本文整理汇总了Python中pulp.server.db.model.auth.Permission类的典型用法代码示例。如果您正苦于以下问题:Python Permission类的具体用法?Python Permission怎么用?Python Permission使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Permission类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: update_permission
def update_permission(resource_uri, delta):
"""
Updates a permission object.
:param resource_uri: identifies the resource URI of the permission being deleted
:type resource_uri: str
:param delta: A dict containing update keywords.
:type delta: dict
:raises MissingResource: if the permission does not exist
:raises PulpDataException: if some usupported keys were specified
"""
# Check whether the permission exists
found = Permission.get_collection().find_one({'resource': resource_uri})
if found is None:
raise MissingResource(resource_uri)
for key, value in delta.items():
# simple changes
if key in ('users',):
found[key] = value
continue
# unsupported
raise PulpDataException(_("Update Keyword [%s] is not supported" % key))
Permission.get_collection().save(found, safe=True)示例2: grant
def grant(resource, login, operations):
"""
Grant permission on a resource for a user and a set of operations.
:param resource: uri path representing a pulp resource
:type resource: str
:param login: login of user to grant permissions to
:type login: str
:param operations:list of allowed operations being granted
:type operations: list or tuple of integers
"""
# we don't grant permissions to the system
if login == system.SYSTEM_LOGIN:
return
user = User.get_collection().find_one({'login' : login})
if user is None:
raise MissingResource(user=login)
# Make sure resource is a valid string or unicode
if not isinstance(resource, basestring):
raise InvalidValue(resource)
# Get or create permission if it doesn't already exist
permission = Permission.get_collection().find_one({'resource' : resource})
if permission is None:
permission = PermissionManager.create_permission(resource)
current_ops = permission['users'].setdefault(user['login'], [])
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
Permission.get_collection().save(permission, safe=True)示例3: update_permission
def update_permission(self, resource_uri, delta):
"""
Updates a permission object.
@param resource_uri: identifies the resource URI of the permission being deleted
@type resource_uri: str
@param delta: A dict containing update keywords.
@type delta: dict
@return: The updated object
@rtype: dict
"""
# Check whether the permission exists
found = Permission.get_collection().find_one({'resource' : resource_uri})
if found is None:
raise MissingResource(resource_uri)
for key, value in delta.items():
# simple changes
if key in ('users',):
found[key] = value
continue
# unsupported
raise PulpDataException(_("Update Keyword [%s] is not supported" % key))
Permission.get_collection().save(found, safe=True)示例4: grant
def grant(self, resource, login, operations):
"""
Grant permission on a resource for a user and a set of operations.
@type resource: str
@param resource: uri path representing a pulp resource
@type user: str
@param user: login of user to grant permissions to
@type operations: list or tuple of integers
@param operations:list of allowed operations being granted
"""
user = User.get_collection().find_one({'login' : login})
if user is None:
raise MissingResource(user=login)
# Get or create permission if it doesn't already exist
permission = Permission.get_collection().find_one({'resource' : resource})
if permission is None:
permission = self.create_permission(resource)
current_ops = permission['users'].setdefault(user['login'], [])
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
Permission.get_collection().save(permission, safe=True)示例5: test_user_default_permissions
def test_user_default_permissions(self):
"""
Tests default permissions given to the user after creation.
"""
# Setup
params = {
'login' : 'user-1',
'name' : 'User 1',
'password' : 'test-password',
}
# Test
self.post('/v2/users/', params=params)
# Verify
user = User.get_collection().find_one({'login' : 'user-1'})
self.assertTrue(user is not None)
permission = Permission.get_collection().find_one({'resource' : '/v2/users/user-1/'})
self.assertTrue(permission is not None)
self.assertTrue(next(d for (index, d) in enumerate(permission['users'])
if d['username'] == 'user-1') is not None)
self.assertTrue(next(d for (index, d) in enumerate(permission['users'])
if d['username'] == 'ws-user') is not None)示例6: DELETE
def DELETE(self, login):
"""
Delete a given user object
:param login: the login id of the user to delete
:type login: str
"""
manager = managers.user_manager()
result = manager.delete_user(login)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource': user_link}):
Permission.get_collection().remove({'resource': user_link}, safe=True)
return self.ok(result)示例7: is_authorized
def is_authorized(self, resource, login, operation):
"""
Check to see if a user is authorized to perform an operation on a resource
@type resource: str
@param resource: pulp resource path
@type login: str
@param login: login of user to check permissions for
@type operation: int
@param operation: operation to be performed on resource
@rtype: bool
@return: True if the user is authorized for the operation on the resource,
False otherwise
"""
if self.is_superuser(login):
return True
permission_query_manager = factory.permission_query_manager()
parts = [p for p in resource.split('/') if p]
while parts:
current_resource = '/%s/' % '/'.join(parts)
permission = permission_query_manager.find_by_resource(current_resource)
if permission is not None:
if operation in permission_query_manager.find_user_permission(permission, login):
return True
parts = parts[:-1]
permission = Permission.get_collection().find_one({'resource': '/'})
return (permission is not None and
operation in permission_query_manager.find_user_permission(permission, login))示例8: is_authorized
def is_authorized(resource, login, operation):
"""
Check to see if a user is authorized to perform an operation on a resource.
