def get_group_service_resources_view(request):
"""
List all resources under a service a group has permission on.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
return gu.get_group_service_resources_response(group, service, request.db)
def delete_user_group_view(request):
"""
Remove a user from a group.
"""
db = request.db
user = ar.get_user_matchdict_checked_or_logged(request)
group = ar.get_group_matchdict_checked(request)
def del_usr_grp(usr, grp):
db.query(models.UserGroup) \
.filter(models.UserGroup.user_id == usr.id) \
.filter(models.UserGroup.group_id == grp.id) \
.delete()
ax.evaluate_call(
lambda: del_usr_grp(user, group),
fallback=lambda: db.rollback(),
httpError=HTTPNotFound,
msgOnFail=s.UserGroup_DELETE_NotFoundResponseSchema.description,
content={
u"user_name": user.user_name,
u"group_name": group.group_name
})
return ax.valid_http(
httpSuccess=HTTPOk,
detail=s.UserGroup_DELETE_OkResponseSchema.description)
def get_group_service_permissions_view(request):
"""
List all permissions a group has on a specific service.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
return gu.get_group_service_permissions_response(group, service,
request.db)
def get_group_resource_permissions_view(request):
"""
List all permissions a group has on a specific resource.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
return gu.get_group_resource_permissions_response(group,
resource,
db_session=request.db)
def leave_discoverable_group_view(request):
"""
Removes membership of the logged user from a previously joined discoverable group.
"""
group = ar.get_group_matchdict_checked(request)
user = ar.get_logged_user(request)
group = ru.get_discoverable_group_by_name(group.group_name, db_session=request.db)
uu.delete_user_group(user, group, request.db)
return ax.valid_http(http_success=HTTPOk, detail=s.RegisterGroup_DELETE_OkResponseSchema.description)
def get_discoverable_group_info_view(request):
"""
Obtain the information of a discoverable group.
"""
group = ar.get_group_matchdict_checked(request)
public_group = ru.get_discoverable_group_by_name(group.group_name, db_session=request.db)
group_fmt = gf.format_group(public_group, public_info=True)
return ax.valid_http(http_success=HTTPOk, content={"group": group_fmt},
detail=s.RegisterGroup_GET_OkResponseSchema.description)
def delete_user_group_view(request):
"""
Removes a user from a group.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
group = ar.get_group_matchdict_checked(request)
uu.delete_user_group(user, group, request.db)
return ax.valid_http(
http_success=HTTPOk,
detail=s.UserGroup_DELETE_OkResponseSchema.description)
def get_group_view(request):
"""
Get group information.
"""
group = ar.get_group_matchdict_checked(request,
group_name_key="group_name")
return ax.valid_http(
http_success=HTTPOk,
detail=s.Group_GET_OkResponseSchema.description,
content={"group": gf.format_group(group, db_session=request.db)})
def delete_group_service_permission_view(request):
"""
Delete a permission from a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return gu.delete_group_resource_permission_response(group,
service,
permission,
db_session=request.db)
def delete_group_resource_permission_name_view(request):
"""
Delete a permission by name from a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
permission = ar.get_permission_matchdict_checked(request, resource)
return gu.delete_group_resource_permission_response(group,
resource,
permission,
db_session=request.db)
def create_group_resource_permissions_view(request):
"""
Create a permission on a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, resource)
return gu.create_group_resource_permission_response(group,
resource,
permission,
db_session=request.db)
def get_group_users_view(request):
"""
List all user from a group.
"""
group = ar.get_group_matchdict_checked(request)
user_names = ax.evaluate_call(
lambda: [user.user_name for user in group.users],
http_error=HTTPForbidden,
msg_on_fail=s.GroupUsers_GET_ForbiddenResponseSchema.description)
return ax.valid_http(http_success=HTTPOk,
detail=s.GroupUsers_GET_OkResponseSchema.description,
content={"user_names": sorted(user_names)})
def create_group_service_permission_view(request):
"""
Create a permission on a specific resource for a group.
"""
group = ar.get_group_matchdict_checked(request)
service = ar.get_service_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, service)
return gu.create_group_resource_permission_response(group,
service,
permission,
request.db,
overwrite=False)
def replace_group_resource_permissions_view(request):
"""
Create or modify an existing permission on a resource for a group.
Can be used to adjust permission modifiers.
"""
group = ar.get_group_matchdict_checked(request)
resource = ar.get_resource_matchdict_checked(request)
permission = ar.get_permission_multiformat_body_checked(request, resource)
return gu.create_group_resource_permission_response(group,
resource,
permission,
request.db,
overwrite=True)
def get_group_resources_view(request):
"""
List all resources a group has permission on.
