def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields'))
filters = api_common.get_filters(request, self._attr_info, [
'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse'
])
kwargs = {'filters': filters, 'fields': original_fields}
sorting_helper = self._get_sorting_helper(request)
pagination_helper = self._get_pagination_helper(request)
sorting_helper.update_args(kwargs)
sorting_helper.update_fields(original_fields, fields_to_add)
pagination_helper.update_args(kwargs)
pagination_helper.update_fields(original_fields, fields_to_add)
if parent_id:
kwargs[self._parent_id_name] = parent_id
obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
obj_list = obj_getter(request.context, **kwargs)
obj_list = sorting_helper.sort(obj_list)
obj_list = pagination_helper.paginate(obj_list)
# Check authz
if do_authz:
# FIXME(salvatore-orlando): obj_getter might return references to
# other resources. Must check authZ on them too.
# Omit items from list that should not be visible
obj_list = [
obj for obj in obj_list
if policy.check(request.context,
self._plugin_handlers[self.SHOW],
obj,
plugin=self._plugin,
pluralized=self._collection)
]
# Use the first element in the list for discriminating which attributes
# should be filtered out because of authZ policies
# fields_to_add contains a list of attributes added for request policy
# checks but that were not required by the user. They should be
# therefore stripped
fields_to_strip = fields_to_add or []
if obj_list:
fields_to_strip += self._exclude_attributes_by_policy(
request.context, obj_list[0])
collection = {
self._collection: [
self._filter_attributes(request.context,
obj,
fields_to_strip=fields_to_strip)
for obj in obj_list
]
}
pagination_links = pagination_helper.get_links(obj_list)
if pagination_links:
collection[self._collection + "_links"] = pagination_links
# Synchronize usage trackers, if needed
resource_registry.resync_resource(request.context, self._resource,
request.context.tenant_id)
return collection
def show(self, request, id, **kwargs):
"""Returns detailed information about the requested entity."""
try:
# NOTE(salvatore-orlando): The following ensures that fields
# which are needed for authZ policy validation are not stripped
# away by the plugin before returning.
field_list, added_fields = self._do_field_list(
api_common.list_args(request, "fields"))
parent_id = kwargs.get(self._parent_id_name)
# Ensure policy engine is initialized
policy.init()
return {
self._resource:
self._view(request.context,
self._item(request,
id,
do_authz=True,
field_list=field_list,
parent_id=parent_id),
fields_to_strip=added_fields)
}
except oslo_policy.PolicyNotAuthorized:
# To avoid giving away information, pretend that it
# doesn't exist
msg = _('The resource could not be found.')
raise webob.exc.HTTPNotFound(msg)
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields'))
filters = api_common.get_filters(
request, self._attr_info,
['fields', 'sort_key', 'sort_dir',
'limit', 'marker', 'page_reverse'],
is_filter_validation_supported=self._filter_validation)
kwargs = {'filters': filters,
'fields': original_fields}
sorting_helper = self._get_sorting_helper(request)
pagination_helper = self._get_pagination_helper(request)
sorting_helper.update_args(kwargs)
sorting_helper.update_fields(original_fields, fields_to_add)
pagination_helper.update_args(kwargs)
pagination_helper.update_fields(original_fields, fields_to_add)
if parent_id:
kwargs[self._parent_id_name] = parent_id
obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
obj_list = obj_getter(request.context, **kwargs)
obj_list = sorting_helper.sort(obj_list)
obj_list = pagination_helper.paginate(obj_list)
# Check authz
if do_authz:
