def get_user_service_permissions_view(request):
"""
List all permissions a user has on a service.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
inherit_groups_perms = asbool(
ar.get_query_param(request, ["inherit", "inherited"]))
resolve_groups_perms = asbool(
ar.get_query_param(request, ["resolve", "resolved"]))
perm_type = PermissionType.INHERITED if inherit_groups_perms else PermissionType.DIRECT
perms = ax.evaluate_call(
lambda: uu.get_user_service_permissions(
service=service,
user=user,
request=request,
inherit_groups_permissions=inherit_groups_perms,
resolve_groups_permissions=resolve_groups_perms),
fallback=lambda: request.db.rollback(),
http_error=HTTPNotFound,
msg_on_fail=s.UserServicePermissions_GET_NotFoundResponseSchema.
description,
content={
"service_name": str(service.resource_name),
"user_name": str(user.user_name)
})
return ax.valid_http(
http_success=HTTPOk,
content=format_permissions(perms, perm_type),
detail=s.UserServicePermissions_GET_OkResponseSchema.description)
def get_user_resource_permissions_view(request):
"""
List all permissions a user has on a specific resource.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
resource = ar.get_resource_matchdict_checked(request, "resource_id")
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
effective_perms = asbool(ar.get_query_param(request, "effective"))
return uu.get_user_resource_permissions_response(
user,
resource,
request,
inherit_groups_permissions=inherit_groups_perms,
effective_permissions=effective_perms)
def test_get_query_param(self):
resp = utils.mock_request("/some/path")
v = ar.get_query_param(resp, "value")
utils.check_val_equal(v, None)
resp = utils.mock_request("/some/path?other=test")
v = ar.get_query_param(resp, "value")
utils.check_val_equal(v, None)
resp = utils.mock_request("/some/path?other=test")
v = ar.get_query_param(resp, "value", True)
utils.check_val_equal(v, True)
resp = utils.mock_request("/some/path?value=test")
v = ar.get_query_param(resp, "value", True)
utils.check_val_equal(v, "test")
resp = utils.mock_request("/some/path?query=value")
v = ar.get_query_param(resp, "query")
utils.check_val_equal(v, "value")
resp = utils.mock_request("/some/path?QUERY=VALUE")
v = ar.get_query_param(resp, "query")
utils.check_val_equal(v, "VALUE")
resp = utils.mock_request("/some/path?QUERY=VALUE")
v = asbool(ar.get_query_param(resp, "query"))
utils.check_val_equal(v, False)
resp = utils.mock_request("/some/path?Query=TRUE")
v = asbool(ar.get_query_param(resp, "query"))
utils.check_val_equal(v, True)
def get_services_runner(request):
"""
Generates services response format from request conditions.
Obtains the full or filtered list of services categorized by type, or listed as flat list according to request path
and query parameters.
"""
service_type_filter = request.matchdict.get("service_type") # no check because None/empty is for 'all services'
services_as_list = asbool(ar.get_query_param(request, "flatten", False))
if not service_type_filter:
service_types = SERVICE_TYPE_DICT.keys()
else:
ax.verify_param(service_type_filter, param_compare=SERVICE_TYPE_DICT.keys(), is_in=True,
http_error=HTTPBadRequest, msg_on_fail=s.Services_GET_BadRequestResponseSchema.description,
content={"service_type": str(service_type_filter)}, content_type=CONTENT_TYPE_JSON)
service_types = [service_type_filter]
svc_content = [] if services_as_list else {} # type: Union[List[JSON], JSON]
for service_type in service_types:
services = su.get_services_by_type(service_type, db_session=request.db)
if not services_as_list:
svc_content[service_type] = {}
for service in services:
svc_fmt = sf.format_service(service, show_private_url=True)
if services_as_list:
svc_content.append(svc_fmt) # pylint: disable=E1101
else:
svc_content[service_type][service.resource_name] = svc_fmt
return ax.valid_http(http_success=HTTPOk, content={"services": svc_content},
detail=s.Services_GET_OkResponseSchema.description)
def get_user_service_resources_view(request):
"""
List all resources under a service a user has permission on.
"""
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
service_perms = uu.get_user_service_permissions(
user,
service,
request=request,
inherit_groups_permissions=inherit_groups_perms)
resources_perms_dict = uu.get_user_service_resources_permissions_dict(
user,
service,
request=request,
inherit_groups_permissions=inherit_groups_perms)
user_svc_res_json = format_service_resources(
service=service,
db_session=request.db,
service_perms=service_perms,
resources_perms_dict=resources_perms_dict,
show_all_children=False,
show_private_url=False,
)
return ax.valid_http(
httpSuccess=HTTPOk,
detail=s.UserServiceResources_GET_OkResponseSchema.description,
content={u"service": user_svc_res_json})
def get_user_service_permissions_view(request):
"""
List all permissions a user has on a service.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
service = ar.get_service_matchdict_checked(request)
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
perms = ax.evaluate_call(
lambda: uu.get_user_service_permissions(service=service,
user=user,
request=request,
inherit_groups_permissions=
inherit_groups_perms),
fallback=lambda: request.db.rollback(),
httpError=HTTPNotFound,
msgOnFail=s.UserServicePermissions_GET_NotFoundResponseSchema.
description,
content={
u"service_name": str(service.resource_name),
u"user_name": str(user.user_name)
})
return ax.valid_http(
httpSuccess=HTTPOk,
detail=s.UserServicePermissions_GET_OkResponseSchema.description,
content={u"permission_names": sorted(p.value for p in perms)})
def get_user_services_view(request):
"""
List all services a user has permissions on.
