def permissions_index(id):
collection = get_db_collection(id, request.authz.WRITE)
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role': role
})
return jsonify({
'total': len(permissions),
'results': PermissionSchema().dump(permissions, many=True)
})
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({'total': len(permissions), 'results': permissions})
def index(id):
collection = get_db_collection(id, request.authz.WRITE)
record_audit(Audit.ACT_COLLECTION, id=id)
roles = [r for r in Role.all_groups() if check_visible(r, request.authz)]
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
'collection_id': collection.id,
'write': False,
'read': False,
'role_id': str(role.id)
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({
'total': len(permissions),
'results': permissions
})
def update(collection_id):
"""
---
post:
summary: Update permissions for a collection
description: >
Update permissions for the collection with id `collection_id`
parameters:
- in: path
name: collection_id
required: true
schema:
type: integer
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PermissionUpdateList'
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Permission'
tags:
- Permission
- Collection
"""
collection = get_db_collection(collection_id, request.authz.WRITE)
for permission in parse_request("PermissionUpdateList"):
role_obj = ensure_dict(permission.get("role"))
role_id = permission.get("role_id", role_obj.get("id"))
role = Role.by_id(role_id)
if not check_visible(role, request.authz):
continue
if role.is_public:
permission["write"] = False
if collection.casefile and role.is_public:
permission["read"] = False
update_permission(
role,
collection,
permission["read"],
permission["write"],
editor_id=request.authz.id,
)
update_collection(collection)
return index(collection_id)
def permissions_update(id):
# TODO: consider using a list to bundle permission writes
collection = get_db_collection(id, request.authz.WRITE)
data = parse_request(schema=PermissionSchema)
role = Role.all().filter(Role.id == data['role']['id']).first()
if role is None or not check_visible(role, request.authz):
raise BadRequest()
perm = update_permission(role, collection, data['read'], data['write'])
return jsonify({'status': 'ok', 'updated': PermissionSchema().dump(perm)})
def permissions_update(id):
collection = get_db_collection(id, request.authz.WRITE)
for permission in parse_request(PermissionSchema, many=True):
role_id = permission.get('role', {}).get('id')
role = Role.by_id(role_id).first()
if not check_visible(role, request.authz):
continue
update_permission(role,
collection,
permission['read'],
permission['write'])
update_collection(collection, roles=True)
return permissions_index(id)
def permissions_update(id):
collection = get_db_collection(id, request.authz.WRITE)
for permission in parse_request(PermissionSchema, many=True):
role_id = permission.get('role', {}).get('id')
role = Role.by_id(role_id)
if not check_visible(role, request.authz):
continue
update_permission(role,
collection,
permission['read'],
permission['write'],
editor=request.authz.role)
update_collection(collection)
update_collection_access.apply_async([collection.id], priority=8)
return permissions_index(id)
def update(id):
collection = get_db_collection(id, request.authz.WRITE)
for permission in parse_request(PermissionSchema, many=True):
role = Role.by_id(permission.get('role_id'))
if not check_visible(role, request.authz):
continue
if role.is_public:
permission['write'] = False
if collection.casefile and role.is_public:
permission['read'] = False
update_permission(role,
collection,
permission['read'],
permission['write'],
editor_id=request.authz.id)
update_collection(collection)
return index(id)
def update(id):
collection = get_db_collection(id, request.authz.WRITE)
for permission in parse_request(PermissionSchema, many=True):
role_id = permission.get('role_id')
role = Role.by_id(role_id)
if not check_visible(role, request.authz):
continue
if role.is_public:
permission['write'] = False
if collection.casefile and role.is_public:
permission['read'] = False
update_permission(role,
collection,
permission['read'],
permission['write'],
editor_id=request.authz.id)
update_collection(collection)
return index(id)
def index(collection_id):
"""
---
get:
summary: Get permissions for a collection
description: >-
Get the list of all permissions for the collection with id
`collection_id`
parameters:
- in: path
name: collection_id
required: true
schema:
type: integer
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Permission'
tags:
- Permission
- Collection
"""
collection = get_db_collection(collection_id, request.authz.WRITE)
roles = Role.all_groups(request.authz).all()
if request.authz.is_admin:
roles.extend(Role.all_system())
q = Permission.all()
q = q.filter(Permission.collection_id == collection.id)
permissions = []
for permission in q.all():
if not check_visible(permission.role, request.authz):
continue
permissions.append(permission)
if permission.role in roles:
roles.remove(permission.role)
# this workaround ensures that all groups are visible for the user to
# select in the UI even if they are not currently associated with the
# collection.
for role in roles:
if collection.casefile and role.is_public:
continue
permissions.append({
"collection_id": collection.id,
"write": False,
"read": False,
"role_id": str(role.id),
})
permissions = PermissionSerializer().serialize_many(permissions)
return jsonify({"total": len(permissions), "results": permissions})
def view(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.logged_in, check_visible(role, request.authz))
return jsonify(role, schema=RoleSchema)