# FIXME(salvatore-orlando): obj_getter might return references to
# other resources. Must check authZ on them too.
# Omit items from list that should not be visible
tmp_list = []
for obj in obj_list:
self._set_parent_id_into_ext_resources_request(
request, obj, parent_id, is_get=True)
if policy.check(
request.context, self._plugin_handlers[self.SHOW],
obj, plugin=self._plugin, pluralized=self._collection):
tmp_list.append(obj)
obj_list = tmp_list
# Use the first element in the list for discriminating which attributes
# should be filtered out because of authZ policies
# fields_to_add contains a list of attributes added for request policy
# checks but that were not required by the user. They should be
# therefore stripped
fields_to_strip = fields_to_add or []
if obj_list:
fields_to_strip += self._exclude_attributes_by_policy(
request.context, obj_list[0])
collection = {self._collection:
[self._filter_attributes(obj,
fields_to_strip=fields_to_strip)
for obj in obj_list]}
pagination_links = pagination_helper.get_links(obj_list)
if pagination_links:
collection[self._collection + "_links"] = pagination_links
# Synchronize usage trackers, if needed
resource_registry.resync_resource(
request.context, self._resource, request.context.tenant_id)
return collection
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
original_fields, fields_to_add = self._do_field_list(api_common.list_args(request, "fields"))
filters = api_common.get_filters(
request, self._attr_info, ["fields", "sort_key", "sort_dir", "limit", "marker", "page_reverse"]
)
kwargs = {"filters": filters, "fields": original_fields}
sorting_helper = self._get_sorting_helper(request)
pagination_helper = self._get_pagination_helper(request)
sorting_helper.update_args(kwargs)
sorting_helper.update_fields(original_fields, fields_to_add)
pagination_helper.update_args(kwargs)
pagination_helper.update_fields(original_fields, fields_to_add)
if parent_id:
kwargs[self._parent_id_name] = parent_id
obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
obj_list = obj_getter(request.context, **kwargs)
obj_list = sorting_helper.sort(obj_list)
obj_list = pagination_helper.paginate(obj_list)
# Check authz
if do_authz:
# FIXME(salvatore-orlando): obj_getter might return references to
# other resources. Must check authZ on them too.
# Omit items from list that should not be visible
obj_list = [
obj
for obj in obj_list
if policy.check(request.context, self._plugin_handlers[self.SHOW], obj, plugin=self._plugin)
]
# Use the first element in the list for discriminating which attributes
# should be filtered out because of authZ policies
# fields_to_add contains a list of attributes added for request policy
# checks but that were not required by the user. They should be
# therefore stripped
fields_to_strip = fields_to_add or []
if obj_list:
fields_to_strip += self._exclude_attributes_by_policy(request.context, obj_list[0])
collection = {
self._collection: [
self._filter_attributes(request.context, obj, fields_to_strip=fields_to_strip) for obj in obj_list
]
}
pagination_links = pagination_helper.get_links(obj_list)
if pagination_links:
collection[self._collection + "_links"] = pagination_links
return collection
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields'))
filters = api_common.get_filters(request, self._attr_info, [
'fields', 'sort_key', 'sort_dir', 'limit', 'marker', 'page_reverse'
])
kwargs = {'filters': filters, 'fields': original_fields}
sorting_helper = self._get_sorting_helper(request)
pagination_helper = self._get_pagination_helper(request)
sorting_helper.update_args(kwargs)
sorting_helper.update_fields(original_fields, fields_to_add)
pagination_helper.update_args(kwargs)
pagination_helper.update_fields(original_fields, fields_to_add)
if parent_id:
kwargs[self._parent_id_name] = parent_id
obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
obj_list = obj_getter(request.context, **kwargs)
obj_list = sorting_helper.sort(obj_list)
obj_list = pagination_helper.paginate(obj_list)
# Check authz
if do_authz:
