def permissions_index(id): collection = get_db_collection(id, request.authz.WRITE) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role': role }) return jsonify({ 'total': len(permissions), 'results': PermissionSchema().dump(permissions, many=True) })
def index(id): collection = get_db_collection(id, request.authz.WRITE) roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({'total': len(permissions), 'results': permissions})
def index(id): collection = get_db_collection(id, request.authz.WRITE) record_audit(Audit.ACT_COLLECTION, id=id) roles = [r for r in Role.all_groups() if check_visible(r, request.authz)] q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ 'collection_id': collection.id, 'write': False, 'read': False, 'role_id': str(role.id) }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({ 'total': len(permissions), 'results': permissions })
def update(collection_id): """ --- post: summary: Update permissions for a collection description: > Update permissions for the collection with id `collection_id` parameters: - in: path name: collection_id required: true schema: type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionUpdateList' responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Permission' tags: - Permission - Collection """ collection = get_db_collection(collection_id, request.authz.WRITE) for permission in parse_request("PermissionUpdateList"): role_obj = ensure_dict(permission.get("role")) role_id = permission.get("role_id", role_obj.get("id")) role = Role.by_id(role_id) if not check_visible(role, request.authz): continue if role.is_public: permission["write"] = False if collection.casefile and role.is_public: permission["read"] = False update_permission( role, collection, permission["read"], permission["write"], editor_id=request.authz.id, ) update_collection(collection) return index(collection_id)
def permissions_update(id): # TODO: consider using a list to bundle permission writes collection = get_db_collection(id, request.authz.WRITE) data = parse_request(schema=PermissionSchema) role = Role.all().filter(Role.id == data['role']['id']).first() if role is None or not check_visible(role, request.authz): raise BadRequest() perm = update_permission(role, collection, data['read'], data['write']) return jsonify({'status': 'ok', 'updated': PermissionSchema().dump(perm)})
def permissions_update(id): collection = get_db_collection(id, request.authz.WRITE) for permission in parse_request(PermissionSchema, many=True): role_id = permission.get('role', {}).get('id') role = Role.by_id(role_id).first() if not check_visible(role, request.authz): continue update_permission(role, collection, permission['read'], permission['write']) update_collection(collection, roles=True) return permissions_index(id)
def permissions_update(id): collection = get_db_collection(id, request.authz.WRITE) for permission in parse_request(PermissionSchema, many=True): role_id = permission.get('role', {}).get('id') role = Role.by_id(role_id) if not check_visible(role, request.authz): continue update_permission(role, collection, permission['read'], permission['write'], editor=request.authz.role) update_collection(collection) update_collection_access.apply_async([collection.id], priority=8) return permissions_index(id)
def update(id): collection = get_db_collection(id, request.authz.WRITE) for permission in parse_request(PermissionSchema, many=True): role = Role.by_id(permission.get('role_id')) if not check_visible(role, request.authz): continue if role.is_public: permission['write'] = False if collection.casefile and role.is_public: permission['read'] = False update_permission(role, collection, permission['read'], permission['write'], editor_id=request.authz.id) update_collection(collection) return index(id)
def update(id): collection = get_db_collection(id, request.authz.WRITE) for permission in parse_request(PermissionSchema, many=True): role_id = permission.get('role_id') role = Role.by_id(role_id) if not check_visible(role, request.authz): continue if role.is_public: permission['write'] = False if collection.casefile and role.is_public: permission['read'] = False update_permission(role, collection, permission['read'], permission['write'], editor_id=request.authz.id) update_collection(collection) return index(id)
def index(collection_id): """ --- get: summary: Get permissions for a collection description: >- Get the list of all permissions for the collection with id `collection_id` parameters: - in: path name: collection_id required: true schema: type: integer responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Permission' tags: - Permission - Collection """ collection = get_db_collection(collection_id, request.authz.WRITE) roles = Role.all_groups(request.authz).all() if request.authz.is_admin: roles.extend(Role.all_system()) q = Permission.all() q = q.filter(Permission.collection_id == collection.id) permissions = [] for permission in q.all(): if not check_visible(permission.role, request.authz): continue permissions.append(permission) if permission.role in roles: roles.remove(permission.role) # this workaround ensures that all groups are visible for the user to # select in the UI even if they are not currently associated with the # collection. for role in roles: if collection.casefile and role.is_public: continue permissions.append({ "collection_id": collection.id, "write": False, "read": False, "role_id": str(role.id), }) permissions = PermissionSerializer().serialize_many(permissions) return jsonify({"total": len(permissions), "results": permissions})
def view(id): role = obj_or_404(Role.by_id(id)) require(request.authz.logged_in, check_visible(role, request.authz)) return jsonify(role, schema=RoleSchema)