示例#1
0
    def put(self, id, permission_id):

        self.check_permission('update:user@{}'.format(id))
        parser = reqparse.RequestParser()
        parser.add_argument('action', type=str, location='json')
        parser.add_argument('resource_class', type=str, location='json')
        parser.add_argument('resource_id', type=int, location='json')
        parser.add_argument('granted', type=bool, location='json')
        args = parser.parse_args()
        user_dao = UserDao(self.db_session())
        user = user_dao.retrieve(id=id)
        permission_dao = PermissionDao(self.db_session())
        permission = permission_dao.retrieve(id=permission_id)
        if permission.principal != user:
            raise PermissionNotAssignedToUserException(permission.to_str(),
                                                       user.username)
        if args['action'] != permission.action:
            permission.action = args['action']
        if args['resource_class'] != permission.resource_class:
            permission.resource_class = args['resource_class']
        if args['resource_id'] != permission.resource_id:
            permission.resource_id = args['resource_id']
        if args['granted'] != permission.granted:
            permission.granted = args['granted']
        permission_dao.save(permission)

        return permission.to_dict(), 200
示例#2
0
    def get(self, id, permission_id):

        self.check_admin()
        user_dao = UserDao(self.db_session())
        user = user_dao.retrieve(id=id)
        permission_dao = PermissionDao(self.db_session())
        permission = permission_dao.retrieve(id=permission_id)
        if permission.principal != user:
            raise PermissionNotAssignedToUserException(permission.to_str(),
                                                       user.username)
        return permission.to_dict(), 200
示例#3
0
    def delete(self, id, permission_id):

        self.check_admin()
        user_group_dao = UserGroupDao(self.db_session())
        user_group = user_group_dao.retrieve(id=id)
        permission_dao = PermissionDao(self.db_session())
        permission = permission_dao.retrieve(id=permission_id)
        if permission.principal != user_group:
            raise PermissionNotAssignedToUserGroupException(
                permission.to_str(), user_group.name)
        permission_dao.delete(permission_dao)

        return {}, 204
示例#4
0
    def post(self, id):

        self.check_admin()
        parser = reqparse.RequestParser()
        parser.add_argument('action', type=str, required=True, location='json')
        parser.add_argument('resource_class',
                            type=str,
                            required=True,
                            location='json')
        parser.add_argument('resource_id', type=int, location='json')
        parser.add_argument('granted', type=bool, location='json')
        args = parser.parse_args()
        user_dao = UserDao(self.db_session())
        user = user_dao.retrieve(id=id)
        args['principal'] = user
        permission_dao = PermissionDao(self.db_session())
        permission = permission_dao.create(**args)

        return permission.to_dict(), 201
示例#5
0
def add_permission(principal, permission):

    # First check whether principal already has this permission or
    # a permission with wider scope. If so, there's no need to create
    # smaller-scope permission.
    if has_permission(principal, permission):
        return
    # Extract permission fields from permission string
    resource_id = None
    action, resource_class = permission.split(':')
    if '@' in resource_class:
        resource_class, resource_id = resource_class.split('@')
    # Create argument dictionary
    args = dict()
    args['action'] = action
    args['resource_class'] = resource_class
    args['resource_id'] = resource_id
    args['principal'] = principal
    # Create permission
    permission_dao = PermissionDao(g.db_session)
    permission_dao.create(**args)