async def test_register_service_permission(container_requester): cur_count = len(configure.get_configurations('guillotina.tests', 'service')) class TestService(Service): async def __call__(self): return {"foo": "bar"} configure.permission('guillotina.NoBody', 'Nobody has access') configure.register_configuration( TestService, dict(context=IContainer, name="@foobar2", permission='guillotina.NoBody'), 'service') assert len(configure.get_configurations( 'guillotina.tests', 'service')) == cur_count + 1 # noqa async with container_requester as requester: config = requester.root.app.config configure.load_configuration(config, 'guillotina.tests', 'service') config.execute_actions() response, status = await requester('GET', '/db/guillotina/@foobar2') assert status == 401
# -*- coding: utf-8 -*- from guillotina import configure from guillotina.i18n import MessageFactory _ = MessageFactory('guillotina_dbusers') app_settings = { "auth_user_identifiers": ["guillotina_dbusers.users.DBUserIdentifier"] } configure.permission("guillotina.NotAuthenticated", "") configure.permission("guillotina.Authenticated", "") configure.permission("guillotina.AddUser", title="Add plone user") configure.permission("guillotina.AddGroup", title="Add plone group") configure.grant(permission="guillotina.AccessContent", role="guillotina.Anonymous") configure.grant(permission="guillotina.NotAuthenticated", role="guillotina.Anonymous") configure.grant(permission="guillotina.Authenticated", role="guillotina.Authenticated") configure.grant(permission="guillotina.AddUser", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.AddGroup", role="guillotina.ContainerAdmin") def includeme(root, settings): configure.scan('guillotina_dbusers.content.users') configure.scan('guillotina_dbusers.content.groups') configure.scan('guillotina_dbusers.install') configure.scan('guillotina_dbusers.services')
@index_field.with_accessor(IExample, 'categories_accessor', field='categories') def categories_index_accessor(ob): if not ob.categories: raise NoIndexField else: return [c['label'] for c in ob.categories] @index_field.with_accessor(IExample, 'foobar_accessor') def foobar_accessor(ob): return 'foobar' configure.permission('example.MyPermission', 'example permission') @implementer(IExample) class Example(Resource): pass class IMarkerBehavior(Interface): pass class ITestBehavior(Interface): foobar = schema.TextLine(required=False) foobar_context = schema.TextLine(required=False, default='default-foobar')
from guillotina import configure configure.permission('guillotina.AccessContent', 'Access content') configure.permission('guillotina.ModifyContent', 'Modify content') configure.permission('guillotina.DeleteContent', 'Delete content') configure.permission('guillotina.AddContent', 'Add content') configure.permission('guillotina.MoveContent', 'Move content') configure.permission('guillotina.DuplicateContent', 'Duplicate content') configure.permission('guillotina.ViewContent', 'View content') configure.permission('guillotina.AddContainer', 'Add a portal/DB') configure.permission('guillotina.GetContainers', 'Get a portal/DB') configure.permission('guillotina.DeleteContainers', 'Delete a portal') configure.permission('guillotina.MountDatabase', 'Mount a Database') configure.permission('guillotina.GetDatabases', 'Get Databases') configure.permission('guillotina.UmountDatabase', 'Umount a Database') configure.permission('guillotina.AccessPreflight', 'Access Preflight View') configure.permission('guillotina.ReadConfiguration', 'Read a configuration') configure.permission('guillotina.WriteConfiguration', 'Write a configuration') configure.permission('guillotina.RegisterConfigurations', 'Register a new configuration on Registry') configure.permission('guillotina.ManageAddons', 'Manage addons on a container') configure.permission('guillotina.SeePermissions', 'See permissions') configure.permission('guillotina.ChangePermissions', 'Change permissions') configure.permission('guillotina.SearchContent', 'Search content')
from guillotina import configure # Add new permission configure.permission("guillotina.ManageAMQP", "Manage guillotina amqp endpoints") configure.permission("guillotina.DebugAMQP", "Debug guillotina amqp tasks") # Grant it to guillotina.Manager configure.grant(permission="guillotina.ManageAMQP", role="guillotina.Manager") configure.grant(permission="guillotina.DebugAMQP", role="guillotina.Manager")
'port': 6379, 'ttl': 3600, 'memory_cache_size': 209715200, 'updates_channel': 'guillotina', 'pool': { 'minsize': 5, 'maxsize': 100 }, 'cluster_mode': False }, "load_utilities": { "guillotina_rediscache.cache": { 'provides': 'guillotina_rediscache.interfaces.IRedisChannelUtility', # noqa 'factory': 'guillotina_rediscache.utility.RedisChannelUtility', 'settings': {} } } } configure.permission('guillotina_rediscache.Manage', 'Manage redis cache') configure.grant(permission="guillotina_rediscache.Manage", role="guillotina.Manager") def includeme(root, settings): configure.scan('guillotina_rediscache.cache_strategy') configure.scan('guillotina_rediscache.utility') configure.scan('guillotina_rediscache.api') configure.scan('guillotina_rediscache.serialize')
