async def sharing_post(context, request):
"""Change permissions"""
lroles = local_roles()
data = await request.json()
if 'prinrole' not in data and \
'roleperm' not in data and \
'prinperm' not in data:
raise AttributeError('prinrole or roleperm or prinperm missing')
if 'type' not in data:
raise AttributeError('type missing')
setting = data['type']
# we need to check if we are changing any info
changed = False
if 'prinrole' in data:
if setting not in PermissionMap['prinrole']:
raise AttributeError('Invalid Type')
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
for user, roles in data['prinrole'].items():
for role in roles:
if role in lroles:
changed = True
func(role, user)
else:
raise KeyError('No valid local role')
if 'prinperm' in data:
if setting not in PermissionMap['prinperm']:
raise AttributeError('Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
for user, permissions in data['prinperm'].items():
for permision in permissions:
changed = True
func(permision, user)
if 'roleperm' in data:
if setting not in PermissionMap['roleperm']:
raise AttributeError('Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
for role, permissions in data['roleperm'].items():
for permission in permissions:
changed = True
func(permission, role)
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
def get_principals_with_access_content(obj, request=None):
if obj is None:
return []
roles = cached_roles(obj, "guillotina.AccessContent", "o")
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
users = cached_principals(obj, result, "guillotina.AccessContent", "o")
return list(users.keys())
def get_roles_with_access_content(obj, request=None):
""" Return the roles that has access to the content that are global roles"""
if obj is None:
return []
roles = cached_roles(obj, "guillotina.AccessContent", "o")
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
return result
async def apply_sharing(context, data):
lroles = role.local_roles()
changed = False
for perminhe in data.get('perminhe') or []:
setting = perminhe.get('setting')
if setting not in PermissionMap['perminhe']:
raise PreconditionFailed(
context, 'Invalid Type {}'.format(setting))
manager = IInheritPermissionManager(context)
operation = PermissionMap['perminhe'][setting]
func = getattr(manager, operation)
changed = True
func(perminhe['permission'])
for prinrole in data.get('prinrole') or []:
setting = prinrole.get('setting')
if setting not in PermissionMap['prinrole']:
raise PreconditionFailed(
context, 'Invalid Type {}'.format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
if prinrole['role'] in lroles:
changed = True
func(prinrole['role'], prinrole['principal'])
else:
raise PreconditionFailed(
context, 'No valid local role')
for prinperm in data.get('prinperm') or []:
setting = prinperm['setting']
if setting not in PermissionMap['prinperm']:
raise PreconditionFailed(
context, 'Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
changed = True
func(prinperm['permission'], prinperm['principal'])
for roleperm in data.get('roleperm') or []:
setting = roleperm['setting']
if setting not in PermissionMap['roleperm']:
raise PreconditionFailed(
context, 'Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
changed = True
func(roleperm['permission'], roleperm['role'])
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def apply_sharing(context, data):
lroles = role.local_roles()
changed = False
for perminhe in data.get('perminhe') or []:
setting = perminhe.get('setting')
if setting not in PermissionMap['perminhe']:
raise PreconditionFailed(context,
'Invalid Type {}'.format(setting))
manager = IInheritPermissionManager(context)
operation = PermissionMap['perminhe'][setting]
func = getattr(manager, operation)
changed = True
func(perminhe['permission'])
for prinrole in data.get('prinrole') or []:
setting = prinrole.get('setting')
if setting not in PermissionMap['prinrole']:
raise PreconditionFailed(context,
'Invalid Type {}'.format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
if prinrole['role'] in lroles:
changed = True
func(prinrole['role'], prinrole['principal'])
else:
raise PreconditionFailed(context, 'No valid local role')
for prinperm in data.get('prinperm') or []:
setting = prinperm['setting']
if setting not in PermissionMap['prinperm']:
raise PreconditionFailed(context, 'Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
changed = True
func(prinperm['permission'], prinperm['principal'])
for roleperm in data.get('roleperm') or []:
setting = roleperm['setting']
if setting not in PermissionMap['roleperm']:
raise PreconditionFailed(context, 'Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
