def put(self, id, permission_id): self.check_permission('update:user@{}'.format(id)) parser = reqparse.RequestParser() parser.add_argument('action', type=str, location='json') parser.add_argument('resource_class', type=str, location='json') parser.add_argument('resource_id', type=int, location='json') parser.add_argument('granted', type=bool, location='json') args = parser.parse_args() user_dao = UserDao(self.db_session()) user = user_dao.retrieve(id=id) permission_dao = PermissionDao(self.db_session()) permission = permission_dao.retrieve(id=permission_id) if permission.principal != user: raise PermissionNotAssignedToUserException(permission.to_str(), user.username) if args['action'] != permission.action: permission.action = args['action'] if args['resource_class'] != permission.resource_class: permission.resource_class = args['resource_class'] if args['resource_id'] != permission.resource_id: permission.resource_id = args['resource_id'] if args['granted'] != permission.granted: permission.granted = args['granted'] permission_dao.save(permission) return permission.to_dict(), 200
def get(self, id, permission_id): self.check_admin() user_dao = UserDao(self.db_session()) user = user_dao.retrieve(id=id) permission_dao = PermissionDao(self.db_session()) permission = permission_dao.retrieve(id=permission_id) if permission.principal != user: raise PermissionNotAssignedToUserException(permission.to_str(), user.username) return permission.to_dict(), 200
def delete(self, id, permission_id): self.check_admin() user_group_dao = UserGroupDao(self.db_session()) user_group = user_group_dao.retrieve(id=id) permission_dao = PermissionDao(self.db_session()) permission = permission_dao.retrieve(id=permission_id) if permission.principal != user_group: raise PermissionNotAssignedToUserGroupException( permission.to_str(), user_group.name) permission_dao.delete(permission_dao) return {}, 204
def post(self, id): self.check_admin() parser = reqparse.RequestParser() parser.add_argument('action', type=str, required=True, location='json') parser.add_argument('resource_class', type=str, required=True, location='json') parser.add_argument('resource_id', type=int, location='json') parser.add_argument('granted', type=bool, location='json') args = parser.parse_args() user_dao = UserDao(self.db_session()) user = user_dao.retrieve(id=id) args['principal'] = user permission_dao = PermissionDao(self.db_session()) permission = permission_dao.create(**args) return permission.to_dict(), 201
def add_permission(principal, permission): # First check whether principal already has this permission or # a permission with wider scope. If so, there's no need to create # smaller-scope permission. if has_permission(principal, permission): return # Extract permission fields from permission string resource_id = None action, resource_class = permission.split(':') if '@' in resource_class: resource_class, resource_id = resource_class.split('@') # Create argument dictionary args = dict() args['action'] = action args['resource_class'] = resource_class args['resource_id'] = resource_id args['principal'] = principal # Create permission permission_dao = PermissionDao(g.db_session) permission_dao.create(**args)