def add( store: BaseAccessStore, name: str, permissions: list = [], inherits: list = [], users: list = [], ) -> bool: """ create a group in the store creates relationships with groups - users and permissions (if not exist) returns bool of success """ # don't do it if the group already exists if exists(store, name): return False # do it record = {"id": name, "update_ts": datetime.datetime.now().isoformat()} # CREATE THE GROUP res = put(store, name, record) # DEFINE THE GROUP-PERMISSION RELATIONSHIPS add_permissions(store, name, permissions=permissions) # DEFINE THE GROUP-USER RELATIONSHIPS for x in users: if not grant.group(name).to.user(x).exists(store): grant.group(name).to.user(x).create(store) # DEFINE THE GROUP-GROUP INHERITS RELATIONSHIPS add_inherits(store, name, inherits=inherits) return res
def add_users(store: BaseAccessStore, name: str, users: list = []) -> bool: if not exists(store, name): return None for x in users: if not grant.group(name).to.user(x).exists(store): grant.group(name).to.user(x) return True
def add_permissions(store: BaseAccessStore, name: str, permissions: list = []) -> bool: if not exists(store, name): return None for x in permissions: if not grant.permission(x).to.group(name).exists(store): grant.permission(x).to.group(name).create(store) return True
def add_inherits(store: BaseAccessStore, name: str, inherits: list = []) -> bool: if not exists(store, name): return None for gname in inherits: if not grant.group(gname).to.group(name): grant.group(gname).to.group(name).create(store) return True
def remove_permissions( store: BaseAccessStore, name: str, permissions: list = [] ) -> bool: if not exists(store, name): return None for x in permissions: grant.permission(x).to.group(name).delete(store) return True
def inherits(store: BaseAccessStore, name: str, already: list = []) -> list: """ grab all the groups inherited by group <name> stop an infinite inheritance loop by passing in <already> - a list of groups the function has already seen returns None if name does not exist """ record = get(store, name) if record is None: return already this_inherits = grant.group(name).groups(store) new_inherits = [] for gname in this_inherits: if gname in already: pass else: new_inherits.extend( list( set( [gname, *inherits(store, name=gname, already=[*already, gname])] ) ) ) out = list(set([*new_inherits, *already])) return out
def add_groups(store: BaseAccessStore, user_id: str, groups: list) -> bool: """create user-group relationship(s)""" for x in groups: if not Grant.group(x).to.user(user_id).exists(store): Grant.group(x).to.user(user_id).create(store) return True
def remove_permissions(store: BaseAccessStore, user_id: str, permissions: list) -> bool: """remove user-permission relationship""" for x in permissions: Grant.permission(x).to.user(user_id).create(store) return True
def remove_groups(store: BaseAccessStore, user_id: str, groups: list) -> bool: """remove all user-group relationship(s)""" for x in groups: Grant.group(x).to.user(user_id).create(store) return True
def remove_users(store: BaseAccessStore, name: str, users: list = []) -> bool: if not exists(store, name): return None for x in users: grant.group(name).to.user(x).delete(store) return True
def remove_inherits(store: BaseAccessStore, name: str, remove: list = []) -> bool: if not exists(store, name): return None for gname in remove: grant.group(gname).to.group(name).delete(store) return True