def obtain_groups_in(obj, request): """Shared function to get the groups the roles is in.""" scope_param = request.query_params.get("scope") username_param = request.query_params.get("username") policy_ids = list(obj.policies.values_list("id", flat=True)) if scope_param == "principal" or username_param: principal = get_principal_from_request(request) assigned_groups = Group.objects.filter(policies__in=policy_ids, principals__in=[principal]) return (assigned_groups | Group.platform_default_set()).distinct() return Group.objects.filter(policies__in=policy_ids).distinct()
def get_object_principal_queryset(request, scope, clazz, **kwargs): """Get the query set for the specific object for principal scope.""" if scope not in VALID_SCOPES: key = "detail" message = "{} query parameter value {} is invalid. [{}] are valid inputs.".format( SCOPE_KEY, scope, ", ".join(VALID_SCOPES)) raise serializers.ValidationError({key: _(message)}) if request.method not in permissions.SAFE_METHODS: return clazz.objects.none() object_principal_func = PRINCIPAL_QUERYSET_MAP.get(clazz.__name__) principal = get_principal_from_request(request) objects = object_principal_func(principal, **kwargs) return queryset_by_id(objects, clazz, **kwargs)
def get(self, request): """Provide access data for principal.""" app = request.query_params.get(APPLICATION_KEY) principal = get_principal_from_request(request) cache = AccessCache(request.tenant.schema_name) access_policy = cache.get_policy(principal.uuid, app) if access_policy is None: queryset = self.get_queryset() access_policy = self.serializer_class(queryset, many=True).data cache.save_policy(principal.uuid, app, access_policy) page = self.paginate_queryset(access_policy) if page is not None: return self.get_paginated_response(access_policy) return Response({"data": access_policy})
def get(self, request): """Provide access data for principal.""" validate_limit_and_offset(request.query_params) sub_key = self.generate_sub_key(request) principal = get_principal_from_request(request) cache = AccessCache(request.tenant.schema_name) access_policy = cache.get_policy(principal.uuid, sub_key) if access_policy is None: queryset = self.get_queryset() page = self.paginate_queryset(queryset) access_policy = self.serializer_class(page, many=True).data cache.save_policy(principal.uuid, sub_key, access_policy) if self.paginate_queryset(access_policy) is not None: return self.get_paginated_response(access_policy) return Response({"data": access_policy})
def get(self, request): """Provide access data for principal.""" # Parameter extraction sub_key, ordering = self.validate_and_get_param(request.query_params) principal = get_principal_from_request(request) cache = AccessCache(request.tenant.schema_name) access_policy = cache.get_policy(principal.uuid, sub_key) if access_policy is None: queryset = self.get_queryset(ordering) access_policy = self.serializer_class(queryset, many=True).data cache.save_policy(principal.uuid, sub_key, access_policy) page = self.paginate_queryset(access_policy) if page is not None: return self.get_paginated_response(page) return Response({"data": access_policy})