"""
group = ar.get_group_matchdict_checked(request)
grp_res_json = ax.evaluate_call(
lambda: gu.get_group_resources(group, request.db),
fallback=lambda: request.db.rollback(),
http_error=HTTPInternalServerError,
content={"group": repr(group)},
msg_on_fail=s.GroupResources_GET_InternalServerErrorResponseSchema.
description)
return ax.valid_http(
http_success=HTTPOk,
detail=s.GroupResources_GET_OkResponseSchema.description,
content={"resources": grp_res_json})
def join_discoverable_group_view(request):
"""
Assigns membership of the logged user to a publicly discoverable group.
"""
group = ar.get_group_matchdict_checked(request)
user = ar.get_logged_user(request)
group = ru.get_discoverable_group_by_name(group.group_name, db_session=request.db)
ax.verify_param(user.id, param_compare=[usr.id for usr in group.users], not_in=True, with_param=False,
http_error=HTTPConflict, content={"user_name": user.user_name, "group_name": group.group_name},
msg_on_fail=s.RegisterGroup_POST_ConflictResponseSchema.description)
ax.evaluate_call(lambda: request.db.add(models.UserGroup(group_id=group.id, user_id=user.id)), # noqa
fallback=lambda: request.db.rollback(), http_error=HTTPForbidden,
msg_on_fail=s.RegisterGroup_POST_ForbiddenResponseSchema.description,
content={"user_name": user.user_name, "group_name": group.group_name})
return ax.valid_http(http_success=HTTPCreated, detail=s.RegisterGroup_POST_CreatedResponseSchema.description,
content={"user_name": user.user_name, "group_name": group.group_name})
def delete_group_view(request):
"""
Delete a group by name.
"""
group = ar.get_group_matchdict_checked(request)
special_groups = [
get_constant("MAGPIE_ANONYMOUS_GROUP", settings_container=request),
get_constant("MAGPIE_ADMIN_GROUP", settings_container=request),
]
ax.verify_param(
group.group_name,
not_in=True,
param_compare=special_groups,
param_name="group_name",
http_error=HTTPForbidden,
msg_on_fail=s.Group_DELETE_ReservedKeyword_ForbiddenResponseSchema.
description)
ax.evaluate_call(
lambda: request.db.delete(group),
fallback=lambda: request.db.rollback(),
http_error=HTTPForbidden,
msg_on_fail=s.Group_DELETE_ForbiddenResponseSchema.description)
return ax.valid_http(http_success=HTTPOk,
detail=s.Group_DELETE_OkResponseSchema.description)
def edit_group_view(request):
"""
Update a group by name.
"""
group = ar.get_group_matchdict_checked(request,
group_name_key="group_name")
special_groups = [
get_constant("MAGPIE_ANONYMOUS_GROUP", settings_container=request),
get_constant("MAGPIE_ADMIN_GROUP", settings_container=request),
]
ax.verify_param(
group.group_name,
not_in=True,
param_compare=special_groups,
param_name="group_name",
http_error=HTTPForbidden,
msg_on_fail=s.Group_PATCH_ReservedKeyword_ForbiddenResponseSchema.
description)
new_group_name = ar.get_multiformat_body(request, "group_name")
new_description = ar.get_multiformat_body(request, "description")
new_discoverability = ar.get_multiformat_body(request, "discoverable")
if new_discoverability is not None:
new_discoverability = asbool(new_discoverability)
update_name = group.group_name != new_group_name and new_group_name is not None
update_desc = group.description != new_description and new_description is not None
update_disc = group.discoverable != new_discoverability and new_discoverability is not None
ax.verify_param(
any([update_name, update_desc, update_disc]),
is_true=True,
with_param=False, # params are not useful in response for this case
http_error=HTTPBadRequest,
content={"group_name": group.group_name},
msg_on_fail=s.Group_PATCH_None_BadRequestResponseSchema.description)
if update_name:
ax.verify_param(new_group_name,
not_none=True,
not_empty=True,
http_error=HTTPBadRequest,
msg_on_fail=s.
Group_PATCH_Name_BadRequestResponseSchema.description)
group_name_size_range = range(
1, 1 + get_constant("MAGPIE_GROUP_NAME_MAX_LENGTH",
settings_container=request))
ax.verify_param(len(new_group_name),
is_in=True,
param_compare=group_name_size_range,
http_error=HTTPBadRequest,
msg_on_fail=s.
Group_PATCH_Size_BadRequestResponseSchema.description)
ax.verify_param(
GroupService.by_group_name(new_group_name, db_session=request.db),
is_none=True,
http_error=HTTPConflict,
with_param=False, # don't return group as value
msg_on_fail=s.Group_PATCH_ConflictResponseSchema.description)
group.group_name = new_group_name
if update_desc:
group.description = new_description
if update_disc:
group.discoverable = new_discoverability
return ax.valid_http(http_success=HTTPOk,
detail=s.Group_PATCH_OkResponseSchema.description)
def get_group_services_view(request):
"""
List all services a group has permission on.
"""
group = ar.get_group_matchdict_checked(request)
return gu.get_group_services_response(group, request.db)