')
def get(cls, group_id, db_session=None): """ get group by primary key from session """ if not group_id: return None db_session = get_db_session(db_session) query = db_session.query(cls.model) return query.get(group_id)
def group_perms_for_user(cls, instance, user, db_session=None): """ returns permissions that given user has for this resource that are inherited from groups :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) perms = resource_permissions_for_users(cls.models_proxy, ANY_PERMISSION, resource_ids=[ instance.resource_id], user_ids=[user.id], db_session=db_session) perms = [p for p in perms if p.type == 'group'] # include all perms if user is the owner of this resource groups_dict = dict([(g.id, g) for g in user.groups]) if instance.owner_group_id in groups_dict: perms.append(PermissionTuple(user, ALL_PERMISSIONS, 'group', groups_dict.get( instance.owner_group_id), instance, True, True)) return perms
def groups_for_perm(cls, instance, perm_name, group_ids=None, limit_group_permissions=False, db_session=None): """ return PermissionTuples for groups that have given permission for the resource, perm_name is __any_permission__ then users with any permission will be listed :param instance: :param perm_name: :param group_ids: limits the permissions to specific group ids :param limit_group_permissions: should be used if we do not want to have user objects returned for group permissions, this might cause performance issues for big groups :param db_session: :return: """ db_session = get_db_session(db_session, instance) group_perms = resource_permissions_for_users( cls.models_proxy, [perm_name], [instance.resource_id], group_ids=group_ids, limit_group_permissions=limit_group_permissions, skip_user_perms=True, db_session=db_session) if instance.owner_group_id: for user in instance.owner_group.users: group_perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'group', instance.owner_group, instance, True, True)) return group_perms
def group_perms_for_user(cls, instance, user, db_session=None): """ returns permissions that given user has for this resource that are inherited from groups :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) perms = resource_permissions_for_users( cls.models_proxy, ANY_PERMISSION, resource_ids=[instance.resource_id], user_ids=[user.id], db_session=db_session) perms = [p for p in perms if p.type == 'group'] # include all perms if user is the owner of this resource groups_dict = dict([(g.id, g) for g in user.groups]) if instance.owner_group_id in groups_dict: perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'group', groups_dict.get(instance.owner_group_id), instance, True, True)) return perms
def permissions(cls, instance, db_session=None): """ returns all non-resource permissions based on what groups user belongs and directly set ones for this user :param instance: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.GroupPermission.group_id.label('owner_id'), cls.models_proxy.GroupPermission.perm_name.label('perm_name'), sa.literal('group').label('type')) query = query.filter(cls.models_proxy.GroupPermission.group_id == cls.models_proxy.UserGroup.group_id) query = query.filter( cls.models_proxy.User.id == cls.models_proxy.UserGroup.user_id) query = query.filter(cls.models_proxy.User.id == instance.id) query2 = db_session.query( cls.models_proxy.UserPermission.user_id.label('owner_id'), cls.models_proxy.UserPermission.perm_name.label('perm_name'), sa.literal('user').label('type')) query2 = query2.filter( cls.models_proxy.UserPermission.user_id == instance.id) query = query.union(query2) groups_dict = dict([(g.id, g) for g in instance.groups]) return [ PermissionTuple( instance, row.perm_name, row.type, groups_dict.get(row.owner_id) if row.type == 'group' else None, None, False, True) for row in query ]
def groups_for_perm(cls, instance, perm_name, group_ids=None, limit_group_permissions=False, db_session=None): """ return PermissionTuples for groups that have given permission for the resource, perm_name is __any_permission__ then users with any permission will be listed :param instance: :param perm_name: :param group_ids: limits the permissions to specific group ids :param limit_group_permissions: should be used if we do not want to have user objects returned for group permissions, this might cause performance issues for big groups :param db_session: :return: """ db_session = get_db_session(db_session, instance) group_perms = resource_permissions_for_users(cls.models_proxy, [perm_name], [instance.resource_id], group_ids=group_ids, limit_group_permissions=limit_group_permissions, skip_user_perms=True, db_session=db_session) if instance.owner_group_id: for user in instance.owner_group.users: group_perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'group', instance.owner_group, instance, True, True)) return group_perms
def direct_perms_for_user(cls, instance, user, db_session=None): """ returns permissions that given user has for this resource without ones inherited from groups that user belongs to :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.UserResourcePermission.user_id, cls.models_proxy.UserResourcePermission.perm_name) query = query.filter( cls.models_proxy.UserResourcePermission.user_id == user.id) query = query.filter(cls.models_proxy.UserResourcePermission. resource_id == instance.resource_id) perms = [ PermissionTuple(user, row.perm_name, 'user', None, instance, False, True) for row in query ] # include all perms if user is the owner of this resource if instance.owner_user_id == user.id: perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'user', None, instance, True)) return perms
