本文整理汇总了Python中grouper.models.permission.Permission.get方法的典型用法代码示例。如果您正苦于以下问题:Python Permission.get方法的具体用法?Python Permission.get怎么用?Python Permission.get使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类grouper.models.permission.Permission的用法示例。
在下文中一共展示了Permission.get方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: service_account_grants_for_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def service_account_grants_for_permission(self, name):
# type: (str) -> List[ServiceAccountPermissionGrant]
permission = Permission.get(self.session, name=name)
if not permission or not permission.enabled:
return []
grants = (
self.session.query(
User.username,
ServiceAccountPermissionMap.argument,
ServiceAccountPermissionMap.granted_on,
ServiceAccountPermissionMap.id,
)
.filter(
ServiceAccountPermissionMap.permission_id == permission.id,
ServiceAccount.id == ServiceAccountPermissionMap.service_account_id,
User.id == ServiceAccount.user_id,
)
.order_by(User.username, ServiceAccountPermissionMap.argument)
)
return [
ServiceAccountPermissionGrant(
service_account=g.username,
permission=name,
argument=g.argument,
granted_on=g.granted_on,
is_alias=False,
grant_id=g.id,
)
for g in grants.all()
]示例2: revoke_all_group_grants
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def revoke_all_group_grants(self, permission):
# type: (str) -> List[GroupPermissionGrant]
sql_permission = Permission.get(self.session, name=permission)
if not sql_permission:
return []
grants = (
self.session.query(
PermissionMap.id, Group.groupname, PermissionMap.argument, PermissionMap.granted_on
)
.filter(
Group.id == PermissionMap.group_id,
PermissionMap.permission_id == sql_permission.id,
)
.all()
)
ids = [g.id for g in grants]
self.session.query(PermissionMap).filter(PermissionMap.id.in_(ids)).delete(
synchronize_session="fetch"
)
return [
GroupPermissionGrant(
group=g.groupname,
permission=permission,
argument=g.argument,
granted_on=g.granted_on,
is_alias=False,
grant_id=g.id,
)
for g in grants
]示例3: revoke_all_service_account_grants
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def revoke_all_service_account_grants(self, permission):
# type: (str) -> List[ServiceAccountPermissionGrant]
sql_permission = Permission.get(self.session, name=permission)
if not sql_permission:
return []
grants = (
self.session.query(
ServiceAccountPermissionMap.id,
User.username,
ServiceAccountPermissionMap.argument,
ServiceAccountPermissionMap.granted_on,
)
.filter(
User.id == ServiceAccount.user_id,
ServiceAccount.id == ServiceAccountPermissionMap.service_account_id,
PermissionMap.permission_id == sql_permission.id,
)
.all()
)
ids = [g.id for g in grants]
self.session.query(ServiceAccountPermissionMap).filter(
ServiceAccountPermissionMap.id.in_(ids)
).delete(synchronize_session="fetch")
return [
ServiceAccountPermissionGrant(
service_account=g.username,
permission=permission,
argument=g.argument,
granted_on=g.granted_on,
is_alias=False,
grant_id=g.id,
)
for g in grants
]示例4: test_permission_exclude_inactive
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def test_permission_exclude_inactive(session, standard_graph):
"""Ensure disabled groups are excluded from permission data."""
