def is_gecos_master_or_403(request, collection_nodes, obj, schema_detail): domain = get_domain(obj, collection_nodes) if domain and domain['master'] != MASTER_DEFAULT and not is_local_user(obj, collection_nodes): if '_id' not in obj: raise HTTPForbidden() else: mongo_obj = collection_nodes.find_one({'_id': ObjectId(obj['_id'])}) mongo_obj = schema_detail().serialize(mongo_obj) obj = schema_detail().serialize(obj) del obj['policies'] del mongo_obj['policies'] if obj != mongo_obj: raise HTTPForbidden()
def is_gecos_master_or_403(request, collection_nodes, obj, schema_detail): domain = get_domain(obj, collection_nodes) if domain and domain['master'] != MASTER_DEFAULT and not is_local_user(obj, collection_nodes): if '_id' not in obj: raise HTTPForbidden() else: mongo_obj = collection_nodes.find_one({'_id': ObjectId(obj['_id'])}) mongo_obj = schema_detail().serialize(mongo_obj) obj = schema_detail().serialize(obj) del obj['policies'] del mongo_obj['policies'] if obj != mongo_obj: raise HTTPForbidden()
def master_policy_no_updated_or_403(request, collection_nodes, obj): if obj['type'] in RESOURCES_EMITTERS_TYPES or is_local_user(obj, collection_nodes): return domain = get_domain(obj, collection_nodes) or {} master_policies = domain.get('master_policies', {}) if master_policies: if '_id' in obj: mongo_obj = collection_nodes.find_one({'_id': obj['_id']}) else: mongo_obj = {} mongo_policies = mongo_obj.get('policies', {}) policies = obj.get('policies', {}) for policy_id, value in master_policies.items(): if mongo_policies.get(policy_id, None) != policies.get(policy_id, None): raise HTTPForbidden()
def master_policy_no_updated_or_403(request, collection_nodes, obj): if obj['type'] in RESOURCES_EMITTERS_TYPES or is_local_user(obj, collection_nodes): return domain = get_domain(obj, collection_nodes) or {} master_policies = domain.get('master_policies', {}) if master_policies: if '_id' in obj: mongo_obj = collection_nodes.find_one({'_id': obj['_id']}) else: mongo_obj = {} mongo_policies = mongo_obj.get('policies', {}) policies = obj.get('policies', {}) for policy_id, _value in master_policies.items(): if mongo_policies.get(policy_id, None) != policies.get(policy_id, None): raise HTTPForbidden()