def get(self, resource_id):
if not current_token.user_id:
return error_response(message='request should be on behalf of a user', code=400)
args = parse_json_args(self.get_parser.parse_args(), self.get_payload_json_parse_directives)
actions = args['actions']
resource_json = g.objstore_colln.find_one(
objstore_helper.resource_selector_doc(resource_id), projection=None
)
if not resource_json:
return error_response(message='resource not found', code=404)
referred_objects_graph = PermissionResolver.get_referred_objects_graph(
g.objstore_colln, resource_json, {resource_json['_id']: resource_json})
resolved_permissions = dict(
(
action,
PermissionResolver.resolve_permission_on_obj_with_referred_graph(
resource_json, referred_objects_graph, action, current_token.user_id, current_token.group_ids)
)
for action in actions
)
return resolved_permissions
def get(self, agent_id):
if not current_token.user_id:
return error_response(
message='request should be on behalf of a user', code=400)
args = self.get_parser.parse_args()
actions = jsonify_argument(args.get(
'actions', None), key='actions') or list(ObjectPermissions.ACTIONS)
check_argument_type(actions, (list, ), key='actions')
agent = objstore_helper.get_resource(g.users_colln,
agent_id,
projection=None)
if not agent:
return error_response(message='resource not found', code=404)
resolved_permissions = dict(
(action,
PermissionResolver.resolve_permission(agent,
action,
current_token.user_id,
current_token.group_ids,
g.users_colln,
true_if_none=False))
for action in actions)
return resolved_permissions
def get(self, file_id):
ool_data = g.objstore_colln.find_one({"_id": file_id})
if ool_data is None:
return error_response(message="file not found", code=404)
if not PermissionResolver.resolve_permission(
ool_data, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.objstore_colln):
return error_response(message='permission denied', code=403)
namespace = ool_data.get('namespace', None)
identifier = ool_data.get('identifier', None)
url = ool_data.get('url', None)
if None in (namespace, identifier, url):
return error_response(message='resource is not ool_data', code=404)
if namespace == '_vedavaapi':
local_namespace_data = ool_data.get('namespaceData', {})
mimetype = local_namespace_data.get('mimetype', None)
print({"mimetype": mimetype}, file=sys.stderr)
file_path = os.path.join(g.data_dir_path, identifier.lstrip('/'))
if not os.path.isfile(file_path):
return error_response(message='no representation available', code=404)
file_dir = os.path.dirname(file_path)
file_name = os.path.basename(file_path)
from flask import send_from_directory
return send_from_directory(
directory=file_dir, filename=file_name, mimetype=mimetype
)
else:
return flask.redirect(url)
def get(self, user_id):
args = self.get_parser.parse_args()
user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)
projection = jsonify_argument(args.get('projection', None),
key='projection')
check_argument_type(projection, (dict, ),
key='projection',
allow_none=True)
_validate_projection(projection)
projection = projection_helper.modified_projection(
projection, mandatory_attrs=["_id", "jsonClass"])
user = JsonObject.make_from_dict(
g.users_colln.find_one(user_selector_doc, projection=None))
if user is None:
return error_response(message='user not found', code=404)
if not PermissionResolver.resolve_permission(
user, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
user_json = user.to_json_map()
projected_user_json = users_helper.project_user_json(
user_json, projection=projection)
return projected_user_json
def get(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
group_selector_doc = self._group_selector_doc(group_identifier,
identifier_type)
projection = jsonify_argument(args.get('projection', None),
key='projection')
check_argument_type(projection, (dict, ),
key='projection',
allow_none=True)
_validate_projection(projection)
projection = projection_helper.modified_projection(
projection, mandatory_attrs=["_id", "jsonClass"])
group = JsonObject.make_from_dict(
g.users_colln.find_one(group_selector_doc, projection=None))
if group is None:
return error_response(message='group not found', code=404)
if not PermissionResolver.resolve_permission(
group, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
group_json = group.to_json_map()
projected_group_json = projection_helper.project_doc(
group_json, projection)
return projected_group_json
def get(self, user_id):
'''
if not current_token.user_id:
return error_response()
'''
args = self.get_parser.parse_args()
user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)
groups_projection = jsonify_argument(args.get('groups_projection',
None),
key='groups_projection')
check_argument_type(groups_projection, (dict, ), allow_none=True)
_validate_projection(groups_projection)
user_json = g.users_colln.find_one(user_selector_doc,
projection={
"_id": 1,
"permissions": 1
})
if not user_json:
return error_response(message='user not found', code=404)
if not PermissionResolver.resolve_permission(
user_json, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
user_group_jsons = groups_helper.get_user_groups(
g.users_colln, user_id, groups_projection=None)
permitted_user_group_jsons = []
for group_json in user_group_jsons:
if PermissionResolver.resolve_permission(group_json,
ObjectPermissions.READ,
current_token.user_id,
current_token.group_ids,
g.users_colln):
projection_helper.project_doc(group_json,
groups_projection,
in_place=True)
permitted_user_group_jsons.append(group_json)
return permitted_user_group_jsons, 200
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
update_doc = {"$pull": {"members": {"$in": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count
def get(self, resource_id):
args = self.get_parser.parse_args()
args = parse_json_args(args, self.get_payload_json_parse_directives)
projection = args['projection']
resource_json = g.objstore_colln.find_one(
objstore_helper.resource_selector_doc(resource_id), projection=None
)
if not resource_json:
return error_response(message='resource not found', code=404)
if not PermissionResolver.resolve_permission(
resource_json, ObjectPermissions.READ,
current_token.user_id, current_token.group_ids, g.objstore_colln):
return error_response(message='permission denied', code=403)
projection_helper.project_doc(resource_json, projection, in_place=True)
return resource_json
def get(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
# noinspection PyProtectedMember
group_selector_doc = GroupResource._group_selector_doc(
group_identifier, identifier_type)
group = JsonObject.make_from_dict(
g.users_colln.find_one(group_selector_doc, projection=None))
if group is None:
return error_response(message='group not found', code=404)
if not PermissionResolver.resolve_permission(
group, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
member_ids = group.members if hasattr(group, 'members') else []
return member_ids
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
for user_id in user_ids:
from . import users_helper
user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1})
if user_json is None:
raise ObjModelException('user "{}" not found'.format(user_id), 403)
update_doc = {"$addToSet": {"members": {"$each": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count