Python indexable_role примеры использования

Пример #1

Файл: models.py Проект: woakes070048/abilian-sbe

def indexable_roles_and_users(community):
    """Mixin to use to replace Entity._indexable_roles_and_users.

    Will be removed when communities are upgraded to use standard role based
    access (by setting permissions and using security service).
    """
    return u' '.join(indexable_role(user) for user in community.members)

Пример #2

Файл: entities.py Проект: isaideureka/abilian-core

    def _indexable_roles_and_users(self):
        """Return a string made for indexing roles having :any:`READ`
        permission on this object."""
        from abilian.services.indexing import indexable_role
        from abilian.services.security import READ, Admin, Anonymous, Creator, Owner
        from abilian.services import get_service

        result = []
        security = get_service('security')

        # roles - required to match when user has a global role
        assignments = security.get_permissions_assignments(
            permission=READ,
            obj=self,
        )
        allowed_roles = assignments.get(READ, set())
        allowed_roles.add(Admin)

        for r in allowed_roles:
            result.append(indexable_role(r))

        for role, attr in (
            (Creator, 'creator'),
            (Owner, 'owner'),
        ):
            if role in allowed_roles:
                user = getattr(self, attr)
                if user:
                    result.append(indexable_role(user))

        # users and groups
        principals = set()
        for user, role in security.get_role_assignements(self):
            if role in allowed_roles:
                principals.add(user)

        if Anonymous in principals:
            # it's a role listed in role assignments - legacy when there wasn't
            # permission-role assignments
            principals.remove(Anonymous)

        for p in principals:
            result.append(indexable_role(p))

        return ' '.join(result)

Пример #3

Файл: entities.py Проект: abilian/abilian-core

    def _indexable_roles_and_users(self):
        """Return a string made for indexing roles having :any:`READ`
        permission on this object."""
        from abilian.services.indexing import indexable_role
        from abilian.services.security import READ, Admin, Anonymous, Creator, Owner
        from abilian.services import get_service

        result = []
        security = get_service("security")

        # roles - required to match when user has a global role
        assignments = security.get_permissions_assignments(permission=READ, obj=self)
        allowed_roles = assignments.get(READ, set())
        allowed_roles.add(Admin)

        for r in allowed_roles:
            result.append(indexable_role(r))

        for role, attr in ((Creator, "creator"), (Owner, "owner")):
            if role in allowed_roles:
                user = getattr(self, attr)
                if user:
                    result.append(indexable_role(user))

        # users and groups
        principals = set()
        for user, role in security.get_role_assignements(self):
            if role in allowed_roles:
                principals.add(user)

        if Anonymous in principals:
            # it's a role listed in role assignments - legacy when there wasn't
            # permission-role assignments
            principals.remove(Anonymous)

        for p in principals:
            result.append(indexable_role(p))

        return " ".join(result)

Пример #4

Файл: models.py Проект: woakes070048/abilian-sbe

    def _indexable_roles_and_users(self):
        """
        Returns a string made of type:id elements, like "user:2 group:1 user:6"
        """
        iter_from_root = reversed(list(self._iter_to_root()))
        if self.parent:
            # skip root folder only on non-root folder!
            iter_from_root.next()
        allowed = set(
            o[0]
            for o in security.get_role_assignements(iter_from_root.next()))

        for obj in iter_from_root:
            if obj.inherit_security:
                continue
            obj_allowed = set(o[0]
                              for o in security.get_role_assignements(obj))

            if Anonymous in obj_allowed:
                continue

            parent_allowed = allowed
            # pure intersection: users and groups in both are preserved
            allowed = allowed & obj_allowed
            remaining = parent_allowed - obj_allowed
            # find users who can access 'obj' because of their group memberships
            # 1. extends groups in obj_allowed with their actual member list
            extended_allowed = set(
                itertools.chain(*(p.members if isinstance(p, Group) else (p, )
                                  for p in obj_allowed)))

            # 2. remaining_users are users explicitly listed in parents but not on
            # obj. Are they in a group?
            remaining_users = set(o for o in remaining if isinstance(o, User))
            allowed |= (remaining_users & extended_allowed)

            # remaining groups: find if some users are eligible
            remaining_groups_members = set(
                itertools.chain(*(p.members for p in remaining
                                  if isinstance(p, Group))))
            allowed |= remaining_groups_members - extended_allowed

        # admin role is always granted access
        allowed.add(Admin)
        return u' '.join(indexable_role(p) for p in allowed)

Пример #5

Файл: models.py Проект: abilian/abilian-sbe

    def _indexable_roles_and_users(self):
        """Returns a string made of type:id elements, like "user:2 group:1
        user:6"."""
        iter_from_root = reversed(list(self._iter_to_root()))
        if self.parent:
            # skip root folder only on non-root folder!
            next(iter_from_root)
        allowed = {o[0] for o in security.get_role_assignements(next(iter_from_root))}

        for obj in iter_from_root:
            if obj.inherit_security:
                continue
            obj_allowed = {o[0] for o in security.get_role_assignements(obj)}

            if Anonymous in obj_allowed:
                continue

            parent_allowed = allowed
            # pure intersection: users and groups in both are preserved
            allowed = allowed & obj_allowed
            remaining = parent_allowed - obj_allowed
            # find users who can access 'obj' because of their group memberships
            # 1. extends groups in obj_allowed with their actual member list
            extended_allowed = set(
                itertools.chain(
                    *(p.members if isinstance(p, Group) else (p,) for p in obj_allowed)
                )
            )

            # 2. remaining_users are users explicitly listed in parents but not on
            # obj. Are they in a group?
            remaining_users = {o for o in remaining if isinstance(o, User)}
            allowed |= remaining_users & extended_allowed

            # remaining groups: find if some users are eligible
            remaining_groups_members = set(
                itertools.chain(*(p.members for p in remaining if isinstance(p, Group)))
            )
            allowed |= remaining_groups_members - extended_allowed

        # admin role is always granted access
        allowed.add(Admin)
        return " ".join(indexable_role(p) for p in allowed)