def parse_item(self): """ get parent object """ # pylint: disable=protected-access if self.raw_value == "": self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return None slug = self.raw_value obj = self.new_objects.get(self.parent, {}).get(slug) if obj is None: obj = self.parent.query.filter(self.parent.slug == slug).first() if obj is None: self.add_error(errors.UNKNOWN_OBJECT, object_type=self.parent._inflector.human_singular.title(), slug=slug) return None context_id = None if hasattr(obj, "context_id") and \ hasattr(self.row_converter.obj, "context_id"): context_id = obj.context_id if context_id is not None: name = self.row_converter.obj.__class__.__name__ if not permissions.is_allowed_create(name, None, context_id) \ and not permissions.has_conditions('create', name): self.add_error(errors.MAPPING_PERMISSION_ERROR, object_type=obj.type, slug=slug) return None return obj
def parse_item(self): """ get parent object """ # pylint: disable=protected-access if self.raw_value == "": self.add_error(errors.MISSING_VALUE_ERROR, column_name=self.display_name) return None slug = self.raw_value obj = self.new_objects.get(self.parent, {}).get(slug) if obj is None: obj = self.parent.query.filter(self.parent.slug == slug).first() if obj is None: self.add_error( errors.UNKNOWN_OBJECT, object_type=self.parent._inflector.human_singular.title(), slug=slug) return None context_id = None if hasattr(obj, "context_id") and \ hasattr(self.row_converter.obj, "context_id"): context_id = obj.context_id if context_id is not None: name = self.row_converter.obj.__class__.__name__ if not permissions.is_allowed_create(name, None, context_id) \ and not permissions.has_conditions('create', name): self.add_error(errors.MAPPING_PERMISSION_ERROR, object_type=obj.type, slug=slug) return None return obj
def contribute_to_program_view(sender, obj=None, context=None): if obj.context_id != None and \ permissions.is_allowed_read('Role', 1) and \ permissions.is_allowed_read('UserRole', obj.context_id) and \ permissions.is_allowed_create('UserRole', obj.context_id) and \ permissions.is_allowed_update('UserRole', obj.context_id) and \ permissions.is_allowed_delete('UserRole', obj.context_id): return 'permissions/programs/_role_assignments.haml' return None
def contribute_to_program_view(sender, obj=None, context=None): if obj.context_id is not None and \ rbac_permissions.is_allowed_read('Role', None, 1) and \ rbac_permissions.is_allowed_read('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_create('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_update('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_delete('UserRole', None, obj.context_id): return 'permissions/programs/_role_assignments.haml' return None
def handle_model_clone(cls, query): """Process cloning of objects. Args: query: Dict with parameters for cloning procedure. It should have following structure: { "sourceObjectIds": [1, 2], "destination": {"type": "Audit", "id": 2}, # optional "mappedObjects":[] # optional }. Returns: Response with status code 200 in case of success and 400 if provided parameters are invalid. """ source_objs, destination, mapped_types = cls._parse_query(query) clonned_objs = {} for source_obj in source_objs: if ( not permissions.is_allowed_read_for(source_obj) or not permissions.is_allowed_create( source_obj.type, source_obj.id, destination.context_id ) ): raise exceptions.Forbidden() clonned_objs[source_obj] = cls._copy_obj(source_obj, destination) for target, mapped_obj in cls._collect_mapped(source_objs, mapped_types): clonned_objs[mapped_obj] = cls._copy_obj(mapped_obj, target) cls._set_parent_context(clonned_objs.values(), destination) db.session.flush() for source, clonned in clonned_objs.items(): cls._clone_cads(source, clonned) if clonned_objs: db.session.add(log_event(db.session, flush=False)) db.session.commit() from ggrc.query import views collections = [] if cls.RETURN_OBJ_JSON: for obj in clonned_objs: collections.append( views.build_collection_representation(cls, obj.log_json()) ) return views.json_success_response(collections, datetime.datetime.utcnow())
