def unregister_service_view(request): """ Unregister a service. """ service = ar.get_service_matchdict_checked(request) service_push = asbool( ar.get_multiformat_delete(request, "service_push", default=False)) svc_content = sf.format_service(service, show_private_url=True) svc_res_id = service.resource_id ax.evaluate_call(lambda: models.resource_tree_service.delete_branch( resource_id=svc_res_id, db_session=request.db), fallback=lambda: request.db.rollback(), httpError=HTTPForbidden, msgOnFail="Delete service from resource tree failed.", content=svc_content) def remove_service_magpie_and_phoenix(svc, svc_push, db_session): db_session.delete(svc) if svc_push and svc.type in SERVICES_PHOENIX_ALLOWED: sync_services_phoenix(db_session.query(models.Service)) ax.evaluate_call( lambda: remove_service_magpie_and_phoenix(service, service_push, request.db), fallback=lambda: request.db.rollback(), httpError=HTTPForbidden, msgOnFail=s.Service_DELETE_ForbiddenResponseSchema.description, content=svc_content) return ax.valid_http(httpSuccess=HTTPOk, detail=s.Service_DELETE_OkResponseSchema.description)
def get_user_service_resources_view(request): """ List all resources under a service a user has permission on. """ inherit_groups_perms = asbool(ar.get_query_param(request, "inherit")) user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) service_perms = uu.get_user_service_permissions( user, service, request=request, inherit_groups_permissions=inherit_groups_perms) resources_perms_dict = uu.get_user_service_resources_permissions_dict( user, service, request=request, inherit_groups_permissions=inherit_groups_perms) user_svc_res_json = format_service_resources( service=service, db_session=request.db, service_perms=service_perms, resources_perms_dict=resources_perms_dict, show_all_children=False, show_private_url=False, ) return ax.valid_http( httpSuccess=HTTPOk, detail=s.UserServiceResources_GET_OkResponseSchema.description, content={u"service": user_svc_res_json})
def get_group_service_resources_view(request): """ List all resources under a service a group has permission on. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) return gu.get_group_service_resources_response(group, service, request.db)
def get_user_service_permissions_view(request): """ List all permissions a user has on a service. """ user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) inherit_groups_perms = asbool(ar.get_query_param(request, "inherit")) perms = ax.evaluate_call( lambda: uu.get_user_service_permissions(service=service, user=user, request=request, inherit_groups_permissions= inherit_groups_perms), fallback=lambda: request.db.rollback(), httpError=HTTPNotFound, msgOnFail=s.UserServicePermissions_GET_NotFoundResponseSchema. description, content={ u"service_name": str(service.resource_name), u"user_name": str(user.user_name) }) return ax.valid_http( httpSuccess=HTTPOk, detail=s.UserServicePermissions_GET_OkResponseSchema.description, content={u"permission_names": sorted(p.value for p in perms)})
def get_user_service_permissions_view(request): """ List all permissions a user has on a service. """ user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) inherit_groups_perms = asbool( ar.get_query_param(request, ["inherit", "inherited"])) resolve_groups_perms = asbool( ar.get_query_param(request, ["resolve", "resolved"])) perm_type = PermissionType.INHERITED if inherit_groups_perms else PermissionType.DIRECT perms = ax.evaluate_call( lambda: uu.get_user_service_permissions( service=service, user=user, request=request, inherit_groups_permissions=inherit_groups_perms, resolve_groups_permissions=resolve_groups_perms), fallback=lambda: request.db.rollback(), http_error=HTTPNotFound, msg_on_fail=s.UserServicePermissions_GET_NotFoundResponseSchema. description, content={ "service_name": str(service.resource_name), "user_name": str(user.user_name) }) return ax.valid_http( http_success=HTTPOk, content=format_permissions(perms, perm_type), detail=s.UserServicePermissions_GET_OkResponseSchema.description)
def create_service_resource_view(request): """ Register a new resource directly under a service or under one of its children resources. """ service = ar.get_service_matchdict_checked(request) resource_name = ar.get_multiformat_body(request, "resource_name") resource_display_name = ar.get_multiformat_body(request, "resource_display_name", default=resource_name) resource_type = ar.get_multiformat_body(request, "resource_type") parent_id = ar.get_multiformat_body(request, "parent_id") # no check because None/empty is allowed db_session = request.db if parent_id is None: parent_id = service.resource_id else: parent_id = ax.evaluate_call(lambda: int(parent_id), http_error=HTTPUnprocessableEntity, msg_on_fail=s.ServiceResources_POST_UnprocessableEntityResponseSchema.description) # validate target service is actually the root service of the provided parent resource ID root_service = ru.get_resource_root_service_by_id(parent_id, db_session=db_session) ax.verify_param(root_service, not_none=True, param_name="parent_id", msg_on_fail=s.ServiceResources_POST_NotFoundResponseSchema.description, http_error=HTTPNotFound) ax.verify_param(root_service.resource_id, is_equal=True, param_compare=service.resource_id, param_name="parent_id", msg_on_fail=s.ServiceResources_POST_ForbiddenResponseSchema.description, http_error=HTTPForbidden) return ru.create_resource(resource_name, resource_display_name, resource_type, parent_id=parent_id, db_session=db_session)
