def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwargs): logger.debug("Received m2m_changed from group %s permissions with action %s" % (instance, action)) if instance.pk and (action == "post_remove" or action == "post_clear"): logger.debug("Checking if service permission changed for group {}".format(instance)) # As validating an entire groups service could lead to many thousands of permission checks # first we check that one of the permissions changed is, in fact, a service permission. perms = Permission.objects.filter(pk__in=pk_set) got_change = False service_perms = [svc.access_perm for svc in ServicesHook.get_services()] for perm in perms: natural_key = perm.natural_key() path_perm = "{}.{}".format(natural_key[1], natural_key[0]) if path_perm not in service_perms: # Not a service permission, keep searching continue for svc in ServicesHook.get_services(): if svc.access_perm == path_perm: logger.debug("Permissions changed for group {} on " "service {}, re-validating services for groups users".format(instance, svc)) def validate_all_groups_users_for_service(): logger.debug("Performing validation for service {}".format(svc)) for user in instance.user_set.all(): svc.validate_user(user) transaction.on_commit(validate_all_groups_users_for_service) got_change = True break # Found service, break out of services iteration and go back to permission iteration if not got_change: logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwargs): logger.debug("Received m2m_changed from group %s permissions with action %s" % (instance, action)) if instance.pk and (action == "post_remove" or action == "post_clear"): logger.debug("Checking if service permission changed for group {}".format(instance)) # As validating an entire groups service could lead to many thousands of permission checks # first we check that one of the permissions changed is, in fact, a service permission. perms = Permission.objects.filter(pk__in=pk_set) got_change = False service_perms = [svc.access_perm for svc in ServicesHook.get_services()] for perm in perms: natural_key = perm.natural_key() path_perm = "{}.{}".format(natural_key[1], natural_key[0]) if path_perm not in service_perms: # Not a service permission, keep searching continue for svc in ServicesHook.get_services(): if svc.access_perm == path_perm: logger.debug("Permissions changed for group {} on " "service {}, re-validating services for groups users".format(instance, svc)) def validate_all_groups_users_for_service(): logger.debug("Performing validation for service {}".format(svc)) for user in instance.user_set.all(): svc.validate_user(user) transaction.on_commit(validate_all_groups_users_for_service) got_change = True break # Found service, break out of services iteration and go back to permission iteration if not got_change: logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
def validate_all_services(): logger.debug("Validating all services for user {}".format(instance)) for svc in ServicesHook.get_services(): try: svc.validate_user(instance) except: logger.exception( 'Exception running validate_user for services module {} on user {}'.format(svc, instance))
def validate_services(self, user): logger.debug('Ensuring user %s has permissions for active services'.format(user)) # Iterate through services hooks and have them check the validity of the user for svc in ServicesHook.get_services(): try: svc.validate_user(user) except: logger.exception('Exception running validate_user for services module %s on user %s' % (svc, user))
def validate_all_services(): logger.debug("Validating all services for user {}".format(instance)) for svc in ServicesHook.get_services(): try: svc.validate_user(instance) except: logger.exception( 'Exception running validate_user for services module {} on user {}'.format(svc, user))
def trigger_service_group_update(): logger.debug("Triggering service group update for %s" % instance) # Iterate through Service hooks for svc in ServicesHook.get_services(): try: svc.validate_user(instance) svc.update_groups(instance) except: logger.exception('Exception running update_groups for services module %s on user %s' % (svc, instance))
def trigger_service_group_update(): logger.debug("Triggering service group update for %s" % instance) # Iterate through Service hooks for svc in ServicesHook.get_services(): try: svc.validate_user(instance) svc.update_groups(instance) except: logger.exception('Exception running update_groups for services module %s on user %s' % (svc, instance))
def validate_services(self, user): logger.debug( 'Ensuring user %s has permissions for active services'.format(user)) # Iterate through services hooks and have them check the validity of the user for svc in ServicesHook.get_services(): try: svc.validate_user(user) except: logger.exception( 'Exception running validate_user for services module %s on user %s' % (svc, user))