from guillotina import configure configure.permission('hive.Manage', 'Manage Hive Cluster') configure.permission('hive.Schedulle', 'Schedulle tasks') configure.grant( permission="hive.Manage", role="guillotina.ContainerAdmin")
from guillotina import configure # Add new permission configure.permission('guillotina.ManageAMQP', 'Manage guillotina amqp endpoints') # Grant it to guillotina.Manager configure.grant( permission='guillotina.ManageAMQP', role='guillotina.Manager')
}, "hive_tasks": {}, "hive": { "image": None, "default_namespace": "hive", "orchestrator": "k8s", "cluster_config": {}, "guillotina_default": { "entrypoint": None, "volumes": None, "volumeMounts": None, "envFrom": None, "container_args": ["guillotina", "hive-worker"] }, 'quota': None, 'settings_serializer': 'guillotina_hive.utils.settings_serializer' } } configure.permission('guillotina_hive.Manage', 'Manage hive') configure.grant(permission="guillotina_hive.Manage", role="guillotina.Manager") def includeme(root): configure.scan('guillotina_hive.content') configure.scan('guillotina_hive.client') configure.scan('guillotina_hive.install') configure.scan('guillotina_hive.permissions') configure.scan('guillotina_hive.api') configure.scan('guillotina_hive.builtins')
from guillotina import configure configure.permission("guillotina.AddJinjaTemplate", title="Add Jinja template") configure.grant(permission="guillotina.AddJinjaTemplate", role="guillotina.Manager") configure.grant(permission="guillotina.AddJinjaTemplate", role="guillotina.ContainerAdmin")
from guillotina import configure configure.permission('guillotina.ManageVersioning', 'Ability to modify versioning on an object') configure.permission('guillotina.ManageConstraints', 'Allow to check and change type constraints') configure.permission('guillotina.ReviewContent', 'Review content permission') configure.permission('guillotina.RequestReview', 'Request review content permission') configure.grant(permission='guillotina.ManageVersioning', role='guillotina.Manager') configure.grant(permission='guillotina.ManageConstraints', role='guillotina.Manager') configure.grant(permission='guillotina.ManageConstraints', role='guillotina.ContainerAdmin') configure.grant(permission='guillotina.ReviewContent', role='guillotina.Reviewer') configure.grant(permission='guillotina.ReviewContent', role='guillotina.Manager') configure.grant(permission='guillotina.RequestReview', role='guillotina.Manager') configure.grant(permission='guillotina.RequestReview', role='guillotina.Owner')
from guillotina import configure configure.permission("guillotina.swagger.View", "View swagger definition") configure.grant(permission="guillotina.swagger.View", role="guillotina.Anonymous") configure.grant(permission="guillotina.swagger.View", role="guillotina.Authenticated") app_settings = { "static": { "swagger_static": "guillotina.contrib.swagger:static" }, "swagger": { "authentication_allowed": True, "base_url": None, "auth_storage_search_keys": ["auth"], "base_configuration": { "swagger": "2.0", "info": { "version": "", "title": "Guillotina", "description": "The REST Resource API", }, "host": "", "basePath": "", "schemes": [], "produces": ["application/json"], "consumes": ["application/json"], "paths": {}, "definitions": {}, },
from guillotina import configure configure.permission("guillotina.AddUser", title="Add plone user") configure.permission("guillotina.AddGroup", title="Add plone group") configure.permission("guillotina.Nobody", "Permission not assigned to anyone") configure.permission("guillotina.ManageUsers", "Manage Users on site", "Be able to manage users on site") configure.grant(permission="guillotina.AddUser", role="guillotina.Manager") configure.grant(permission="guillotina.AddGroup", role="guillotina.Manager") configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager") configure.grant(permission="guillotina.AddUser", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.AddGroup", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.ManageUsers", role="guillotina.ContainerAdmin")
from guillotina import configure configure.permission("guillotina.ManageVersioning", "Ability to modify versioning on an object") configure.permission("guillotina.ManageConstraints", "Allow to check and change type constraints") configure.permission("guillotina.ReviewContent", "Review content permission") configure.permission("guillotina.RequestReview", "Request review content permission") configure.permission("guillotina.ViewComments", "View comments") configure.permission("guillotina.ModifyComments", "Modify comments") configure.permission("guillotina.AddComments", "Add comments") configure.permission("guillotina.DeleteComments", "Delete comments") configure.permission("guillotina.DeleteAllComments", "Delete all comments") configure.grant(permission="guillotina.ManageVersioning", role="guillotina.Manager") configure.grant(permission="guillotina.ManageConstraints", role="guillotina.Manager") configure.grant(permission="guillotina.ManageConstraints", role="guillotina.ContainerAdmin") configure.grant(permission="guillotina.ReviewContent", role="guillotina.Reviewer") configure.grant(permission="guillotina.ReviewContent", role="guillotina.Manager")