changed = True
func(roleperm['permission'], roleperm['role'])
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def addPerms(obj, perms, changed=False):
"""apply some permissions. Copied almost verbatim from sharingPOST service
"""
lroles = local_roles()
groles = global_roles()
if ("prinrole" not in perms and "roleperm" not in perms
and "prinperm" not in perms):
raise PreconditionFailed(obj,
"prinrole or roleperm or prinperm missing")
for prinrole in perms.get("prinrole") or []:
setting = prinrole.get("setting")
if setting not in PermissionMap["prinrole"]:
raise PreconditionFailed(obj, "Invalid Type {}".format(setting))
manager = IPrincipalRoleManager(obj)
operation = PermissionMap["prinrole"][setting]
func = getattr(manager, operation)
if (obj.type_name == "Container"
and prinrole["role"] not in groles + lroles):
raise PreconditionFailed(
obj, "Not a valid role: {}".format(prinrole["role"]))
if obj.type_name != "Container" and prinrole["role"] not in lroles:
raise PreconditionFailed(
obj, "Not a valid local role: {}".format(prinrole["role"]))
changed = True
func(prinrole["role"], prinrole["principal"])
for prinperm in perms.get("prinperm") or []:
setting = prinperm["setting"]
if setting not in PermissionMap["prinperm"]:
raise PreconditionFailed(obj, "Invalid Type")
manager = IPrincipalPermissionManager(obj)
operation = PermissionMap["prinperm"][setting]
func = getattr(manager, operation)
changed = True
func(prinperm["permission"], prinperm["principal"])
for roleperm in perms.get("roleperm") or []:
setting = roleperm["setting"]
if setting not in PermissionMap["roleperm"]:
raise PreconditionFailed(obj, "Invalid Type")
manager = IRolePermissionManager(obj)
operation = PermissionMap["roleperm"][setting]
func = getattr(manager, operation)
changed = True
func(roleperm["permission"], roleperm["role"])
if changed:
obj._p_register() # make sure data is saved
def get_roles_with_access_content(obj, request=None):
""" Return the roles that has access to the content that are global roles"""
if obj is None:
return []
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
return result
def get_principals_with_access_content(obj, request=None):
if obj is None:
return {}
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
users = interaction.cached_principals(obj, result, 'guillotina.AccessContent', 'o')
return list(users.keys())
def get_roles_with_access_content(obj, request=None):
""" Return the roles that has access to the content that are global roles"""
if obj is None:
return []
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
return result
def get_principals_with_access_content(obj, request=None):
if obj is None:
return {}
if request is None:
request = get_current_request()
interaction = IInteraction(request)
roles = interaction.cached_roles(obj, 'guillotina.AccessContent', 'o')
result = []
all_roles = role.global_roles() + role.local_roles()
for r in roles.keys():
if r in all_roles:
result.append(r)
users = interaction.cached_principals(obj, result, 'guillotina.AccessContent', 'o')
return list(users.keys())
async def __call__(self, changed=False):
"""Change permissions"""
context = self.context
request = self.request
lroles = local_roles()
data = await request.json()
if 'prinrole' not in data and \
'roleperm' not in data and \
'prinperm' not in data:
raise PreconditionFailed(
self.context, 'prinrole or roleperm or prinperm missing')
for prinrole in data.get('prinrole') or []:
setting = prinrole.get('setting')
if setting not in PermissionMap['prinrole']:
raise PreconditionFailed(self.context,
'Invalid Type {}'.format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap['prinrole'][setting]
func = getattr(manager, operation)
if prinrole['role'] in lroles:
changed = True
func(prinrole['role'], prinrole['principal'])
else:
raise PreconditionFailed(self.context, 'No valid local role')
for prinperm in data.get('prinperm') or []:
setting = prinperm['setting']
if setting not in PermissionMap['prinperm']:
raise PreconditionFailed(self.context, 'Invalid Type')
manager = IPrincipalPermissionManager(context)
operation = PermissionMap['prinperm'][setting]
func = getattr(manager, operation)
changed = True
func(prinperm['permission'], prinperm['principal'])
for roleperm in data.get('roleperm') or []:
setting = roleperm['setting']
if setting not in PermissionMap['roleperm']:
raise PreconditionFailed(self.context, 'Invalid Type')
manager = IRolePermissionManager(context)
operation = PermissionMap['roleperm'][setting]
func = getattr(manager, operation)
changed = True
func(roleperm['permission'], roleperm['role'])
if changed:
context._p_register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
