def client_list(viewer):
if permission_check(viewer, "client", "read") or permission_is_root(viewer):
result = []
for client in Client.query().filter(Client.active == True):
result.append(to_model(client))
return result
else:
raise NotAllowedError()
def client_http_put(actor, client_id, **kwargs):
key = client_key(client_id)
client = key.get()
if client:
if permission_check(actor, "client", "update") or permission_is_root(actor):
client_update(actor, client=client, **kwargs)
else:
raise NotAllowedError()
else:
client_http_post(actor, key=key, client_id=client_id, **kwargs)
def task_http_put(actor, task_ids, **kwargs):
key = task_key(task_ids)
task = key.get()
if task:
if permission_check(actor, "task", "update") or permission_is_root(actor):
task_update(actor, task=task, **kwargs)
else:
raise NotAllowedError()
else:
task_http_post(actor, key=key, task_ids=task_ids, **kwargs)
def tag_http_put(actor, tag_ids, **kwargs):
key = tag_key(tag_ids)
tag = key.get()
if tag:
if permission_check(actor, "tag", "update") or permission_is_root(actor):
tag_update(actor, tag=tag, **kwargs)
else:
raise NotAllowedError()
else:
tag_http_post(actor, key=key, tag_ids=tag_ids, **kwargs)
def project_http_put(actor, client_id, project_ids, **kwargs):
key = project_key(client_id, project_ids)
project = key.get()
if project:
if permission_check(actor, "project", "update") or permission_is_root(actor):
project_update(actor, project=project, **kwargs)
else:
raise NotAllowedError()
else:
project_http_post(actor, key=key, project_ids=project_ids, **kwargs)
def check_permission(viewer, keys, **ignored):
log.debug(keys)
if "thing" in keys:
key = build_thing_key(keys["kind"], keys["thing"])
else:
key = build_thing_key(keys["kind"], [])
if permission_check(keys["user"], keys["kind"], keys["action"], key):
return { "allowed": True }
else:
return { "allowed": False }
def project_http_put(actor, client_id, project_ids, **kwargs):
key = project_key(client_id, project_ids)
project = key.get()
if project:
if permission_check(actor, "project",
"update") or permission_is_root(actor):
project_update(actor, project=project, **kwargs)
else:
raise NotAllowedError()
else:
project_http_post(actor, key=key, project_ids=project_ids, **kwargs)
def check_permission(viewer, keys, **ignored):
log.debug(keys)
if "thing" in keys:
key = build_thing_key(keys["kind"], keys["thing"])
else:
key = build_thing_key(keys["kind"], [])
if permission_check(keys["user"], keys["kind"], keys["action"], key):
return {"allowed": True}
else:
return {"allowed": False}
def tag_list(viewer, target):
log.debug("Listing tags for %s" % target)
if permission_check(viewer, "tag", "view") or permission_is_root(viewer):
log.debug("Listing tags for %s" % target)
result = []
for applied in AppliedTag.query(AppliedTag.target == target, ancestor=target).filter():
result.append(tag_key_to_path(applied.tag))
return result
else:
log.debug("Not allowed")
def tag_remove(viewer, target, tag, **ignored):
if permission_check(viewer, "tag", "remove") or permission_is_root(viewer):
key = tag_key(tag)
applied = AppliedTag.query(AppliedTag.tag == key, AppliedTag.target == target, ancestor=target).get(keys_only=True)
if applied:
applied.delete()
log.debug("Tag removed")
else:
log.debug("Tag not applied")
else:
log.debug("Not allowed")
def tag_apply(viewer, target, tag, **ignored):
if permission_check(viewer, "tag", "apply") or permission_is_root(viewer):
key = tag_key(tag)
if not AppliedTag.query(AppliedTag.tag == key, AppliedTag.target == target, ancestor=target).get():
new_tag = AppliedTag(parent=target)
new_tag.applied_by = build_user_key(viewer)
new_tag.tag = key
new_tag.target = target
new_tag.put()
log.debug("Tag %s applied" % key)
return "/tags/%s" % "/".join(tag)
else:
log.debug("Tag already applied")
else:
log.debug("Not allowed")
def task_load(viewer, task_ids=None):
if permission_check(viewer, "task", "read") or permission_is_root(viewer):
key = task_key(task_ids)