def get_group_service_permissions_view(request): """ List all permissions a group has on a specific service. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) return gu.get_group_service_permissions_response(group, service, request.db)
def get_service_view(request): """ Get a service information. """ service = ar.get_service_matchdict_checked(request) service_info = sf.format_service(service, show_private_url=True, show_resources_allowed=True, show_configuration=True) return ax.valid_http(http_success=HTTPOk, detail=s.Service_GET_OkResponseSchema.description, content={"service": service_info})
def create_user_service_permission_view(request): """ Create a permission on a service for a user. """ user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_multiformat_post_checked(request, service) return uu.create_user_resource_permission_response(user, service, permission, request.db)
def get_service_resources_view(request): """ List all resources registered under a service. """ service = ar.get_service_matchdict_checked(request) svc_res_json = sf.format_service_resources(service, db_session=request.db, show_all_children=True, show_private_url=True) return ax.valid_http(http_success=HTTPOk, content={svc_res_json["service_name"]: svc_res_json}, detail=s.ServiceResources_GET_OkResponseSchema.description)
def delete_user_service_permission_name_view(request): """ Delete a permission by name from a service for a user (not including his groups permissions). """ user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_matchdict_checked(request, service) return uu.delete_user_resource_permission_response(user, service, permission, request.db)
def update_service_view(request): """ Update service information. """ service = ar.get_service_matchdict_checked(request) service_push = asbool(ar.get_multiformat_body(request, "service_push", default=False)) def select_update(new_value, old_value): return new_value if new_value is not None and not new_value == "" else old_value # None/Empty values are accepted in case of unspecified svc_name = select_update(ar.get_multiformat_body(request, "service_name"), service.resource_name) svc_url = select_update(ar.get_multiformat_body(request, "service_url"), service.url) ax.verify_param(svc_name, param_compare="types", not_equal=True, param_name="service_name", http_error=HTTPForbidden, msg_on_fail=s.Service_PATCH_ForbiddenResponseSchema_ReservedKeyword.description) ax.verify_param(svc_name == service.resource_name and svc_url == service.url, not_equal=True, param_compare=True, param_name="service_name/service_url", http_error=HTTPBadRequest, msg_on_fail=s.Service_PATCH_BadRequestResponseSchema.description) # config explicitly provided as None (null) means override (erase) # to leave it as is, just don't specific the field old_svc_config = service.configuration new_svc_config = ar.get_multiformat_body(request, "configuration") if old_svc_config != new_svc_config: if new_svc_config is not None: ax.verify_param(new_svc_config, param_compare=dict, is_type=True, http_error=HTTPUnprocessableEntity, msg_on_fail=s.Service_CheckConfig_UnprocessableEntityResponseSchema.description) service.configuration = new_svc_config if svc_name != service.resource_name: all_services = request.db.query(models.Service) all_svc_names = [svc.resource_name for svc in all_services] ax.verify_param(svc_name, not_in=True, param_compare=all_svc_names, with_param=False, http_error=HTTPConflict, content={"service_name": str(svc_name)}, msg_on_fail=s.Service_PATCH_ConflictResponseSchema.description) def update_service_magpie_and_phoenix(_svc, new_name, new_url, svc_push, db_session): _svc.resource_name = new_name _svc.url = new_url has_getcap = Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[_svc.type].permissions if svc_push and _svc.type in SERVICES_PHOENIX_ALLOWED and has_getcap: # (re)apply getcapabilities to updated service to ensure updated push su.add_service_getcapabilities_perms(_svc, db_session) sync_services_phoenix(db_session.query(models.Service)) # push all services old_svc_content = sf.format_service(service, show_private_url=True) err_svc_content = {"service": old_svc_content, "new_service_name": svc_name, "new_service_url": svc_url} ax.evaluate_call(lambda: update_service_magpie_and_phoenix(service, svc_name, svc_url, service_push, request.db), fallback=lambda: request.db.rollback(), http_error=HTTPForbidden, msg_on_fail=s.Service_PATCH_ForbiddenResponseSchema.description, content=err_svc_content) return ax.valid_http(http_success=HTTPOk, detail=s.Service_PATCH_OkResponseSchema.description, content={"service": sf.format_service(service, show_private_url=True)})