def direct_perms_for_user(cls, instance, user, db_session=None): """ returns permissions that given user has for this resource without ones inherited from groups that user belongs to :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.UserResourcePermission.user_id, cls.models_proxy.UserResourcePermission.perm_name) query = query.filter(cls.models_proxy.UserResourcePermission.user_id == user.id) query = query.filter( cls.models_proxy.UserResourcePermission.resource_id == instance.resource_id) perms = [PermissionTuple(user, row.perm_name, 'user', None, instance, False, True) for row in query] # include all perms if user is the owner of this resource if instance.owner_user_id == user.id: perms.append(PermissionTuple(user, ALL_PERMISSIONS, 'user', None, instance, True)) return perms
def from_resource_deeper(cls, resource_id=None, limit_depth=1000000, db_session=None, *args, **kwargs): """ This returns you subtree of ordered objects relative to the start resource_id (currently only implemented in postgresql) :param resource_id: :param limit_depth: :param db_session: :return: """ tablename = cls.model.__table__.name raw_q = """ WITH RECURSIVE subtree AS ( SELECT res.*, 1 AS depth, res.ordering::CHARACTER VARYING AS sorting, res.resource_id::CHARACTER VARYING AS path FROM {tablename} AS res WHERE res.resource_id = :resource_id UNION ALL SELECT res_u.*, depth+1 AS depth, (st.sorting::CHARACTER VARYING || '/' || res_u.ordering::CHARACTER VARYING ) AS sorting, (st.path::CHARACTER VARYING || '/' || res_u.resource_id::CHARACTER VARYING ) AS path FROM {tablename} res_u, subtree st WHERE res_u.parent_id = st.resource_id ) SELECT * FROM subtree WHERE depth<=:depth ORDER BY sorting; """.format(tablename=tablename) db_session = get_db_session(db_session) text_obj = sa.text(raw_q) query = db_session.query(cls.model, 'depth', 'sorting', 'path') query = query.from_statement(text_obj) query = query.params(resource_id=resource_id, depth=limit_depth) return query
def users_for_perm( cls, instance, perm_name, user_ids=None, group_ids=None, limit_group_permissions=False, skip_group_perms=False, db_session=None, ): """ return PermissionTuples for users AND groups that have given permission for the resource, perm_name is __any_permission__ then users with any permission will be listed :param instance: :param perm_name: :param user_ids: limits the permissions to specific user ids :param group_ids: limits the permissions to specific group ids :param limit_group_permissions: should be used if we do not want to have user objects returned for group permissions, this might cause performance issues for big groups :param skip_group_perms: do not attach group permissions to the resultset :param db_session: :return: """ # noqa db_session = get_db_session(db_session, instance) users_perms = resource_permissions_for_users( cls.models_proxy, [perm_name], [instance.resource_id], user_ids=user_ids, group_ids=group_ids, limit_group_permissions=limit_group_permissions, skip_group_perms=skip_group_perms, db_session=db_session, ) if instance.owner_user_id: users_perms.append( PermissionTuple( instance.owner, ALL_PERMISSIONS, "user", None, instance, True, True ) ) if instance.owner_group_id and not skip_group_perms: for user in instance.owner_group.users: users_perms.append( PermissionTuple( user, ALL_PERMISSIONS, "group", instance.owner_group, instance, True, True, ) ) return users_perms
def permissions(self): """ .. deprecated:: 0.8 :return: """ db_session = get_db_session(None, self) return UserService.permissions(self, db_session=db_session)
def get_paginator(cls, page=1, item_count=None, items_per_page=50, db_session=None, **kwargs): """ returns paginator over users belonging to the group""" db_session = get_db_session(db_session) query = db_session.query(Group) query = query.order_by(Group.group_name) return SqlalchemyOrmPage(query, page=page, item_count=item_count, items_per_page=items_per_page, **kwargs)
def base_query(cls, db_session=None): """ returns base query for specific service :param db_session: :return: query """ db_session = get_db_session(db_session) return db_session.query(cls.model)
def perms_for_user(cls, instance, user, db_session=None): """ returns all permissions that given user has for this resource from groups and directly set ones too :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.GroupResourcePermission.group_id.label( 'owner_id'), cls.models_proxy.GroupResourcePermission.perm_name, sa.literal('group').label('type')) query = query.filter( cls.models_proxy.GroupResourcePermission.group_id.in_( [gr.id for gr in user.groups] ) ) query = query.filter( cls.models_proxy.GroupResourcePermission.resource_id == instance.resource_id) query2 = db_session.query( cls.models_proxy.UserResourcePermission.user_id.label('owner_id'), cls.models_proxy.UserResourcePermission.perm_name, sa.literal('user').label('type')) query2 = query2.filter( cls.models_proxy.UserResourcePermission.user_id == user.id) query2 = query2.filter( cls.models_proxy.UserResourcePermission.resource_id == instance.resource_id) query = query.union(query2) groups_dict = dict([(g.id, g) for g in user.groups]) perms = [PermissionTuple(user, row.perm_name, row.type, groups_dict.get(row.owner_id) if row.type == 'group' else None, instance, False, True) for row in query] # include all perms if user is the owner of this resource if instance.owner_user_id == user.id: perms.append(PermissionTuple(user, ALL_PERMISSIONS, 'user', None, instance, True, True)) groups_dict = dict([(g.id, g) for g in user.groups]) if instance.owner_group_id in groups_dict: perms.append(PermissionTuple(user, ALL_PERMISSIONS, 'group', groups_dict.get( instance.owner_group_id), instance, True, True)) return perms