group = Group.get(session, name="team-sre")
permission = Permission.get(session, name="ssh")
assert "team-sre" in [g[0] for g in get_groups_by_permission(session, permission)]
group.disable()
assert "team-sre" not in [g[0] for g in get_groups_by_permission(session, permission)]示例5: group_grants_for_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def group_grants_for_permission(self, name, include_disabled_groups=False):
# type: (str, bool) -> List[GroupPermissionGrant]
permission = Permission.get(self.session, name=name)
if not permission or not permission.enabled:
return []
grants = (
self.session.query(
Group.groupname, PermissionMap.argument, PermissionMap.id, PermissionMap.granted_on
)
.filter(
PermissionMap.permission_id == permission.id, Group.id == PermissionMap.group_id
)
.order_by(Group.groupname, PermissionMap.argument)
)
if not include_disabled_groups:
grants = grants.filter(Group.enabled == True)
return [
GroupPermissionGrant(
group=g.groupname,
permission=name,
argument=g.argument,
granted_on=g.granted_on,
is_alias=False,
grant_id=g.id,
)
for g in grants.all()
]示例6: sync_db_command
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported
# here:
from grouper.models.perf_profile import PerfProfile # noqa
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = Permission.get(session, name)
if test:
continue
permission = Permission(name=name, description=description)
try:
permission.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create permission: %s' % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create group: grouper-administrators')
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = Permission.get(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()示例7: test_grant_and_revoke
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def test_grant_and_revoke(session, standard_graph, graph, groups, permissions,
http_client, base_url):
"""Test that permission grant and revokes are reflected correctly."""
group_name = "team-sre"
permission_name = "sudo"
user_name = "[email protected]"
def _check_graph_for_perm(graph):
return any(map(lambda x: x.permission == permission_name,
graph.permission_metadata[group_name]))
# make some permission admins
perm_admin, _ = Permission.get_or_create(session, name=PERMISSION_ADMIN, description="")
session.commit()
grant_permission(groups["security-team"], perm_admin)
# grant attempt by non-permission admin
fe_url = url(base_url, "/permissions/grant/{}".format(group_name))
with pytest.raises(HTTPError):
yield http_client.fetch(fe_url, method="POST",
body=urlencode({"permission": permission_name, "argument": "specific_arg"}),
headers={'X-Grouper-User': "[email protected]"})
graph.update_from_db(session)
assert not _check_graph_for_perm(graph), "no permissions granted"
# grant by permission admin
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({"permission": permission_name, "argument": "specific_arg"}),
headers={'X-Grouper-User': user_name})
assert resp.code == 200
graph.update_from_db(session)
assert _check_graph_for_perm(graph), "permissions granted, successfully"
# figure out mapping_id of grant
permission_id = Permission.get(session, name=permission_name).id
group_id = Group.get(session, name=group_name).id
mapping = session.query(PermissionMap).filter(
PermissionMap.permission_id == permission_id,
PermissionMap.group_id == group_id).first()
# revoke permission by non-admin
fe_url = url(base_url, "/permissions/{}/revoke/{}".format(permission_name, mapping.id))
with pytest.raises(HTTPError):
yield http_client.fetch(fe_url, method="POST", body=urlencode({}),
headers={'X-Grouper-User': "[email protected]"})
graph.update_from_db(session)
assert _check_graph_for_perm(graph), "permissions not revoked"
# revoke permission for realz
resp = yield http_client.fetch(fe_url, method="POST", body=urlencode({}),
headers={'X-Grouper-User': user_name})
assert resp.code == 200
graph.update_from_db(session)
assert not _check_graph_for_perm(graph), "permissions revoked successfully"示例8: post
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def post(self, group_id=None, name=None, account_id=None, accountname=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
service_account = ServiceAccount.get(self.session, account_id, accountname)
if not service_account:
return self.notfound()
user = service_account.user
if not self.check_access(self.session, self.current_user, service_account):
return self.forbidden()
grantable = group.my_permissions()
form = self.get_form(grantable)
if not form.validate():
return self.render(
"service-account-permission-grant.html", form=form, user=user, group=group,
alerts=self.get_form_alerts(form.errors)