def delete_group_service_permission_name_view(request): """ Delete a permission by name from a specific service for a group. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_matchdict_checked(request, service) return gu.delete_group_resource_permission_response(group, service, permission, db_session=request.db)
def get_service_permissions_view(request): """ List all applicable permissions for a service. """ service = ar.get_service_matchdict_checked(request) svc_content = sf.format_service(service, show_private_url=True) svc_perms = ax.evaluate_call(lambda: [p.value for p in SERVICE_TYPE_DICT[service.type].permissions], fallback=request.db.rollback(), http_error=HTTPBadRequest, content=svc_content, msg_on_fail=s.ServicePermissions_GET_BadRequestResponseSchema.description) return ax.valid_http(http_success=HTTPOk, detail=s.ServicePermissions_GET_OkResponseSchema.description, content=format_permissions(svc_perms, PermissionType.ALLOWED))
def create_group_service_permission_view(request): """ Create a permission on a specific resource for a group. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, service) return gu.create_group_resource_permission_response(group, service, permission, request.db, overwrite=False)
def replace_user_service_permissions_view(request): """ Create or modify an existing permission on a service for a user. Can be used to adjust permission modifiers. """ user = ar.get_user_matchdict_checked_or_logged(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, service) return uu.create_user_resource_permission_response(user, service, permission, request.db, overwrite=True)
def replace_group_service_permissions_view(request): """ Create or modify an existing permission on a service for a group. Can be used to adjust permission modifiers. """ group = ar.get_group_matchdict_checked(request) service = ar.get_service_matchdict_checked(request) permission = ar.get_permission_multiformat_body_checked(request, service) return gu.create_group_resource_permission_response(group, service, permission, request.db, overwrite=True)
def create_service_direct_resource_view(request): """ Register a new resource directly under a service. """ service = ar.get_service_matchdict_checked(request) resource_name = ar.get_multiformat_post(request, "resource_name") resource_display_name = ar.get_multiformat_post(request, "resource_display_name", default=resource_name) resource_type = ar.get_multiformat_post(request, "resource_type") parent_id = ar.get_multiformat_post( request, "parent_id") # no check because None/empty is allowed if not parent_id: parent_id = service.resource_id return create_resource(resource_name, resource_display_name, resource_type, parent_id=parent_id, db_session=request.db)
def update_service_view(request): """ Update a service information. """ service = ar.get_service_matchdict_checked(request) service_push = asbool( ar.get_multiformat_post(request, "service_push", default=False)) def select_update(new_value, old_value): return new_value if new_value is not None and not new_value == "" else old_value # None/Empty values are accepted in case of unspecified svc_name = select_update(ar.get_multiformat_post(request, "service_name"), service.resource_name) svc_url = select_update(ar.get_multiformat_post(request, "service_url"), service.url) ax.verify_param( svc_name, paramCompare="types", notEqual=True, paramName="service_name", httpError=HTTPBadRequest, msgOnFail=s.Service_PUT_BadRequestResponseSchema_ReservedKeyword. description) ax.verify_param( svc_name == service.resource_name and svc_url == service.url, notEqual=True, paramCompare=True, paramName="service_name/service_url", httpError=HTTPBadRequest, msgOnFail=s.Service_PUT_BadRequestResponseSchema.description) if svc_name != service.resource_name: all_svc_names = list() for svc_type in SERVICE_TYPE_DICT: for svc in su.get_services_by_type(svc_type, db_session=request.db): all_svc_names.append(svc.resource_name) ax.verify_param( svc_name, notIn=True, paramCompare=all_svc_names, httpError=HTTPConflict, msgOnFail=s.Service_PUT_ConflictResponseSchema.description, content={u"service_name": str(svc_name)}) def update_service_magpie_and_phoenix(_svc, new_name, new_url, svc_push, db_session): _svc.resource_name = new_name _svc.url = new_url has_getcap = Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[ _svc.type].permissions if svc_push and svc.type in SERVICES_PHOENIX_ALLOWED and has_getcap: # (re)apply getcapabilities to updated service to ensure updated push su.add_service_getcapabilities_perms(_svc, db_session) sync_services_phoenix(db_session.query( models.Service)) # push all services old_svc_content = sf.format_service(service, show_private_url=True) err_svc_content = { u"service": old_svc_content, u"new_service_name": svc_name, u"new_service_url": svc_url } ax.evaluate_call( lambda: update_service_magpie_and_phoenix(service, svc_name, svc_url, service_push, request.db), fallback=lambda: request.db.rollback(), httpError=HTTPForbidden, msgOnFail=s.Service_PUT_ForbiddenResponseSchema.description, content=err_svc_content) return ax.valid_http(httpSuccess=HTTPOk, detail=s.Service_PUT_OkResponseSchema.description, content={ u"service": sf.format_service(service, show_private_url=True) })