def by_group_name(cls, group_name, db_session=None): """ fetch group by name .. deprecated:: 0.8 """ db_session = get_db_session(db_session) return GroupService.by_group_name(group_name=group_name, db_session=db_session)
def by_resource_name(name,db_session=None): db_session = get_db_session(db_session) try: resource = db_session.query(Resource).filter(Resource.resource_name==name).one() log.debug(resource) return ResourceService.by_resource_id(resource_id=resource.resource_id, db_session=db_session) except Exception as e: log.debug('Error retrieving resource by name, {0}'.format(e)) raise
def resources_with_possible_perms( cls, instance, perm_names=None, resource_ids=None, resource_types=None, db_session=None, ): """ returns list of permissions and resources for this group, resource_ids restricts the search to specific resources :param instance: :param perm_names: :param resource_ids: :param resource_types: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.GroupResourcePermission.perm_name, cls.models_proxy.Group, cls.models_proxy.Resource, ) query = query.filter(cls.models_proxy.Resource.resource_id == cls. models_proxy.GroupResourcePermission.resource_id) query = query.filter(cls.models_proxy.Group.id == cls.models_proxy.GroupResourcePermission.group_id) if resource_ids: query = query.filter( cls.models_proxy.GroupResourcePermission.resource_id.in_( resource_ids)) if resource_types: query = query.filter( cls.models_proxy.Resource.resource_type.in_(resource_types)) if perm_names not in ([ANY_PERMISSION], ANY_PERMISSION) and perm_names: query = query.filter( cls.models_proxy.GroupResourcePermission.perm_name.in_( perm_names)) query = query.filter( cls.models_proxy.GroupResourcePermission.group_id == instance.id) perms = [ PermissionTuple(None, row.perm_name, "group", instance, row.Resource, False, True) for row in query ] for resource in instance.resources: perms.append( PermissionTuple(None, ALL_PERMISSIONS, "group", instance, resource, True, True)) return perms
def by_resource_name(name, db_session=None): db_session = get_db_session(db_session) try: resource = db_session.query(Resource).filter( Resource.resource_name == name).one() log.debug(resource) return ResourceService.by_resource_id( resource_id=resource.resource_id, db_session=db_session) except Exception as e: log.debug('Error retrieving resource by name, {0}'.format(e)) raise
def get(cls, resource_id, db_session=None): """ Fetch row using primary key - will use existing object in session if already present :param resource_id: :param db_session: :return: """ db_session = get_db_session(db_session) return db_session.query(cls.model).get(resource_id)
def by_group_name(cls, group_name, db_session=None): """ fetch group by name :param group_name: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query(cls.model).filter(cls.model.group_name == group_name) return query.first()
def by_id(cls, user_id, db_session=None): """ .. deprecated:: 0.8 :param user_id: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_id(user_id=user_id, db_session=db_session)
def by_email(cls, email, db_session=None): """ .. deprecated:: 0.8 :param email: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_email(email=email, db_session=db_session)
def get(cls, user_id, db_session=None): """ Fetch row using primary key - will use existing object in session if already present :param user_id: :param db_session: :return: """ db_session = get_db_session(db_session) return db_session.query(cls.model).get(user_id)
def get(cls, group_id, perm_name, db_session=None): """ Fetch row using primary key - will use existing object in session if already present :param group_id: :param perm_name: :param db_session: :return: """ db_session = get_db_session(db_session) return db_session.query(cls.model).get([group_id, perm_name])
def by_group_name(cls, group_name, db_session=None): """ fetch group by name :param group_name: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query( cls.model).filter(cls.model.group_name == group_name) return query.first()
def by_user_names(cls, user_names, db_session=None): """ .. deprecated:: 0.8 :param user_names: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_user_names(user_names=user_names, db_session=db_session)
def user_names_like(cls, user_name, db_session=None): """ .. deprecated:: 0.8 :param user_name: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.user_names_like(user_name=user_name, db_session=db_session)