def relationship_condition(instance, action, property_name, **_): if getattr(instance, 'context') is not None: context_id = getattr(instance.context, 'id') else: context_id = None for prop in property_name.split(','): obj = getattr(instance, prop) if context_id is not None and \ getattr(obj, 'context') is not None and \ getattr(obj.context, 'id') == context_id and \ is_allowed_create('Relationship', None, context_id): return True # Mapping a person does not require a permission check on the Person object if isinstance(obj, Person): continue if not find_permissions()._is_allowed_for(obj, action): return False return True
def handle_create(self, obj, src): """Do NOTHING by default""" pass def collection_post(self): if self.request.headers["Content-Type"] != "application/json": return current_app.make_response(("Content-Type must be application/json", 415, [])) obj = self.model() src = UnicodeSafeJsonWrapper(self.request.json) root_attribute = self.model._inflector.table_singular try: src = src[root_attribute] except KeyError, e: return current_app.make_response(('Required attribute "{0}" not found'.format(root_attribute), 400, [])) if not permissions.is_allowed_create(self.model.__name__, self.get_context_id_from_json(src)): raise Forbidden() if src.get("private") == True and src.get("context") is not None and src["context"].get("id") is not None: raise BadRequest('context MUST be "null" when creating a private resource.') elif "context" not in src: raise BadRequest("context MUST be specified.") else: if not permissions.is_allowed_create(self.model.__name__, self.get_context_id_from_json(src)): raise Forbidden() self.json_create(obj, src) self.model_posted.send(obj.__class__, obj=obj, src=src, service=self) obj.modified_by_id = get_current_user_id() db.session.add(obj) log_event(db.session, obj) db.session.commit() get_indexer().create_record(fts_record_for(obj))
def collection_post(self): if self.request.headers['Content-Type'] != 'application/json': return current_app.make_response(( 'Content-Type must be application/json', 415,[])) obj = self.model() src = UnicodeSafeJsonWrapper(self.request.json) root_attribute = self.model._inflector.table_singular try: src = src[root_attribute] except KeyError, e: return current_app.make_response(( 'Required attribute "{0}" not found'.format(root_attribute), 400, [])) if 'context_id' not in src: raise BadRequest('context_id MUST be specified.') if not permissions.is_allowed_create( self.model.__name__, src['context_id']): raise Forbidden() ggrc.builder.json.create(obj, src) #FIXME Fake the modified_by_id until we have that information in session. obj.modified_by_id = get_current_user_id() db.session.add(obj) db.session.commit() get_indexer().create_record(fts_record_for(obj)) return self.json_success_response( self.object_for_json(obj), self.modified_at(obj), id=obj.id, status=201) @classmethod def add_to(cls, app, url, model_class=None, decorators=()): if model_class: service_class = type(model_class.__name__, (Resource,), { '_model': model_class,
def collection_post(self): if self.request.headers['Content-Type'] != 'application/json': return current_app.make_response( ('Content-Type must be application/json', 415, [])) obj = self.model() src = UnicodeSafeJsonWrapper(self.request.json) root_attribute = self.model._inflector.table_singular try: src = src[root_attribute] except KeyError, e: return current_app.make_response( ('Required attribute "{0}" not found'.format(root_attribute), 400, [])) if 'context_id' not in src: raise BadRequest('context_id MUST be specified.') if not permissions.is_allowed_create(self.model.__name__, src['context_id']): raise Forbidden() ggrc.builder.json.create(obj, src) #FIXME Fake the modified_by_id until we have that information in session. obj.modified_by_id = get_current_user_id() db.session.add(obj) db.session.commit() get_indexer().create_record(fts_record_for(obj)) return self.json_success_response(self.object_for_json(obj), self.modified_at(obj), id=obj.id, status=201) @classmethod def add_to(cls, app, url, model_class=None, decorators=()): if model_class: