本文整理汇总了Python中pulp.server.managers.factory.permission_manager函数的典型用法代码示例。如果您正苦于以下问题:Python permission_manager函数的具体用法?Python permission_manager怎么用?Python permission_manager使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了permission_manager函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: add_permissions_to_role
def add_permissions_to_role(role_id, resource, operations):
"""
Add permissions to a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to grant permissions to
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being granted
:raise MissingResource: if the given role does not exist
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
current_ops = role['permissions'].setdefault(resource, [])
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
factory.permission_manager().grant(resource, user['login'], operations)
Role.get_collection().save(role, safe=True)示例2: add_user_to_role
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise MissingResource(login)
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for resource, operations in role['permissions'].items():
factory.permission_manager().grant(resource, login, operations)示例3: remove_user_from_role
def remove_user_from_role(role_id, login):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
:param role_id: role identifier
:type role_id: str
:param login: name of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = model.User.objects.get_or_404(login=login)
if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(login):
raise PulpDataException(
_('%(role)s cannot be empty, and %(login)s is the last member') %
{'role': SUPER_USER_ROLE, 'login': login})
if role_id not in user.roles:
return
user.roles.remove(role_id)
user.save()
for item in role['permissions']:
other_roles = factory.role_query_manager().get_other_roles(role, user.roles)
user_ops = _operations_not_granted_by_roles(item['resource'],
item['permission'],
other_roles)
factory.permission_manager().revoke(item['resource'], login, user_ops)示例4: add_user_to_role
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role does not exist
:raise InvalidValue: if some params are invalid
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise InvalidValue(['login'])
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for item in role['permissions']:
factory.permission_manager().grant(item['resource'], login,
item.get('permission', []))示例5: operation_to_name
def operation_to_name(operation):
"""
Convert an operation value to an operation name
Returns None if the operation value is invalid
@type operation: int
@param operation: operation value
@rtype: str or None
@return: operation name
"""
if operation < factory.permission_manager().CREATE or operation > factory.permission_manager().EXECUTE:
return None
return factory.permission_manager().operation_names[operation]示例6: name_to_operation
def name_to_operation(name):
"""
Convert a operation name to an operation value
Returns None if the name does not correspond to an operation
@type name: str
@param name: operation name
@rtype: int or None
@return: operation value
"""
name = name.upper()
if name not in factory.permission_manager().operation_names:
raise InvalidValue('operations')
return factory.permission_manager().operation_names.index(name)示例7: get
def get(self, request):
"""
List all roles.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of roles
:rtype: django.http.HttpResponse
"""
role_query_manager = factory.role_query_manager()
user_query_manager = factory.user_query_manager()
permissions_manager = factory.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
role['users'] = [u['login'] for u in
user_query_manager.find_users_belonging_to_role(role['id'])]
resource_permission = {}
# isolate schema change
if role['permissions']:
for item in role['permissions']:
resource = item['resource']
operations = item.get('permission', [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o)
for o in operations]
role['permissions'] = resource_permission
link = {'_href': reverse('role_resource',
kwargs={'role_id': role['id']})}
role.update(link)
return generate_json_response_with_pulp_encoder(roles)示例8: test_syntactic_sugar_methods
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))示例9: GET
def GET(self):
role_query_manager = managers.role_query_manager()
user_query_manager = managers.user_query_manager()
permissions_manager = managers.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
role['users'] = [u['login'] for u in
user_query_manager.find_users_belonging_to_role(role['id'])]
resource_permission = {}
# isolate schema change
if role['permissions']:
for item in role['permissions']:
resource = item['resource']
operations = item.get('permission', [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o)
for o in operations]
role['permissions'] = resource_permission
for role in roles:
role.update(serialization.link.child_link_obj(role['id']))
return self.ok(roles)示例10: POST
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_CREATE_OPERATION}}
args = [login]
kwargs = {'password': password,
'name': name}
weight = pulp_config.config.getint('tasks', 'create_weight')
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('create')]
call_request = CallRequest(manager.create_user,
args,
kwargs,
resources=resources,
weight=weight,
tags=tags,
kwarg_blacklist=['password'])
user = execution.execute_sync(call_request)
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)示例11: POST
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
args = [login]
kwargs = {'password': password,
'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
user_link = serialization.link.child_link_obj(login)
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)示例12: POST
def POST(self):
# Params
params = self.params()
login = params.get('login', None)
resource = params.get('resource', None)
operation_names = params.get('operations', None)
_check_invalid_params({'login':login,
'resource':resource,
'operation_names':operation_names})
operations = _get_operations(operation_names)
# Grant permission synchronously
permission_manager = managers.permission_manager()
tags = [resource_tag(dispatch_constants.RESOURCE_PERMISSION_TYPE, resource),
resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('grant_permission_to_user')]
call_request = CallRequest(permission_manager.grant,
[resource, login, operations],
tags=tags)
call_request.reads_resource(dispatch_constants.RESOURCE_USER_TYPE, login)
call_request.updates_resource(dispatch_constants.RESOURCE_PERMISSION_TYPE, resource)
return self.ok(execution.execute_sync(call_request))示例13: get
def get(self, request):
"""
List all roles.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of roles
:rtype: django.http.HttpResponse
"""
role_query_manager = factory.role_query_manager()
permissions_manager = factory.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
users = [u.login for u in user_controller.find_users_belonging_to_role(role["id"])]
role["users"] = users
resource_permission = {}
# isolate schema change
if role["permissions"]:
for item in role["permissions"]:
resource = item["resource"]
operations = item.get("permission", [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o) for o in operations]
role["permissions"] = resource_permission
link = {"_href": reverse("role_resource", kwargs={"role_id": role["id"]})}
role.update(link)
return generate_json_response_with_pulp_encoder(roles)示例14: post
def post(self, request):
"""
Revoke permissions from a role.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An empty response
:rtype: django.http.HttpResponse
"""
params = request.body_as_json
role_id = params.get('role_id', None)
resource = params.get('resource', None)
operation_names = params.get('operations', None)
_validate_params({'role_id': role_id,
'resource': resource,
'operation_names': operation_names})
role_manager = factory.role_manager()
permission_manager = factory.permission_manager()
operations = permission_manager.operation_names_to_values(operation_names)
remove_perm = role_manager.remove_permissions_from_role(role_id, resource, operations)
return generate_json_response(remove_perm)示例15: get
def get(self, request):
"""
Retrieve permissions for all resources or for a particular resource.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of permissions for resource/s
:rtype: django.http.HttpResponse
"""
query_params = request.GET
resource = query_params.get('resource', None)
permissions = []
if resource is None:
permissions = factory.permission_query_manager().find_all()
else:
permission = factory.permission_query_manager().find_by_resource(resource)
if permission is not None:
permissions = [permission]
for permission in permissions:
# Isolate the database schema change to behind the api. This should be transparent
users = {}
for item in permission['users']:
users[item['username']] = item['permissions']
permission['users'] = users
permission_manager = factory.permission_manager()
for user, ops in users.items():
users[user] = [permission_manager.operation_value_to_name(o) for o in ops]
return generate_json_response_with_pulp_encoder(permissions)