def users_for_perms(cls, perm_names, db_session=None): """ .. deprecated:: 0.8 :param perm_names: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.users_for_perms(perm_names=perm_names, db_session=db_session)
def perms_for_user(cls, instance, user, db_session=None): """ returns all permissions that given user has for this resource from groups and directly set ones too :param instance: :param user: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.GroupResourcePermission.group_id.label( 'owner_id'), cls.models_proxy.GroupResourcePermission.perm_name, sa.literal('group').label('type')) query = query.filter( cls.models_proxy.GroupResourcePermission.group_id.in_( [gr.id for gr in user.groups])) query = query.filter(cls.models_proxy.GroupResourcePermission. resource_id == instance.resource_id) query2 = db_session.query( cls.models_proxy.UserResourcePermission.user_id.label('owner_id'), cls.models_proxy.UserResourcePermission.perm_name, sa.literal('user').label('type')) query2 = query2.filter( cls.models_proxy.UserResourcePermission.user_id == user.id) query2 = query2.filter(cls.models_proxy.UserResourcePermission. resource_id == instance.resource_id) query = query.union(query2) groups_dict = dict([(g.id, g) for g in user.groups]) perms = [ PermissionTuple( user, row.perm_name, row.type, groups_dict.get(row.owner_id) if row.type == 'group' else None, instance, False, True) for row in query ] # include all perms if user is the owner of this resource if instance.owner_user_id == user.id: perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'user', None, instance, True, True)) groups_dict = dict([(g.id, g) for g in user.groups]) if instance.owner_group_id in groups_dict: perms.append( PermissionTuple(user, ALL_PERMISSIONS, 'group', groups_dict.get(instance.owner_group_id), instance, True, True)) return perms
def by_resource_id(cls, resource_id, db_session=None): """ fetch the resouce by id :param resource_id: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query( cls.model).filter(cls.model.resource_id == int(resource_id)) return query.first()
def group_perms_for_user(self, user, db_session=None): """ .. deprecated:: 0.8 :param user: :param db_session: :return: """ db_session = get_db_session(db_session, self) return ResourceService.group_perms_for_user( self, user=user, db_session=db_session)
def by_resource_id(cls, resource_id, db_session=None): """ fetch the resouce by id :param resource_id: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query(cls.model).filter(cls.model.resource_id == int(resource_id)) return query.first()
def all(cls, klass, db_session=None): """ returns all objects of specific type - will work correctly with sqlalchemy inheritance models, you should normally use models base_query() instead of this function its for bw. compat purposes :param klass: :param db_session: :return: """ db_session = get_db_session(db_session) return db_session.query(klass)
def by_resource_id(cls, resource_id, db_session=None): """ .. deprecated:: 0.8 :param resource_id: :param db_session: :return: """ db_session = get_db_session(db_session) return ResourceService.by_resource_id(resource_id=resource_id, db_session=db_session)
def get(cls, user_id, perm_name, db_session=None): """ Fetch row using primary key - will use existing object in session if already present :param user_id: :param perm_name: :param db_session: :return: """ db_session = get_db_session(db_session) return db_session.query(cls.model).get([user_id, perm_name])
def resources_with_possible_perms(cls, instance, perm_names=None, resource_ids=None, resource_types=None, db_session=None): """ returns list of permissions and resources for this group, resource_ids restricts the search to specific resources :param instance: :param perm_names: :param resource_ids: :param resource_types: :param db_session: :return: """ db_session = get_db_session(db_session, instance) query = db_session.query( cls.models_proxy.GroupResourcePermission.perm_name, cls.models_proxy.Group, cls.models_proxy.Resource ) query = query.filter( cls.models_proxy.Resource.resource_id == cls.models_proxy.GroupResourcePermission.resource_id) query = query.filter( cls.models_proxy.Group.id == cls.models_proxy.GroupResourcePermission.group_id) if resource_ids: query = query.filter( cls.models_proxy.GroupResourcePermission.resource_id.in_( resource_ids)) if resource_types: query = query.filter( cls.models_proxy.Resource.resource_type.in_(resource_types)) if (perm_names not in ( [ANY_PERMISSION], ANY_PERMISSION) and perm_names): query = query.filter( cls.models_proxy.GroupResourcePermission.perm_name.in_( perm_names)) query = query.filter( cls.models_proxy.GroupResourcePermission.group_id == instance.id) perms = [PermissionTuple(None, row.perm_name, 'group', instance, row.Resource, False, True) for row in query] for resource in instance.resources: perms.append( PermissionTuple(None, ALL_PERMISSIONS, 'group', instance, resource, True, True)) return perms
def lock_resource_for_update(cls, resource_id, db_session): """ Selects resource for update - locking access for other transactions :param resource_id: :param db_session: :return: """ db_session = get_db_session(db_session) query = db_session.query(cls.model) query = query.filter(cls.model.resource_id == resource_id) query = query.with_for_update() return query.first()