def test_resource_groups_for_any_perm_just_group_perms_limited_empty_group(
self, db_session):
self.maxDiff = 99999
self.set_up_user_group_and_perms(db_session)
user6 = add_user(db_session, 6, "user 6")
user7 = add_user(db_session, 7, "user 7")
perm2 = GroupResourcePermission(perm_name="group_perm2",
resource_id=self.resource.resource_id)
self.group.resource_permissions.append(perm2)
self.group.users.append(user6)
self.group.users.append(user7)
group3 = add_group(db_session, "Empty group")
perm3 = GroupResourcePermission(perm_name="group_permx",
resource_id=self.resource.resource_id)
group3.resource_permissions.append(perm3)
perms = ResourceService.groups_for_perm(
self.resource,
"__any_permission__",
limit_group_permissions=True,
db_session=db_session,
)
second = [
PermissionTuple(None, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(None, "group_perm2", "group", self.group,
self.resource, False, True),
PermissionTuple(None, "group_perm", "group", self.group2,
self.resource, False, True),
PermissionTuple(None, "group_permx", "group", group3,
self.resource, False, True),
]
check_one_in_other(perms, second)
def test_resource_groups_for_any_perm_just_group_perms_limited(self, db_session):
self.maxDiff = 99999
self.set_up_user_group_and_perms(db_session)
user6 = add_user(db_session, 6, "user 6")
user7 = add_user(db_session, 7, "user 7")
perm2 = GroupResourcePermission(
perm_name="group_perm2", resource_id=self.resource.resource_id
)
self.group.resource_permissions.append(perm2)
self.group.users.append(user6)
self.group.users.append(user7)
perms = ResourceService.groups_for_perm(
self.resource,
"__any_permission__",
limit_group_permissions=True,
db_session=db_session,
)
second = [
PermissionTuple(
None, "group_perm", "group", self.group, self.resource, False, True
),
PermissionTuple(
None, "group_perm2", "group", self.group, self.resource, False, True
),
PermissionTuple(
None, "group_perm", "group", self.group2, self.resource, False, True
),
]
check_one_in_other(perms, second)
def test_resource_groups_for_any_perm_additional_users(self, db_session):
self.maxDiff = 99999
self.set_up_user_group_and_perms(db_session)
user6 = add_user(db_session, 6, "user 6")
user7 = add_user(db_session, 7, "user 7")
perm2 = GroupResourcePermission(perm_name="group_perm2",
resource_id=self.resource.resource_id)
self.group.resource_permissions.append(perm2)
self.group.users.append(user6)
self.group.users.append(user7)
perms = ResourceService.groups_for_perm(self.resource,
"__any_permission__",
db_session=db_session)
second = [
PermissionTuple(self.user, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(user6, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(user7, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(
self.user,
"group_perm2",
"group",
self.group,
self.resource,
False,
True,
),
PermissionTuple(user6, "group_perm2", "group", self.group,
self.resource, False, True),
PermissionTuple(user7, "group_perm2", "group", self.group,
self.resource, False, True),
PermissionTuple(
self.user4,
"group_perm",
"group",
self.group2,
self.resource,
False,
True,
),
]
check_one_in_other(perms, second)
def groups_for_perm(self, perm_name, group_ids=None,
limit_group_permissions=False,
db_session=None):
"""
.. deprecated:: 0.8
:param perm_name:
:param group_ids:
:param limit_group_permissions:
:param db_session:
:return:
"""
db_session = get_db_session(db_session, self)
return ResourceService.groups_for_perm(
self, perm_name=perm_name, group_ids=group_ids,
limit_group_permissions=limit_group_permissions,
db_session=db_session)
def group_resource_permission_delete(request):
"""
Removes group permission from specific resource
"""
form = forms.ReactorForm(request.POST, csrf_context=request)
form.validate()
resource = request.context.resource
group = GroupService.by_id(request.GET.get("group_id"))
if not group:
return False
for perm_name in request.GET.getall("permissions"):
permission = GroupResourcePermissionService.by_resource_group_and_perm(
group.id, perm_name, resource.resource_id
)
resource.group_permissions.remove(permission)
DBSession.flush()
perm_tuples = ResourceService.groups_for_perm(
resource, ANY_PERMISSION, limit_group_permissions=True, group_ids=[group.id]
)
perms = [p.perm_name for p in perm_tuples if p.type == "group"]
result = {"group": group.get_dict(), "permissions": list(set(perms))}
return result
def group_resource_permission_create(request):
"""
Set new permissions for group for a resource
"""
resource = request.context.resource
group = GroupService.by_id(request.unsafe_json_body.get("group_id"))
if not group:
return False
for perm_name in request.unsafe_json_body.get("permissions", []):
permission = GroupResourcePermissionService.by_resource_group_and_perm(
group.id, perm_name, resource.resource_id
)
if not permission:
permission = GroupResourcePermission(perm_name=perm_name, group_id=group.id)
resource.group_permissions.append(permission)
DBSession.flush()
perm_tuples = ResourceService.groups_for_perm(
resource, ANY_PERMISSION, limit_group_permissions=True, group_ids=[group.id]
)
perms = [p.perm_name for p in perm_tuples if p.type == "group"]
result = {"group": group.get_dict(), "permissions": list(set(perms))}
return result