def add_permission(principal, permission):
# First check whether principal already has this permission or
# a permission with wider scope. If so, there's no need to create
# smaller-scope permission.
if has_permission(principal, permission):
return
# Extract permission fields from permission string
resource_id = None
action, resource_class = permission.split(':')
if '@' in resource_class:
resource_class, resource_id = resource_class.split('@')
# Create argument dictionary
args = dict()
args['action'] = action
args['resource_class'] = resource_class
args['resource_id'] = resource_id
args['principal'] = principal
# Create permission
permission_dao = PermissionDao(g.db_session)
permission_dao.create(**args)
def post(self, id):
self.check_admin()
parser = reqparse.RequestParser()
parser.add_argument('action', type=str, required=True, location='json')
parser.add_argument('resource_class',
type=str,
required=True,
location='json')
parser.add_argument('resource_id', type=int, location='json')
parser.add_argument('granted', type=bool, location='json')
args = parser.parse_args()
user_dao = UserDao(self.db_session())
user = user_dao.retrieve(id=id)
args['principal'] = user
permission_dao = PermissionDao(self.db_session())
permission = permission_dao.create(**args)
return permission.to_dict(), 201