本文整理汇总了Python中grouper.models.permission.Permission.add方法的典型用法代码示例。如果您正苦于以下问题:Python Permission.add方法的具体用法?Python Permission.add怎么用?Python Permission.add使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类grouper.models.permission.Permission的用法示例。
在下文中一共展示了Permission.add方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_edit_tag
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_edit_tag(users, http_client, base_url, session):
user = session.query(User).filter_by(username="[email protected]").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
assert tag.description == "Test Tag Please Ignore", "The description should match what we created it with"
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/tags/{}/edit'.format(tag.id))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({"description": "Don't tag me bro"}),
headers={'X-Grouper-User': user.username})
assert resp.code == 200
tag = PublicKeyTag.get(session, name="tyler_was_here")
assert tag.description == "Don't tag me bro", "The description should have been updated"示例2: create_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def create_permission(
self, name, description="", audited=False, enabled=True, created_on=None
):
# type: (str, str, bool, bool, Optional[datetime]) -> None
permission = SQLPermission(
name=name, description=description, audited=audited, enabled=enabled
)
if created_on:
permission.created_on = created_on
permission.add(self.session)示例3: post
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def post(self):
can_create = self.current_user.my_creatable_permissions()
if not can_create:
return self.forbidden()
form = PermissionCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"permission-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
# A user is allowed to create a permission if the name matches any of the globs that they
# are given access to via PERMISSION_CREATE, as long as the permission does not match a
# reserved name. (Unless specifically granted.)
allowed = False
for creatable in can_create:
if matches_glob(creatable, form.data["name"]):
allowed = True
for failure_message in test_reserved_names(form.data["name"]):
form.name.errors.append(failure_message)
if not allowed:
form.name.errors.append(
"Permission name does not match any of your allowed patterns."
)
if form.name.errors:
return self.render(
"permission-create.html", form=form,
alerts=self.get_form_alerts(form.errors),
)
permission = Permission(name=form.data["name"], description=form.data["description"])
try:
permission.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.name.errors.append(
"Name already in use. Permissions must be unique."
)
return self.render(
"permission-create.html", form=form, can_create=can_create,
alerts=self.get_form_alerts(form.errors),
)
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'create_permission',
'Created permission.', on_permission_id=permission.id)
# No explicit refresh because handler queries SQL.
return self.redirect("/permissions/{}".format(permission.name))示例4: test_permissions
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_permissions(users, http_client, base_url, session):
user = session.query(User).filter_by(username="[email protected]").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'permission': TAG_EDIT, "argument": "prod"}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="[email protected]").scalar()
# add SSH key
fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'public_key': key_1}),
headers={'X-Grouper-User': user.username})
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here"}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="[email protected]").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"示例5: test_tags
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_tags(session, users, http_client, base_url, graph):
user = session.query(User).filter_by(username="[email protected]").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm2 = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm2.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="[email protected]").scalar()
grant_permission_to_tag(session, tag.id, perm.id, "prod")
user = session.query(User).filter_by(username="[email protected]").scalar()
add_public_key(session, user, key1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="[email protected]").scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="[email protected]").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, '/users/{}'.format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body['data']['user']['public_keys'][0]
assert len(pub_key['tags']) == 1, "The public key should only have 1 tag"
assert pub_key['tags'][0] == 'tyler_was_here', "The public key should have the tag we gave it"示例6: test_tags
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_tags(session, http_client, base_url, graph):
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm2 = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm2.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
grant_permission_to_tag(session, tag.id, perm.id, "prod")
with pytest.raises(AssertionError):
grant_permission_to_tag(session, tag.id, perm.id, "question?")