async def __call__(self):
roles = global_roles() + local_roles()
return roles
async def grantinfo(context, request):
""" principals -> roles """
search = request.query.get("search")
if search is not None:
search = search.lower()
result = {"available_roles": [], "entries": []}
# Inherit
inheritMap = IInheritPermissionMap(context)
permissions = inheritMap.get_locked_permissions()
if len(permissions) > 0:
blocked_permissions = permissions
result["inherit"] = False
else:
result["inherit"] = True
# Roles
roles = local_roles()
valid_roles = [
role for role in roles
if role in app_settings.get("available_roles", [])
]
for role in valid_roles:
role_obj = get_utility(IRole, name=role)
result["available_roles"].append({
"id": role,
"title": role_obj.title,
"description": role_obj.description
})
prinrole = IPrincipalRoleMap(context)
settings = [
setting for setting in prinrole.get_principals_and_roles()
if setting[0] in valid_roles
]
valid_settings = {}
default_roles = {role: None for role in valid_roles}
try:
container = get_current_container()
users = await container.async_get("users")
groups = await container.async_get("groups")
except (AttributeError, KeyError, ContainerNotFound):
return None
for data in settings:
if data[1] not in valid_settings:
user = await users.async_get(data[1])
if user:
valid_settings[data[1]] = {
"id": data[1],
"disabled": user.disabled,
"login": None,
"roles": deepcopy(default_roles),
"title": user.name,
"type": "user",
"origin": "dbusers",
}
else:
group = await groups.async_get(data[1])
if group:
valid_settings[data[1]] = {
"id": data[1],
"disabled": group.disabled,
"login": None,
"roles": deepcopy(default_roles),
"title": group.name,
"type": "group",
"origin": "dbusers",
}
else:
valid_settings[data[1]] = {
"id": data[1],
"disabled": False,
"login": None,
"roles": deepcopy(default_roles),
"title": data[1],
"type": "user",
"origin": "system",
}
valid_settings[data[1]]["roles"].update({data[0]: data[2]})
result["entries"] = list(valid_settings.values())
if search is not None:
catalog = query_utility(ICatalogUtility)
query_result = await catalog.search(container,
{"type_name": ["User", "Group"]})
for obj in query_result["items"]:
ident = obj.get("id", "")
if search in ident.lower() and ident not in valid_settings:
result["entries"].append({
"id": ident,
"disabled": False,
"login": None,
"roles": deepcopy(default_roles),
"title": obj.get("title", ""),
"type": obj.get("type_name").lower(),
})
return result
async def apply_sharing(context, data):
lroles = role.local_roles()
changed = False
for perminhe in data.get("perminhe") or []:
if not isinstance(perminhe, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(perminhe))
setting = perminhe.get("setting")
if setting not in PermissionMap["perminhe"]:
raise PreconditionFailed(context,
"Invalid Type {}".format(setting))
manager = IInheritPermissionManager(context)
operation = PermissionMap["perminhe"][setting]
func = getattr(manager, operation)
changed = True
func(perminhe["permission"])
for prinrole in data.get("prinrole") or []:
if not isinstance(prinrole, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(prinrole))
setting = prinrole.get("setting")
if setting not in PermissionMap["prinrole"]:
raise PreconditionFailed(context,
"Invalid Type {}".format(setting))
manager = IPrincipalRoleManager(context)
operation = PermissionMap["prinrole"][setting]
func = getattr(manager, operation)
if prinrole["role"] in lroles:
changed = True
func(prinrole["role"], prinrole["principal"])
else:
raise PreconditionFailed(context, "No valid local role")
for prinperm in data.get("prinperm") or []:
if not isinstance(prinperm, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(prinperm))
setting = prinperm["setting"]
if setting not in PermissionMap["prinperm"]:
raise PreconditionFailed(context, "Invalid Type")
manager = IPrincipalPermissionManager(context)
operation = PermissionMap["prinperm"][setting]
func = getattr(manager, operation)
changed = True
func(prinperm["permission"], prinperm["principal"])
for roleperm in data.get("roleperm") or []:
if not isinstance(roleperm, dict):
raise PreconditionFailed(
context, "Invalid Type, must be list {}".format(roleperm))
setting = roleperm["setting"]
if setting not in PermissionMap["roleperm"]:
raise PreconditionFailed(context, "Invalid Type")
manager = IRolePermissionManager(context)
operation = PermissionMap["roleperm"][setting]
func = getattr(manager, operation)
changed = True
func(roleperm["permission"], roleperm["role"])
if changed:
context.register() # make sure data is saved
await notify(ObjectPermissionsModifiedEvent(context, data))
