def dudoc_has_perm(self, udoc, dudoc, perm, ddoc=None):
if not udoc or not dudoc:
return False
# TODO(iceboy): Fix caller when dudoc=None is passed in.
role = dudoc.get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(ddoc if ddoc else self.domain).get(role, builtin.PERM_NONE)
return ((perm & mask) == perm
or self.udoc_has_priv(udoc, builtin.PRIV_MANAGE_ALL_DOMAIN))
def dudoc_has_perm(self, udoc, dudoc, perm):
if not udoc or not dudoc:
return False
# TODO(iceboy): Fix caller when dudoc=None is passed in.
role = dudoc.get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE)
return ((perm & mask) == perm
or self.udoc_has_priv(udoc, builtin.PRIV_MANAGE_ALL_DOMAIN))
async def get(self):
uids = []
rudocs = collections.defaultdict(list)
async for dudoc in domain.get_multi_user(domain_id=self.domain_id,
role={'$gte': ''},
fields={'uid': 1, 'role': 1, 'display_name': 1}):
if 'role' in dudoc:
uids.append(dudoc['uid'])
rudocs[dudoc['role']].append(dudoc)
roles = sorted(list(domain.get_all_roles(self.domain).keys()))
roles_with_text = [(role, role) for role in roles]
udict = await user.get_dict(uids)
self.render('domain_manage_user.html', roles=roles, roles_with_text=roles_with_text,
rudocs=rudocs, udict=udict)
async def prepare_domain(self):
dudict = await domain.get_dict_user_by_domain_id(self.user['_id'])
dids = list(dudict.keys())
dodocs = await domain.get_multi(_id={'$in': dids}).to_list()
#dodocs = await domain.get_multi().to_list()
can_manage = {}
for dodoc in builtin.DOMAINS + dodocs:
role = dudict.get(dodoc['_id'], {}).get('role',
builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(dodoc).get(role, builtin.PERM_NONE)
can_manage[dodoc['_id']] = (
((builtin.PERM_EDIT_DESCRIPTION | builtin.PERM_EDIT_PERM)
& mask) != 0 or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
return dodocs, dudict, can_manage
async def get(self):
pending_ddocs = await domain.get_pending(owner_uid=self.user['_id']) \
.to_list()
dudict = await domain.get_dict_user_by_domain_id(self.user['_id'])
dids = list(dudict.keys())
ddocs = await domain.get_multi(_id={'$in': dids}) \
.to_list()
can_manage = {}
for ddoc in builtin.DOMAINS + ddocs:
role = dudict.get(ddoc['_id'], {}).get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(ddoc).get(role, builtin.PERM_NONE)
can_manage[ddoc['_id']] = (
((builtin.PERM_EDIT_DESCRIPTION | builtin.PERM_EDIT_PERM) & mask) != 0
or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
self.render('home_domain.html', pending_ddocs=pending_ddocs, ddocs=ddocs, dudict=dudict, can_manage=can_manage)
async def get(self):
pending_ddocs = await domain.get_pending(owner_uid=self.user['_id']) \
.to_list()
dudict = await domain.get_dict_user_by_domain_id(self.user['_id'])
dids = list(dudict.keys())
ddocs = await domain.get_multi(_id={'$in': dids}) \
.to_list()
can_manage = {}
for ddoc in builtin.DOMAINS + ddocs:
role = dudict.get(ddoc['_id'], {}).get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(ddoc).get(role, builtin.PERM_NONE)
can_manage[ddoc['_id']] = (
((builtin.PERM_EDIT_DESCRIPTION | builtin.PERM_EDIT_PERM) & mask) != 0
or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
self.render('home_domain.html', pending_ddocs=pending_ddocs, ddocs=ddocs, dudict=dudict, can_manage=can_manage)
async def get(self):
uids = []
rudocs = collections.defaultdict(list)
async for dudoc in domain.get_multi_user(domain_id=self.domain_id,
role={'$gte': ''},
fields={
'uid': 1,
'role': 1
}):
if 'role' in dudoc:
uids.append(dudoc['uid'])
rudocs[dudoc['role']].append(dudoc)
roles = sorted(list(domain.get_all_roles(self.domain).keys()))
roles_with_text = [(role, role) for role in roles]
udict = await user.get_dict(uids)
self.render('domain_manage_user.html',
roles=roles,
roles_with_text=roles_with_text,
rudocs=rudocs,
udict=udict)
def has_perm(self, perm):
role = self.domain_user.get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE)
return ((int(perm) & int(mask)) == perm
or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
async def post_add(self, *, role: str):
if role in domain.get_all_roles(self.domain):
raise error.DomainRoleAlreadyExistError(self.domain_id, role)
await domain.set_role(self.domain_id, role,
builtin.DEFAULT_PERMISSIONS)
self.json_or_redirect(self.url)
def has_perm(self, perm):
role = self.domain_user.get('role', builtin.ROLE_DEFAULT)
mask = domain.get_all_roles(self.domain).get(role, builtin.PERM_NONE)
return ((perm & mask) == perm
or self.has_priv(builtin.PRIV_MANAGE_ALL_DOMAIN))
async def post_add(self, *, role: str):
if role in domain.get_all_roles(self.domain):
raise error.DomainRoleAlreadyExistError(self.domain_id, role)
await domain.set_role(self.domain_id, role, builtin.DEFAULT_PERMISSIONS)
self.json_or_redirect(self.url)
