async def process(self, req: Request['FastExecute_POST.Arguments'],
user: User) -> None:
action = req.args.action
if action is Actions.CANCEL:
page = cast('FastExecute_POST', self.page)
raise Redirect(req.args.refererURL
or page.getParentURL(req.args))
if action is Actions.EXECUTE:
checkPrivilege(user, 'j/c', 'create jobs')
# Create jobs.
jobIds = []
userName = user.name
for configId in sorted(req.args.confirmedId):
# TODO: Configs that have disappeared or become invalid are
# silently ignored. Since this is a rare situation,
# it is a minor problem, but still bad behaviour.
try:
config = self.configDB[configId]
except KeyError:
pass
else:
if config.hasValidInputs():
jobDB = self.jobDB
for job in config.createJobs(userName):
jobDB.add(job)
jobIds.append(job.getId())
raise Redirect(createJobsURL(jobIds))
assert False, action
def checkAccess(self, user: User) -> None:
# TODO: This is a hint that access control might belong in Processor.
databases = GetFactoryInfo_GET.Processor.databases
# Check that user has 'list' privileges for all databases.
# For the singleton project DB, check the 'access' privilege instead.
for db in databases:
priv = f'{db.privilegeObject}/l'
checkPrivilege(user, 'p/a' if priv == 'p/l' else priv)
def checkAccess(self) -> None:
user = self.user
if user.hasPrivilege('tr/*'):
return
else:
checkPrivilege(
user, 'j/l',
'You do not have the necessary permissions to list jobs')
def checkAccess(self) -> None:
user = self.user
if user.hasPrivilege('tr/*'):
run = _runForRunnerUser(self.resourceDB, user)
if self.run.getId() != run.getId():
raise AccessDenied('Task Runner is running a different task')
else:
checkPrivilege(
user, 't/a',
'You do not have the necessary permissions to access tasks')
def checkAccess(self) -> None:
user = self.user
if user.hasPrivilege('tr/*'):
job = _runForRunnerUser(self.resourceDB, user).getJob()
if self.job.getId() != job.getId():
raise AccessDenied('Task Runner is running a different job')
else:
# TODO: Our privilege system is too fine grained.
checkPrivilege(
user, 'j/a',
'You do not have the necessary permissions to access jobs')
checkPrivilege(
user, 't/l',
'You do not have the necessary permissions to list tasks')
async def process(self,
req: Request['DelFinishedSchedules_POST.Arguments'],
user: User) -> None:
action = req.args.action
if action is Actions.CANCEL:
page = cast(DelFinishedSchedules_POST, self.page)
raise Redirect(page.getParentURL(req.args))
elif action is Actions.DELETE:
checkPrivilege(user, 's/d', 'delete all finished schedules')
scheduleDB = self.scheduleDB
finishedSchedules = [
schedule for schedule in scheduleDB if schedule.isDone()
]
for schedule in finishedSchedules:
scheduleDB.remove(schedule)
else:
assert False, action
async def process(self, req: Request['GetTagged_GET.Arguments'],
user: User) -> None:
# Determine subject and access rights.
try:
db = self.subjectToDB(req.args.subject)
except KeyError:
raise InvalidRequest(
f'Invalid subject type "{req.args.subject}"')
checkPrivilege(user, db.privilegeObject + '/l',
f'list {db.description}s')
# Determine keys and values.
keys = req.args.key
values = req.args.value
tagCache = db.tagCache
if tagCache is not None:
# Restrict keys to those that actually exist.
if keys:
keys = keys & set(tagCache.getKeys())
else:
keys = set(tagCache.getKeys())
# Filter records.
matches = []
for record in db.values():
tags = record.tags
for key in keys:
if tags.hasTagKey(key):
recordId = record.getId()
if values:
for value in values:
if tags.hasTagValue(key, value):
matches.append((recordId, key, value))
else:
for value in tags.getTagValues(key):
matches.append((recordId, key, value))
# pylint: disable=attribute-defined-outside-init
self.matches = matches
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'td/l', 'list task definitions')
checkPrivilege(user, 'td/a', 'access task definitions')
def checkAccess(self, user: User) -> None:
# Error messages might leak info about schedule, so make sure at least
# read-only access is allowed.
# The processor will do additional checks.
checkPrivilege(user, 's/a')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'u/m', 'control user accounts')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 't/m', 'set alert status')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'tr/*', 'sync a Task Runner')
def checkAccess(self, user: User) -> None:
# Error messages might leak info about job/task existence, so make sure
# at least read-only access is allowed.
# The processor will do additional checks.
checkPrivilege(user, 'j/l')
checkPrivilege(user, 't/l')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'p/m', 'change project settings')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'j/a', 'view the task list')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'r/a', 'reserve resources')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'tr/*', 'set tasks results')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'j/l', 'view the report list')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 't/a', 'view task reports')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'u/c', 'add new users')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'u/mo', 'change your password')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'r/l')
def checkAccess(self, user: User) -> None:
checkPrivilege(user, 'r/m', 'control resources')