)
permission = Permission.get(self.session, form.data["permission"])
if not permission:
return self.notfound()
allowed = False
for perm in grantable:
if perm[1] == permission.name:
if matches_glob(perm[3], form.data["argument"]):
allowed = True
break
if not allowed:
form.argument.errors.append(
"The group {} does not have that permission".format(group.name))
return self.render(
"service-account-permission-grant.html", form=form, user=user, group=group,
alerts=self.get_form_alerts(form.errors)
)
try:
grant_permission_to_service_account(
self.session, service_account, permission, form.data["argument"])
except IntegrityError:
self.session.rollback()
return self.render(
"service-account-permission-grant.html", form=form, user=user,
alerts=self.get_form_alerts(form.errors)
)
AuditLog.log(self.session, self.current_user.id, "grant_permission",
"Granted permission with argument: {}".format(form.data["argument"]),
on_permission_id=permission.id, on_group_id=group.id,
on_user_id=service_account.user.id)
return self.redirect("/groups/{}/service/{}?refresh=yes".format(
group.name, service_account.user.username))示例9: revoke_permission_from_group
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def revoke_permission_from_group(self, permission, argument, group):
# type: (str, str, str) -> None
permission_obj = Permission.get(self.session, name=permission)
assert permission_obj
group_obj = Group.get(self.session, name=group)
assert group_obj
self.session.query(PermissionMap).filter(
PermissionMap.permission_id == permission_obj.id,
PermissionMap.group_id == group_obj.id,
PermissionMap.argument == argument,
).delete()示例10: get_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def get_permission(session, name):
# type: (Session, str) -> Optional[Permission]
"""Get a permission
Arg(s):
session(models.base.session.Session): database session
name(str): the name of the permission
Returns:
The permission if found, None otherwise
"""
return Permission.get(session, name=name)示例11: get_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def get_permission(self, name):
# type: (str) -> Optional[Permission]
permission = SQLPermission.get(self.session, name=name)
if not permission:
return None
return Permission(
name=permission.name,
description=permission.description,
created_on=permission.created_on,
audited=permission.audited,
enabled=permission.enabled,
)示例12: entries_affecting_permission
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def entries_affecting_permission(self, permission, limit):
# type: (str, int) -> List[AuditLogEntry]
permission_obj = Permission.get(self.session, name=permission)
if not permission_obj:
return []
results = (
self.session.query(AuditLog)
.filter(AuditLog.on_permission_id == permission_obj.id)
.order_by(desc(AuditLog.log_time))
.limit(limit)
)
return [self._to_audit_log_entry(e) for e in results]示例13: test_permission_disable_denied
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def test_permission_disable_denied(setup):
# type: (SetupTest) -> None
with setup.transaction():
setup.create_user("[email protected]")
setup.create_permission("some-permission")
mock_ui = MagicMock()
usecase = setup.usecase_factory.create_disable_permission_usecase("[email protected]", mock_ui)
usecase.disable_permission("some-permission")
assert mock_ui.mock_calls == [
call.disable_permission_failed_permission_denied("some-permission")
]
assert Permission.get(setup.session, name="some-permission").enabled示例14: grant_permission_to_group
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def grant_permission_to_group(self, permission, argument, group):
# type: (str, str, str) -> None
sql_group = Group.get(self.session, name=group)
if not sql_group:
raise GroupNotFoundException(group)
sql_permission = Permission.get(self.session, name=permission)
if not sql_permission:
raise PermissionNotFoundException(permission)
mapping = PermissionMap(
permission_id=sql_permission.id, group_id=sql_group.id, argument=argument
)
mapping.add(self.session)示例15: get
# 需要导入模块: from grouper.models.permission import Permission [as 别名]
# 或者: from grouper.models.permission.Permission import get [as 别名]
def get(self, name=None):
# TODO: use cached data instead, add refresh to appropriate redirects.
permission = Permission.get(self.session, name)
if not permission:
return self.notfound()
can_delete = self.current_user.permission_admin
mapped_groups = get_groups_by_permission(self.session, permission)
log_entries = get_log_entries_by_permission(self.session, permission)
self.render(
"permission.html", permission=permission, can_delete=can_delete,
mapped_groups=mapped_groups, log_entries=log_entries,
)