"""
user = ar.get_user_matchdict_checked_or_logged(request)
cascade_resources = asbool(ar.get_query_param(request, "cascade"))
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
format_as_list = asbool(ar.get_query_param(request, "list"))
svc_json = uu.get_user_services(
user,
request=request,
cascade_resources=cascade_resources,
inherit_groups_permissions=inherit_groups_perms,
format_as_list=format_as_list)
return ax.valid_http(
httpSuccess=HTTPOk,
content={u"services": svc_json},
detail=s.UserServices_GET_OkResponseSchema.description)
def get_user_resources_view(request):
"""
List all resources a user has permissions on.
"""
inherit_groups_perms = asbool(ar.get_query_param(request, "inherit"))
user = ar.get_user_matchdict_checked_or_logged(request)
db = request.db
def build_json_user_resource_tree(usr):
json_res = {}
services = ResourceService.all(models.Service, db_session=db)
for svc in services:
svc_perms = uu.get_user_service_permissions(
user=usr,
service=svc,
request=request,
inherit_groups_permissions=inherit_groups_perms)
if svc.type not in json_res:
json_res[svc.type] = {}
res_perms_dict = uu.get_user_service_resources_permissions_dict(
user=usr,
service=svc,
request=request,
inherit_groups_permissions=inherit_groups_perms)
json_res[svc.type][svc.resource_name] = format_service_resources(
svc,
db_session=db,
service_perms=svc_perms,
resources_perms_dict=res_perms_dict,
show_all_children=False,
show_private_url=False,
)
return json_res
usr_res_dict = ax.evaluate_call(
lambda: build_json_user_resource_tree(user),
fallback=lambda: db.rollback(),
httpError=HTTPNotFound,
msgOnFail=s.UserResources_GET_NotFoundResponseSchema.description,
content={
u"user_name": user.user_name,
u"resource_types": [models.Service.resource_type_name]
})
return ax.valid_http(
httpSuccess=HTTPOk,
content={u"resources": usr_res_dict},
detail=s.UserResources_GET_OkResponseSchema.description)
def get_user_resources_view(request):
"""
List all resources a user has permissions on.
"""
inherit_groups_perms = asbool(
ar.get_query_param(request, ["inherit", "inherited"]))
resolve_groups_perms = asbool(
ar.get_query_param(request, ["resolve", "resolved"]))
filtered_perms = asbool(ar.get_query_param(request,
["filter", "filtered"]))
user = ar.get_user_matchdict_checked_or_logged(request)
db = request.db
# skip admin-only full listing of resources if filtered view is requested
is_admin = False
if not filtered_perms and request.user is not None:
admin_group = get_constant("MAGPIE_ADMIN_GROUP",
settings_container=request)
is_admin = admin_group in [
group.group_name for group in request.user.groups
]
def build_json_user_resource_tree(usr):
json_res = {}
perm_type = PermissionType.INHERITED if inherit_groups_perms else PermissionType.DIRECT
services = ResourceService.all(models.Service, db_session=db)
# add service-types so they are ordered and listed if no service of that type was defined
for svc_type in sorted(SERVICE_TYPE_DICT):
json_res[svc_type] = {}
for svc in services:
svc_perms = uu.get_user_service_permissions(
user=usr,
service=svc,
request=request,
inherit_groups_permissions=inherit_groups_perms,
resolve_groups_permissions=resolve_groups_perms)
res_perms_dict = uu.get_user_service_resources_permissions_dict(
user=usr,
service=svc,
request=request,
inherit_groups_permissions=inherit_groups_perms,
resolve_groups_permissions=resolve_groups_perms)
# always allow admin to view full resource tree, unless explicitly requested to be filtered
# otherwise (non-admin), only add details if there is at least one resource permission (any level)
if (is_admin and not filtered_perms) or (svc_perms
or res_perms_dict):
json_res[svc.type][
svc.resource_name] = format_service_resources(
svc,
db_session=db,
service_perms=svc_perms,
resources_perms_dict=res_perms_dict,
permission_type=perm_type,
show_all_children=False,
show_private_url=False,
)
return json_res
usr_res_dict = ax.evaluate_call(
lambda: build_json_user_resource_tree(user),
fallback=lambda: db.rollback(),
http_error=HTTPNotFound,
msg_on_fail=s.UserResources_GET_NotFoundResponseSchema.description,
content={
"user_name": user.user_name,
"resource_types": [models.Service.resource_type_name]
})
return ax.valid_http(
http_success=HTTPOk,
content={"resources": usr_res_dict},
detail=s.UserResources_GET_OkResponseSchema.description)