user = session.query(User).filter_by(username="[email protected]").scalar()
add_public_key(session, user, SSH_KEY_1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="[email protected]").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, '/users/{}'.format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body['data']['user']['public_keys'][0]
assert len(pub_key['tags']) == 1, "The public key should only have 1 tag"
assert pub_key['fingerprint'] == 'e9:ae:c5:8f:39:9b:3a:9c:6a:b8:33:6b:cb:6f:ba:35'
assert pub_key['fingerprint_sha256'] == 'MP9uWaujW96EWxbjDtPdPWheoMDu6BZ8FZj0+CBkVWU'
assert pub_key['tags'][0] == 'tyler_was_here', "The public key should have the tag we gave it"示例7: create_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def create_permission(session, name, description=""):
# type: (Session, str, Optional[str]) -> Permission
"""Create and add a new permission to database
Arg(s):
session(models.base.session.Session): database session
name(str): the name of the permission
description(str): the description of the permission
Returns:
The created permission that has been added to the session
"""
permission = Permission(name=name, description=description or "")
permission.add(session)
return permission示例8: sync_db_command
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported
# here:
from grouper.models.perf_profile import PerfProfile # noqa
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = Permission.get(session, name)
if test:
continue
permission = Permission(name=name, description=description)
try:
permission.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create permission: %s' % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create group: grouper-administrators')
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = Permission.get(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()示例9: test_revoke_permission_from_tag
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_revoke_permission_from_tag(users, http_client, base_url, session):
user = session.query(User).filter_by(username="[email protected]").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'permission': TAG_EDIT, "argument": "*"}),
headers={'X-Grouper-User': user.username})
assert resp.code == 200
tag = PublicKeyTag.get(session, name="tyler_was_here")
perm = Permission.get(session, TAG_EDIT)
assert len(get_public_key_tag_permissions(session, tag)) == 1, "The tag should have exactly 1 permission"
user = session.query(User).filter_by(username="[email protected]").scalar()
mapping = get_public_key_tag_permissions(session, tag)[0]
fe_url = url(base_url, '/permissions/{}/revoke_tag/{}'.format(TAG_EDIT, mapping.mapping_id))
resp = yield http_client.fetch(fe_url, method="POST",
body="",
headers={'X-Grouper-User': user.username})
assert resp.code == 200
tag = PublicKeyTag.get(session, name="tyler_was_here")
assert len(get_public_key_tag_permissions(session, tag)) == 0, "The tag should have no permissions"示例10: test_grant_permission_to_tag
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def test_grant_permission_to_tag(users, http_client, base_url, session):
user = session.query(User).filter_by(username="[email protected]").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'permission': TAG_EDIT, "argument": "*"}),
headers={'X-Grouper-User': user.username})
assert resp.code == 200
tag = PublicKeyTag.get(session, name="tyler_was_here")
perm = Permission.get(session, TAG_EDIT)
assert len(get_public_key_tag_permissions(session, tag)) == 1, "The tag should have exactly 1 permission"
assert get_public_key_tag_permissions(session, tag)[0].name == perm.name, "The tag's permission should be the one we added"
assert get_public_key_tag_permissions(session, tag)[0].argument == "*", "The tag's permission should be the one we added"
# Make sure trying to add a permission to a tag doesn't fail horribly if it's already there
user = session.query(User).filter_by(username="[email protected]").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'permission': TAG_EDIT, "argument": "*"}),
headers={'X-Grouper-User': user.username})
assert resp.code == 200示例11: permissions
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import add [as 别名]
def permissions(session, users):
# type: (Session, Dict[str, User]) -> Dict[str, Permission]
"""Create a standard set of test permissions.
Go to a bit of effort to use unique timestamps for the creation date of permissions, since it
makes it easier to test sorting. Similarly, don't sort the list of permissions to create by
name so that the date sort and the name sort are different.
Do not use milliseconds in the creation timestamps, since the result will be different in
SQLite (where they are preserved) and MySQL (where they are stripped).
"""
all_permissions = [
"owner",
"ssh",
"sudo",
"audited",
AUDIT_MANAGER,
AUDIT_VIEWER,
PERMISSION_AUDITOR,
PERMISSION_ADMIN,
"team-sre",
USER_ADMIN,
GROUP_ADMIN,
]
created_on_seconds = int(time() - 1000)
permissions = {}
for name in all_permissions:
permission = Permission.get(session, name=name)
if not permission:
created_on = datetime.utcfromtimestamp(created_on_seconds)
created_on_seconds += 1
description = "{} permission".format(name)
permission = Permission(name=name, description=description, created_on=created_on)
permission.add(session)
permissions[name] = permission
enable_permission_auditing(session, permissions["audited"].name, users["[email protected]"].id)
return permissions