本文整理汇总了Python中pulp.server.db.model.auth.Role.get_collection方法的典型用法代码示例。如果您正苦于以下问题:Python Role.get_collection方法的具体用法?Python Role.get_collection怎么用?Python Role.get_collection使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pulp.server.db.model.auth.Role
的用法示例。
在下文中一共展示了Role.get_collection方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: update_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def update_role(role_id, delta):
"""
Updates a role object.
:param role_id: The role identifier.
:type role_id: str
:param delta: A dict containing update keywords.
:type delta: dict
:return: The updated object
:rtype: dict
:raise MissingResource: if the given role does not exist
:raise PulpDataException: if update keyword is not supported
"""
delta.pop('id', None)
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
for key, value in delta.items():
# simple changes
if key in ('display_name', 'description',):
role[key] = value
continue
# unsupported
raise PulpDataException(_("Update Keyword [%s] is not supported" % key))
Role.get_collection().save(role, safe=True)
# Retrieve the user to return the SON object
updated = Role.get_collection().find_one({'id': role_id})
return updated
示例2: add_permissions_to_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def add_permissions_to_role(role_id, resource, operations):
"""
Add permissions to a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to grant permissions to
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being granted
:raise MissingResource: if the given role does not exist
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
current_ops = role['permissions'].setdefault(resource, [])
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
factory.permission_manager().grant(resource, user['login'], operations)
Role.get_collection().save(role, safe=True)
示例3: create_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def create_role(role_id, display_name=None, description=None):
"""
Creates a new Pulp role.
:param role_id: unique identifier for the role
:type role_id: str
:param display_name: user-readable name of the role
:type display_name: str
:param description: free form text used to describe the role
:type description: str
:raise DuplicateResource: if there is already a role with the requested name
:raise InvalidValue: if any of the fields are unacceptable
:return: The created object
:rtype: dict
"""
existing_role = Role.get_collection().find_one({'id': role_id})
if existing_role is not None:
raise DuplicateResource(role_id)
if role_id is None or _ROLE_NAME_REGEX.match(role_id) is None:
raise InvalidValue(['role_id'])
# Use the ID for the display name if one was not specified
display_name = display_name or role_id
# Creation
create_me = Role(id=role_id, display_name=display_name, description=description)
Role.get_collection().save(create_me, safe=True)
# Retrieve the role to return the SON object
created = Role.get_collection().find_one({'id': role_id})
return created
示例4: ensure_super_user_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def ensure_super_user_role(self):
"""
Ensure that the super user role exists.
"""
role = self.get_role(SUPER_USER_ROLE)
if role is None:
role = self.create_role(SUPER_USER_ROLE, 'Super Users',
'Role indicates users with admin privileges')
role['permissions'] = {'/': [CREATE, READ, UPDATE, DELETE, EXECUTE]}
Role.get_collection().save(role, safe=True)
示例5: ensure_super_user_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def ensure_super_user_role(self):
"""
Ensure that the super user role exists.