from . import settings from guillotina import configure from guillotina.interfaces import IFolder import json import pytest pytestmark = pytest.mark.asyncio configure.permission("dbusers.SeeTopSecret", "SeeTopSecret", "Ability to see TopSecret docs") configure.role("dbusers.DoubleO", "00 Agent") configure.grant(permission="dbusers.SeeTopSecret", role="dbusers.DoubleO") @configure.service( context=IFolder, method="GET", permission="dbusers.SeeTopSecret", name="@top-secret", ) async def top_secret(context, request): return {"documents": ["abcd"]} @pytest.mark.app_settings(settings.DEFAULT_SETTINGS) async def test_roles_in_groups(dbusers_requester): async with dbusers_requester as requester: # Create the group 'top-agents' and assign the role "dbusers.DoubleO" resp, status = await requester( "POST", "/db/guillotina/groups", data=json.dumps({"id": "top-agents", "@type": "Group", "user_roles": ["dbusers.DoubleO"]}),
@index_field.with_accessor(IExample, "categories_accessor", field="categories") def categories_index_accessor(ob): if not ob.categories: raise NoIndexField else: return [c["label"] for c in ob.categories] @index_field.with_accessor(IExample, "foobar_accessor") def foobar_accessor(ob): return "foobar" configure.permission("example.MyPermission", "example permission") @implementer(IExample) class Example(Resource): # type: ignore pass class IMarkerBehavior(Interface): pass class ITestBehavior(Interface): foobar = schema.TextLine(required=False) foobar_context = schema.TextLine(required=False, default="default-foobar")
@index_field.with_accessor(IExample, "categories_accessor", field="categories") def categories_index_accessor(ob): if not ob.categories: raise NoIndexField else: return [c["label"] for c in ob.categories] @index_field.with_accessor(IExample, "foobar_accessor") def foobar_accessor(ob): return "foobar" configure.permission("example.MyPermission", "example permission") configure.permission("foo.Permission", "Foo permission") configure.permission("example.MyPermissionOwner", "example permission owner") configure.grant(role="guillotina.Owner", permission="example.MyPermissionOwner") @implementer(IExample) class Example(Resource): # type: ignore pass class IMarkerBehavior(Interface): pass
from guillotina import configure configure.permission("guillotina.Nobody", "Permission not assigned to anyone") configure.permission("guillotina.ManageUsers", "Manage Users on site", "Be able to manage users on site") configure.grant(permission="guillotina.ManageUsers", role="guillotina.Manager")
from guillotina import configure configure.permission("guillotina.AccessContent", "Access content") configure.permission("guillotina.ModifyContent", "Modify content") configure.permission("guillotina.DeleteContent", "Delete content") configure.permission("guillotina.AddContent", "Add content") configure.permission("guillotina.MoveContent", "Move content") configure.permission("guillotina.DuplicateContent", "Duplicate content") configure.permission("guillotina.ViewContent", "View content") configure.permission("guillotina.AddContainer", "Add a portal/DB") configure.permission("guillotina.GetContainers", "Get a portal/DB") configure.permission("guillotina.DeleteContainers", "Delete a portal") configure.permission("guillotina.MountDatabase", "Mount a Database") configure.permission("guillotina.GetDatabases", "Get Databases") configure.permission("guillotina.UmountDatabase", "Umount a Database") configure.permission("guillotina.AccessPreflight", "Access Preflight View") configure.permission("guillotina.ReadConfiguration", "Read a configuration") configure.permission("guillotina.WriteConfiguration", "Write a configuration") configure.permission("guillotina.RegisterConfigurations", "Register a new configuration on Registry") configure.permission("guillotina.ManageAddons", "Manage addons on a container") configure.permission("guillotina.SeePermissions", "See permissions") configure.permission("guillotina.ChangePermissions", "Change permissions") configure.permission("guillotina.RefreshToken", "Refresh token")
"mailer": { "default_sender": "*****@*****.**", "endpoints": { "default": { "type": "smtp", "host": "localhost", "port": 25 } }, "debug": False, "utility": "guillotina_mailer.utility.MailerUtility", "use_html2text": True, "domain": None } } configure.permission(id="mailer.SendMail", title="Request subscription") configure.grant(permission="mailer.SendMail", role="guillotina.ContainerAdmin") def includeme(root, settings): factory = import_class( settings.get('mailer', {}).get('utility', app_settings['mailer']['utility'])) utility = factory() provide_utility(utility, IMailer) configure.scan('guillotina_mailer.api') configure.scan('guillotina_mailer.utility')