Python Rules.assert_channel_roles示例

示例#1

文件： api.py 项目： mamba-org/quetz

def get_role(
        channel: str,
        type: str = None,
        auth: authorization.Rules = Depends(get_rules),
):
    auth.assert_channel_roles(channel, ["owner", "maintainer", "member"])

    with get_db_manager() as db:
        query = (db.query(db_models.ContentTrustRole).filter(
            db_models.ContentTrustRole.channel == channel).all())

    return {q.delegation.keys for q in query}

示例#2

文件： api.py 项目： mamba-org/quetz

def post_role(
        channel: str,
        type: str,
        file: UploadFile = File(...),
        force: bool = False,
        auth: authorization.Rules = Depends(get_rules),
):
    auth.assert_channel_roles(channel, ["owner"])

    with get_db_manager() as db:
        existing_role_count = (db.query(db_models.ContentTrustRole).filter(
            db_models.ContentTrustRole.channel == channel,
            db_models.ContentTrustRole.type == type,
        ).count())
        if not force and existing_role_count:
            raise HTTPException(
                status_code=status.HTTP_409_CONFLICT,
                detail=f"Content trust role '{type}' already exists "
                f"for channel '{channel}'",
            )

        def get_self_delegation(nullable: bool = False):

            query = (db.query(db_models.RoleDelegation).filter(
                db_models.RoleDelegation.type == type,
                db_models.RoleDelegation.channel == channel,
            ).one_or_none())

            if not query and not nullable:
                raise HTTPException(
                    status_code=status.HTTP_400_BAD_REQUEST,
                    detail=f"'{type}' keys not yet delegated",
                )
            return query

        self_delegation = get_self_delegation(nullable=type == "root")

        ct_role = post_role_file(file, channel,
                                 role_builder(channel, type, self_delegation))

        db_role = db_models.ContentTrustRole(
            type=ct_role.type,
            channel=channel,
            version=ct_role.version,
            timestamp=ct_role.timestamp,
            expiration=ct_role.expires,
        )

        # add delegations
        for role_type, role_keys in ct_role.all_keys().items():
            keys = [
                db.merge(db_models.SigningKey(public_key=key_id))
                for key_id in role_keys.keys
            ]

            delegated_db_role = db_models.RoleDelegation(
                type=role_type,
                channel=channel,
                threshold=role_keys.threshold,
                keys=keys,
            )

            db_role.delegations.append(delegated_db_role)

        # set self_delegation if the role is 'root'
        if type == "root":
            # Error handling (missing 'root' delegation, etc.) is done by
            # mamba API when loading the root role from file
            self_delegation = [
                r for r in db_role.delegations if r.type == "root"
            ][0]

        # db_role.delegation = self_delegation
        self_delegation.consumers.append(db_role)

        db.add(db_role)

        db.commit()