"""
role = Role.get_collection().find_one({'id' : self.super_user_role})
if role is None:
role = self.create_role(self.super_user_role, 'Super Users', 'Role indicates users with admin privileges')
pm = factory.permission_manager()
role['permissions'] = {'/':[pm.CREATE, pm.READ, pm.UPDATE, pm.DELETE, pm.EXECUTE]}
Role.get_collection().save(role, safe=True)
示例6: add_user_to_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise MissingResource(login)
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for resource, operations in role['permissions'].items():
factory.permission_manager().grant(resource, login, operations)
示例7: remove_user_from_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def remove_user_from_role(role_id, login):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
:param role_id: role identifier
:type role_id: str
:param login: name of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = model.User.objects.get_or_404(login=login)
if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(login):
raise PulpDataException(
_('%(role)s cannot be empty, and %(login)s is the last member') %
{'role': SUPER_USER_ROLE, 'login': login})
if role_id not in user.roles:
return
user.roles.remove(role_id)
user.save()
for item in role['permissions']:
other_roles = factory.role_query_manager().get_other_roles(role, user.roles)
user_ops = _operations_not_granted_by_roles(item['resource'],
item['permission'],
other_roles)
factory.permission_manager().revoke(item['resource'], login, user_ops)
示例8: add_user_to_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role does not exist
:raise InvalidValue: if some params are invalid
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise InvalidValue(['login'])
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for item in role['permissions']:
factory.permission_manager().grant(item['resource'], login,
item.get('permission', []))
示例9: remove_permissions_from_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def remove_permissions_from_role(role_id, resource, operations):
"""
Remove permissions from a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to revoke permissions from
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being revoked
:raise InvalidValue: if some params are invalid
:raise PulpDataException: if role is a superuser role
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise InvalidValue(['role_id'])
resource_permission = {}
current_ops = []
for item in role['permissions']:
if item['resource'] == resource:
resource_permission = item
current_ops = resource_permission['permission']
if not current_ops:
return
for o in operations:
if o not in current_ops:
continue
current_ops.remove(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
other_roles = factory.role_query_manager().get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(resource,
operations,
other_roles)
factory.permission_manager().revoke(resource, user['login'], user_ops)
# in no more allowed operations, remove the resource
if not current_ops:
role['permissions'].remove(resource_permission)
Role.get_collection().save(role, safe=True)
示例10: find_all
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def find_all(self):
"""
Returns serialized versions of all role in the database.
@return: list of serialized roles
@rtype: list of dict
"""
all_roles = list(Role.get_collection().find())
return all_roles
示例11: _validate_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def _validate_role():
"""
Validate the Role model
@rtype: int
@return: number of errors found during validation
"""
objectdb = Role.get_collection()
reference = Role(u'')
return _validate_model(Role.__name__, objectdb, reference)
示例12: find_by_id
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def find_by_id(self, role_id):
"""
Returns a serialized version of the given role if it exists.
If a role cannot be found with the given id, None is returned.
@return: serialized data describing the role
@rtype: dict or None
"""
role = Role.get_collection().find_one({"id": role_id})
return role
示例13: add_permissions_to_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def add_permissions_to_role(role_id, resource, operations):
"""
Add permissions to a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to grant permissions to
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being granted
:raise InvalidValue: if some params are invalid
:raise PulpDataException: if role is a superuser role
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise InvalidValue(['role_id'])
if not role['permissions']:
role['permissions'] = []
resource_permission = {}
current_ops = []
for item in role['permissions']:
if item['resource'] == resource:
resource_permission = item
current_ops = resource_permission['permission']
if not resource_permission:
resource_permission = dict(resource=resource, permission=current_ops)
role['permissions'].append(resource_permission)
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
factory.permission_manager().grant(resource, user['login'], operations)
Role.get_collection().save(role, safe=True)
示例14: remove_permissions_from_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def remove_permissions_from_role(self, role_id, resource, operations):
"""
Remove permissions from a role.
@type role_id: str
@param role_id: role identifier
@type resource: str
@param resource: resource path to revoke permissions from
@type operations: list of allowed operations being revoked
@param operations: list or tuple
@raise MissingResource: if the given role does not exist
"""
if role_id == self.super_user_role:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id' : role_id})
if role is None:
raise MissingResource(role_id)
current_ops = role['permissions'].get(resource, [])
if not current_ops:
return
for o in operations:
if o not in current_ops:
continue
current_ops.remove(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
other_roles = factory.role_query_manager().get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(resource,
operations,
other_roles)
factory.permission_manager().revoke(resource, user['login'], user_ops)
# in no more allowed operations, remove the resource
if not current_ops:
del role['permissions'][resource]
Role.get_collection().save(role, safe=True)
示例15: get_role
# 需要导入模块: from pulp.server.db.model.auth import Role [as 别名]
# 或者: from pulp.server.db.model.auth.Role import get_collection [as 别名]
def get_role(role):
"""
Get a Role by id.
:param role: A role id to search for
:type role: str
:return: a Role object that have the given role id.
:rtype: Role or None
"""
return Role.get_collection().find_one({'id': role})