# FIXME(salvatore-orlando): obj_getter might return references to
# other resources. Must check authZ on them too.
# Omit items from list that should not be visible
obj_list = [
obj for obj in obj_list
if policy.check(request.context,
self._plugin_handlers[self.SHOW],
obj,
plugin=self._plugin)
]
collection = {
self._collection: [
self._view(request.context, obj, fields_to_strip=fields_to_add)
for obj in obj_list
]
}
pagination_links = pagination_helper.get_links(obj_list)
if pagination_links:
collection[self._collection + "_links"] = pagination_links
return collection
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields'))
filters = api_common.get_filters(request, self._attr_info,
['fields', 'sort_key', 'sort_dir',
'limit', 'marker', 'page_reverse'])
kwargs = {'filters': filters,
'fields': original_fields}
sorting_helper = self._get_sorting_helper(request)
pagination_helper = self._get_pagination_helper(request)
sorting_helper.update_args(kwargs)
sorting_helper.update_fields(original_fields, fields_to_add)
pagination_helper.update_args(kwargs)
pagination_helper.update_fields(original_fields, fields_to_add)
if parent_id:
kwargs[self._parent_id_name] = parent_id
obj_getter = getattr(self._plugin, self._plugin_handlers[self.LIST])
obj_list = obj_getter(request.context, **kwargs)
obj_list = sorting_helper.sort(obj_list)
obj_list = pagination_helper.paginate(obj_list)
# Check authz
if do_authz:
# FIXME(salvatore-orlando): obj_getter might return references to
# other resources. Must check authZ on them too.
# Omit items from list that should not be visible
obj_list = [obj for obj in obj_list
if policy.check(request.context,
self._plugin_handlers[self.SHOW],
obj,
plugin=self._plugin)]
collection = {self._collection:
[self._view(request.context, obj,
fields_to_strip=fields_to_add)
for obj in obj_list]}
pagination_links = pagination_helper.get_links(obj_list)
if pagination_links:
collection[self._collection + "_links"] = pagination_links
return collection
def show(self, request, id, **kwargs):
"""Returns detailed information about the requested entity."""
try:
# NOTE(salvatore-orlando): The following ensures that fields
# which are needed for authZ policy validation are not stripped
# away by the plugin before returning.
field_list, added_fields = self._do_field_list(api_common.list_args(request, "fields"))
parent_id = kwargs.get(self._parent_id_name)
return {
self._resource: self._view(
request.context,
self._item(request, id, do_authz=True, field_list=field_list, parent_id=parent_id),
fields_to_strip=added_fields,
)
}
except exceptions.PolicyNotAuthorized:
# To avoid giving away information, pretend that it
# doesn't exist
raise webob.exc.HTTPNotFound()
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
#brk(host="10.10.12.21", port=49175)
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields')) #获取查询条件字段??
filters = api_common.get_filters(request, self._attr_info, [
'fields', 'sort_key', 'sort_dir', 'limit', 'marker',
'page_reverse', 'offset'
])
# ### add by xm at 2015.9.22 权限控制
# #LOG.debug(_("111111 222 %s"), filters)
# #LOG.debug(_("111111 222 context: %s"), request.context.__dict__)
# if request.context.gc_resource_type == '0':
# #LOG.debug(_("111111 222 context.user_id:%s gc_resource_type:%s"), request.context.user_id, request.context.gc_resource_type)
# user_id = [request.context.user_id]
# user_id = list(set(user_id) | set(filters.get("user_id", [])))
# filters.update({"user_id": user_id})
# #LOG.debug(_("111111 222 ddd %s"), filters)
# #LOG.debug(_("111111 222 %s"), filters)
# ###end by xm
#validate create_time_first and create_time_end
api_common.validate_update_time_range(filters)
kwargs = {'filters': filters, 'fields': original_fields}
#according to filters params:only_statics ,get is_query_items
is_query_items = self._get_is_query_detail_items_infos(filters)
filters_copy = filters.copy()
# first get resources count number by resources filters
counter = self._get_items_count_by_filter(request=request,
filters=filters_copy)
collection = {}
if is_query_items: #this function is not only statics
#get resources items
obj_list = None
pagination_helper = None
#change from counter >=0 to counter !=0 for no method of 'get_xxx_count'
if (counter is not None and counter != 0) or (counter is None):
obj_list, pagination_helper = self._get_items_by_filter_and_order_and_page(
request=request,
kwargs=kwargs,
original_fields=original_fields,
fields_to_add=fields_to_add,
do_authz=do_authz,
parent_id=parent_id)
# Use the first element in the list for discriminating which attributes
# should be filtered out because of authZ policies
# fields_to_add contains a list of attributes added for request policy
# checks but that were not required by the user. They should be
# therefore stripped
fields_to_strip = fields_to_add or []
if obj_list:
fields_to_strip += self._exclude_attributes_by_policy(
request.context, obj_list[0])
if obj_list:
collection = {
self._collection: [
self._filter_attributes(
request.context,
obj,
fields_to_strip=fields_to_strip)
for obj in obj_list
]
}
else:
collection = {self._collection: []}
counter = 0
if counter is not None and counter >= 0:
collection["list"] = {"count": counter}
#delete by luoyibing
#pagination_links = pagination_helper.get_links(obj_list)
#if pagination_links:
# collection[self._collection + "_links"] = pagination_links
return collection
def _items(self, request, do_authz=False, parent_id=None):
"""Retrieves and formats a list of elements of the requested entity."""
