def check_permissions(user, identifier, level):
"""Check the permissions store for user and level. Here, `identifier` is a unique id in the
permissions_store; e.g., actor db_id or alias_id.
"""
logger.debug("Checking user: {} permissions for identifier: {}".format(
user, identifier))
# get all permissions for this actor
permissions = get_permissions(identifier)
for p_user, p_name in permissions.items():
# if the actor has been shared with the WORLD_USER anyone can use it
if p_user == WORLD_USER:
logger.info(
"Allowing request - {} has been shared with the WORLD_USER.".
format(identifier))
return True
# otherwise, check if the permission belongs to this user and has the necessary level
if p_user == user:
p_pem = codes.PermissionLevel(p_name)
if p_pem >= level:
logger.info(
"Allowing request - user has appropriate permission with {}."
.format(identifier))
return True
else:
# we found the permission for the user but it was insufficient; return False right away
logger.info(
"Found permission {} for {}, rejecting request.".format(
level, identifier))
return False
# didn't find the user or world_user, return False
logger.info("user had no permissions for {}. Permissions found: {}".format(
identifier, permissions))
return False
def post(self, actor_id):
"""Add new permissions for an actor"""
id = Actor.get_dbid(g.tenant, actor_id)
try:
Actor.from_db(actors_store[id])
except KeyError:
raise ResourceError("actor not found: {}'".format(actor_id), 404)
args = self.validate_post()
add_permission(args['user'], id, args['level'])
permissions = get_permissions(id)
return ok(result=permissions, msg="Permission added successfully.")
def post(self, actor_id):
"""Add new permissions for an actor"""
id = Actor.get_dbid(g.tenant, actor_id)
try:
Actor.from_db(actors_store[id])
except KeyError:
raise APIException(
"actor not found: {}'".format(actor_id), 404)
args = self.validate_post()
add_permission(args['user'], id, args['level'])
permissions = get_permissions(id)
return ok(result=permissions, msg="Permission added successfully.")
def get(self, actor_id):
id = Actor.get_dbid(g.tenant, actor_id)
try:
Actor.from_db(actors_store[id])
except KeyError:
raise APIException(
"actor not found: {}'".format(actor_id), 404)
try:
permissions = get_permissions(id)
except PermissionsException as e:
raise APIException(e.msg, 404)
return ok(result=permissions, msg="Permissions retrieved successfully.")
def get(self, actor_id):
id = Actor.get_dbid(g.tenant, actor_id)
try:
Actor.from_db(actors_store[id])
except KeyError:
raise ResourceError("actor not found: {}'".format(actor_id), 404)
try:
permissions = get_permissions(id)
except PermissionsException as e:
raise ResourceError(e.msg, 404)
return ok(result=permissions,
msg="Permissions retrieved successfully.")
