def add_service_getcapabilities_perms(service, db_session, group_name=None):
if service.type in SERVICES_PHOENIX_ALLOWED and \
Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[service.type].permissions:
if group_name is None:
group_name = get_constant("MAGPIE_ANONYMOUS_USER")
group = GroupService.by_group_name(group_name, db_session=db_session)
perm = ResourceService.perm_by_group_and_perm_name(
service.resource_id, group.id, Permission.GET_CAPABILITIES.value,
db_session)
if perm is None: # not set, create it
create_group_resource_permission_response(
group, service, Permission.GET_CAPABILITIES, db_session)
def _apply_session(_usr_name=None, _grp_name=None):
"""
Apply operation using db session.
"""
from magpie.api.management.user import user_utils as ut
from magpie.api.management.group import group_utils as gt
res = ResourceService.by_resource_id(resource_id,
db_session=cookies_or_session)
if _usr_name:
usr = UserService.by_user_name(_usr_name,
db_session=cookies_or_session)
if create_perm:
return ut.create_user_resource_permission_response(
usr, res, perm, db_session=cookies_or_session)
else:
return ut.delete_user_resource_permission_response(
usr, res, perm, db_session=cookies_or_session)
if _grp_name:
grp = GroupService.by_group_name(_grp_name,
db_session=cookies_or_session)
if create_perm:
return gt.create_group_resource_permission_response(
grp, res, perm, db_session=cookies_or_session)
else:
return gt.delete_group_resource_permission_response(
grp, res, perm, db_session=cookies_or_session)
def create_group_resource_permissions_view(request):
"""
Create a permission on a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, resource)
return gu.create_group_resource_permission_response(group,
resource,
permission,
db_session=request.db)
def create_group_service_permission_view(request):
"""
Create a permission on a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return gu.create_group_resource_permission_response(group,
service,
permission,
request.db,
overwrite=False)
def replace_group_resource_permissions_view(request):
"""
Create or modify an existing permission on a resource for a group.
Can be used to adjust permission modifiers.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, resource)
return gu.create_group_resource_permission_response(group,
resource,
permission,
request.db,
overwrite=True)