parent = None
children = []
for child in Task.query(Task.parent == key, ancestor=key):
if child.active:
children.append(to_model(child))
if task_ids:
task = to_model(key.get())
if task:
if key.parent():
parent = to_model(key.parent().get())
task["parent"] = parent
task["children"] = children
return task
else:
return children
else:
log.debug("Not allowed")
def task_load(viewer, task_ids=None):
if permission_check(viewer, "task", "read") or permission_is_root(viewer):
key = task_key(task_ids)
parent = None
children = []
for child in Task.query(Task.parent == key, ancestor=key):
if child.active:
children.append(to_model(child))
if task_ids:
task = to_model(key.get())
if task:
if key.parent():
parent = to_model(key.parent().get())
task["parent"] = parent
task["children"] = children
return task
else:
return children
else:
log.debug("Not allowed")
def project_load(viewer, client_id, project_ids=None):
if permission_check(viewer, "project", "read") or permission_is_root(viewer):
key = project_key(client_id, project_ids)
parent = None
children = []
for child in Project.query(Project.parent == key, ancestor=key):
if child.active:
children.append(to_model(child))
if project_ids:
project = to_model(key.get())
if project:
if key.parent():
parent = to_model(key.parent().get())
project["parent"] = parent
project["children"] = children
return project
else:
return children
else:
log.debug("Not allowed")
def project_load(viewer, client_id, project_ids=None):
if permission_check(viewer, "project",
"read") or permission_is_root(viewer):
key = project_key(client_id, project_ids)
parent = None
children = []
for child in Project.query(Project.parent == key, ancestor=key):
if child.active:
children.append(to_model(child))
if project_ids:
project = to_model(key.get())
if project:
if key.parent():
parent = to_model(key.parent().get())
project["parent"] = parent
project["children"] = children
return project
else:
return children
else:
log.debug("Not allowed")
def client_http_post(actor, **kwargs):
if permission_check(actor, "client", "create") or permission_is_root(actor):
client_create(actor, **kwargs)
else:
raise NotAllowedError()
def project_http_post(actor, **kwargs):
if permission_check(actor, "project", "create") or permission_is_root(actor):
project_create(actor, **kwargs)
else:
raise NotAllowedError()
def project_http_delete(actor, client_id, project_ids, **ignored):
if permission_check(actor, "project", "delete") or permission_is_root(actor):
project_deactivate(actor, client_id, project_ids=project_ids)
else:
raise NotAllowedError()
def task_http_post(actor, **kwargs):
if permission_check(actor, "task", "create") or permission_is_root(actor):
task_create(actor, **kwargs)
else:
raise NotAllowedError()
def project_http_delete(actor, client_id, project_ids, **ignored):
if permission_check(actor, "project",
"delete") or permission_is_root(actor):
project_deactivate(actor, client_id, project_ids=project_ids)
else:
raise NotAllowedError()
def task_http_delete(actor, task_ids, **ignored):
if permission_check(actor, "task", "delete") or permission_is_root(actor):
task_deactivate(actor, task_ids=task_ids)
else:
raise NotAllowedError()
def task_http_post(actor, **kwargs):
if permission_check(actor, "task", "create") or permission_is_root(actor):
task_create(actor, **kwargs)
else:
raise NotAllowedError()
def task_http_delete(actor, task_ids, **ignored):
if permission_check(actor, "task", "delete") or permission_is_root(actor):
task_deactivate(actor, task_ids=task_ids)
else:
raise NotAllowedError()
def client_http_delete(actor, client_id, **ignored):
if permission_check(actor, "client", "delete") or permission_is_root(actor):
client_deactivate(actor, client_id=client_id)
else:
raise NotAllowedError()
def client_load(viewer, client_id=None, key=None):
if permission_check(viewer, "client", "read") or permission_is_root(viewer):
return to_model((key or client_key(client_id)).get())
else:
raise NotAllowedError()