# NOTE(salvatore-orlando): The following ensures that fields which
# are needed for authZ policy validation are not stripped away by the
# plugin before returning.
#brk(host="10.10.12.21", port=49175)
original_fields, fields_to_add = self._do_field_list(
api_common.list_args(request, 'fields')) #获取查询条件字段??
filters = api_common.get_filters(request, self._attr_info,
['fields', 'sort_key', 'sort_dir',
'limit', 'marker', 'page_reverse','offset'])
# ### add by xm at 2015.9.22 权限控制
# #LOG.debug(_("111111 222 %s"), filters)
# #LOG.debug(_("111111 222 context: %s"), request.context.__dict__)
# if request.context.gc_resource_type == '0':
# #LOG.debug(_("111111 222 context.user_id:%s gc_resource_type:%s"), request.context.user_id, request.context.gc_resource_type)
# user_id = [request.context.user_id]
# user_id = list(set(user_id) | set(filters.get("user_id", [])))
# filters.update({"user_id": user_id})
# #LOG.debug(_("111111 222 ddd %s"), filters)
# #LOG.debug(_("111111 222 %s"), filters)
# ###end by xm
#validate create_time_first and create_time_end
api_common.validate_update_time_range(filters)
kwargs = {'filters': filters,
'fields': original_fields}
#according to filters params:only_statics ,get is_query_items
is_query_items=self._get_is_query_detail_items_infos(filters)
filters_copy=filters.copy()
# first get resources count number by resources filters
counter=self._get_items_count_by_filter(request=request,filters=filters_copy)
collection={}
if is_query_items :#this function is not only statics
#get resources items
obj_list=None
pagination_helper=None
#change from counter >=0 to counter !=0 for no method of 'get_xxx_count'
if (counter is not None and counter != 0) or (counter is None):
obj_list,pagination_helper = self._get_items_by_filter_and_order_and_page(request=request
,kwargs=kwargs,
original_fields=original_fields
,fields_to_add=fields_to_add,
do_authz=do_authz,
parent_id=parent_id)
# Use the first element in the list for discriminating which attributes
# should be filtered out because of authZ policies
# fields_to_add contains a list of attributes added for request policy
# checks but that were not required by the user. They should be
# therefore stripped
fields_to_strip = fields_to_add or []
if obj_list:
fields_to_strip += self._exclude_attributes_by_policy(
request.context, obj_list[0])
if obj_list:
collection = {self._collection:
[self._filter_attributes(
request.context, obj,
fields_to_strip=fields_to_strip)
for obj in obj_list]}
else:
collection = {self._collection:[]}
counter=0
if counter is not None and counter>=0 :
collection["list"]={"count":counter}
#delete by luoyibing
#pagination_links = pagination_helper.get_links(obj_list)
#if pagination_links:
# collection[self._collection + "_links"] = pagination_links
return collection
