示例#1
0
 def get(self, role_id):
     """
     ---
     summary: Retrieve all specific Role
     parameters:
       - name: role_id
         in: path
         required: true
         description: The ID of the Role
         type: string
     responses:
       200:
         description: Role with the given ID
         schema:
           $ref: '#/definitions/Role'
       404:
         $ref: '#/definitions/404Error'
       50x:
         $ref: '#/definitions/50xError'
     tags:
       - Roles
     """
     self.write(
         BeerGardenSchemaParser.serialize_role(
             Role.objects.get(id=str(role_id)), to_string=False))
示例#2
0
    def post(self):
        """
        ---
        summary: Create a new Role
        parameters:
          - name: role
            in: body
            description: The Role definition
            schema:
              $ref: '#/definitions/Role'
        consumes:
          - application/json
        responses:
          201:
            description: A new Role has been created
            schema:
              $ref: '#/definitions/Role'
          400:
            $ref: '#/definitions/400Error'
          50x:
            $ref: '#/definitions/50xError'
        tags:
          - Roles
        """
        role = BeerGardenSchemaParser.parse_role(self.request.decoded_body,
                                                 from_string=True)

        # Make sure all new permissions are real
        if not set(role.permissions).issubset(Permissions.values):
            invalid = set(role.permissions).difference(Permissions.values)
            raise ModelValidationError("Permissions %s do not exist" % invalid)

        # And the same for nested roles
        nested_roles = []
        for nested_role in role.roles:
            try:
                db_role = Role.objects.get(name=nested_role.name)

                # There shouldn't be any way to construct a cycle with a new
                # role, but check just to be sure
                ensure_no_cycles(role, db_role)

                nested_roles.append(db_role)
            except DoesNotExist:
                raise ModelValidationError("Role '%s' does not exist" %
                                           nested_role.name)
        role.roles = nested_roles

        role.save()

        self.set_status(201)
        self.write(BeerGardenSchemaParser.serialize_role(role,
                                                         to_string=False))
示例#3
0
 def get(self):
     """
     ---
     summary: Retrieve all Roles
     responses:
       200:
         description: All Roles
         schema:
           type: array
           items:
             $ref: '#/definitions/Role'
       50x:
         $ref: '#/definitions/50xError'
     tags:
       - Roles
     """
     self.set_header('Content-Type', 'application/json; charset=UTF-8')
     self.write(
         BeerGardenSchemaParser.serialize_role(Role.objects.all(),
                                               many=True,
                                               to_string=True))
示例#4
0
    def patch(self, role_id):
        """
        ---
        summary: Partially update a Role
        description: |
          The body of the request needs to contain a set of instructions
          detailing the updates to apply:
          ```JSON
          {
            "operations": [
              { "operation": "add", "path": "/permissions", "value": "ALL" }
            ]
          }
          ```
        parameters:
          - name: role_id
            in: path
            required: true
            description: The ID of the Role
            type: string
          - name: patch
            in: body
            required: true
            description: Instructions for how to update the Role
            schema:
              $ref: '#/definitions/Patch'
        responses:
          200:
            description: Role with the given ID
            schema:
              $ref: '#/definitions/Role'
          400:
            $ref: '#/definitions/400Error'
          404:
            $ref: '#/definitions/404Error'
          50x:
            $ref: '#/definitions/50xError'
        tags:
          - Roles
        """
        role = Role.objects.get(id=str(role_id))
        operations = BeerGardenSchemaParser.parse_patch(
            self.request.decoded_body, many=True, from_string=True)

        for op in operations:
            if op.path == '/permissions':
                try:
                    if op.operation == 'add':
                        role.permissions.append(Permissions(op.value).value)
                    elif op.operation == 'remove':
                        role.permissions.remove(Permissions(op.value).value)
                    elif op.operation == 'set':
                        role.permissions = [
                            Permissions(perm).value for perm in op.value
                        ]
                    else:
                        raise ModelValidationError(
                            "Unsupported operation '%s'" % op.operation)
                except ValueError:
                    raise ModelValidationError(
                        "Permission '%s' does not exist" % op.value)

            elif op.path == '/roles':
                try:
                    if op.operation == 'add':
                        new_nested = Role.objects.get(name=op.value)
                        ensure_no_cycles(role, new_nested)
                        role.roles.append(new_nested)
                    elif op.operation == 'remove':
                        role.roles.remove(Role.objects.get(name=op.value))
                    elif op.operation == 'set':
                        # Do this one at a time to be super sure about cycles
                        role.roles = []

                        for role_name in op.value:
                            new_role = Role.objects.get(name=role_name)
                            ensure_no_cycles(role, new_role)
                            role.roles.append(new_role)
                    else:
                        raise ModelValidationError(
                            "Unsupported operation '%s'" % op.operation)
                except DoesNotExist:
                    raise ModelValidationError("Role '%s' does not exist" %
                                               op.value)

            else:
                raise ModelValidationError("Unsupported path '%s'" % op.path)

        role.save()

        # Any modification to roles will possibly modify the anonymous user
        brew_view.anonymous_principal = anonymous_principal()

        self.write(BeerGardenSchemaParser.serialize_role(role,
                                                         to_string=False))