:param resource: pulp resource url
:type resource: str
:param login: login of user to check permissions for
:type login: str
:param operation: operation to be performed on resource
:type operation: int
:return: True if the user is authorized for the operation on the resource, False otherwise
:rtype: bool
"""
user = model.User.objects.get_or_404(login=login)
if user.is_superuser():
return True
permission_query_manager = manager_factory.permission_query_manager()
# User is authorized if they have access to the resource or any of the its base resources.
parts = [p for p in resource.split('/') if p]
while parts:
current_resource = '/%s/' % '/'.join(parts)
permission = permission_query_manager.find_by_resource(current_resource)
if permission is not None:
if operation in permission_query_manager.find_user_permission(permission, login):
return True
parts = parts[:-1]
permission = Permission.get_collection().find_one({'resource': '/'})
return (permission is not None and
operation in permission_query_manager.find_user_permission(permission, login))示例9: revoke_all_permissions_from_user
def revoke_all_permissions_from_user(self, login):
"""
Revoke all the permissions from a given user
:param login: login of the user to revoke all permissions from
:type login: str
"""
permission_query_manager = factory.permission_query_manager()
for permission in permission_query_manager.find_all():
if permission_query_manager.get_user_permission(permission, login) is None:
continue
permission_query_manager.delete_user_permission(permission, login)
if len(permission['users']) > 0:
Permission.get_collection().save(permission, safe=True)
else:
# Delete entire permission if there are no more users
Permission.get_collection().remove({'resource': permission['resource']}, safe=True)示例10: revoke_all_permissions_from_user
def revoke_all_permissions_from_user(self, login):
"""
Revoke all the permissions from a given user
@type login: str
@param login: login of the user to revoke all permissions from
@rtype: bool
@return: True on success
"""
for permission in factory.permission_query_manager().find_all():
if login not in permission['users']:
continue
del permission['users'][login]
Permission.get_collection().save(permission, safe=True)
return True示例11: revoke
def revoke(resource, login, operations):
"""
Revoke permission on a resource for a user and a set of operations.
:param resource: uri path representing a pulp resource
:type resource: str
:param login: login of user to revoke permissions from
:type login: str
:param operations: list of allowed operations being revoked
:type operations: list or tuple of integers
:raises InvalidValue: if some params are invalid
"""
permission_query_manager = factory.permission_query_manager()
# we don't revoke permissions from the system
if login == system.SYSTEM_LOGIN:
return
user = User.get_collection().find_one({'login': login})
if user is None:
raise InvalidValue(['login'])
permission = Permission.get_collection().find_one({'resource': resource})
if permission is None:
return
current_ops = permission_query_manager.find_user_permission(permission, user['login'])
if not current_ops:
return
for o in operations:
if o not in current_ops:
continue
current_ops.remove(o)
# delete the user from this permission if there are no more allowed operations
if not current_ops:
permission_query_manager.delete_user_permission(permission, user['login'])
# delete the permission if there are no more users
if not permission['users']:
PermissionManager.delete_permission(resource)
return
Permission.get_collection().save(permission, safe=True)示例12: find_all
def find_all(self):
"""
Returns serialized versions of all permissions in the database.
@return: list of serialized permissions
@rtype: list of dict
"""
all_permissions = list(Permission.get_collection().find())
return all_permissions示例13: DELETE
def DELETE(self, login):
manager = managers.user_manager()
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('delete')]
call_request = CallRequest(manager.delete_user,
[login],
tags=tags)
call_request.deletes_resource(dispatch_constants.RESOURCE_USER_TYPE, login)
result = execution.execute(call_request)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource' : user_link}):
Permission.get_collection().remove({'resource' : user_link}, safe=True)
return self.ok(result)示例14: revoke
def revoke(self, resource, login, operations):
"""
Revoke permission on a resource for a user and a set of operations.
@type resource: str
@param resource: uri path representing a pulp resource
@type user: str
@param user: login of user to revoke permissions from
@type operations: list or tuple of integers
@param operations:list of allowed operations being revoked
"""
# we don't revoke permissions from the system
if login == system.SYSTEM_LOGIN:
return
user = User.get_collection().find_one({'login' : login})
if user is None:
raise MissingResource(user=login)
permission = Permission.get_collection().find_one({'resource' : resource})
if permission is None:
return
current_ops = permission['users'].get(user['login'], [])
if not current_ops:
return
for o in operations:
if o not in current_ops:
continue
current_ops.remove(o)
# delete the user if there are no more allowed operations
if not current_ops:
del permission['users'][user['login']]
# delete the permission if there are no more users
if not permission['users']:
self.delete_permission(resource)
return
Permission.get_collection().save(permission, safe=True)示例15: revoke_all_permissions_from_user
def revoke_all_permissions_from_user(self, login):
"""
Revoke all the permissions from a given user
@type login: str
@param login: login of the user to revoke all permissions from
@rtype: bool
@return: True on success
"""
for permission in factory.permission_query_manager().find_all():
if login not in permission['users']:
continue
del permission['users'][login]
if permission['users']:
Permission.get_collection().save(permission, safe=True)
else:
# Delete entire permission if there are no more users
Permission.get_collection().remove({'resource':permission['resource']}, safe=True)