当前位置: 首页>>代码示例>>Python>>正文


Python rbac.Role类代码示例

本文整理汇总了Python中st2common.persistence.rbac.Role的典型用法代码示例。如果您正苦于以下问题:Python Role类的具体用法?Python Role怎么用?Python Role使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了Role类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: setUp

    def setUp(self):
        super(PolicyTypeControllerRBACTestCase, self).setUp()
        self.models = self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                               fixtures_dict=TEST_FIXTURES)

        file_name = 'fake_policy_type_1.yaml'
        PolicyTypeControllerRBACTestCase.POLICY_TYPE_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]

        file_name = 'fake_policy_type_2.yaml'
        PolicyTypeControllerRBACTestCase.POLICY_TYPE_2 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'policytypes': [file_name]})['policytypes'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='policy_type_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['policy_type_list'] = user_1_db

        user_2_db = UserDB(name='policy_type_view')
        user_2_db = User.add_or_update(user_2_db)
        self.users['policy_type_view'] = user_2_db

        # Roles
        # policy_type_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.POLICY_TYPE,
                                     permission_types=[PermissionType.POLICY_TYPE_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='policy_type_list', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['policy_type_list'] = role_1_db

        # policy_type_view on timer 1
        policy_type_uid = self.models['policytypes']['fake_policy_type_1.yaml'].get_uid()
        grant_db = PermissionGrantDB(resource_uid=policy_type_uid,
                                     resource_type=ResourceType.POLICY_TYPE,
                                     permission_types=[PermissionType.POLICY_TYPE_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='policy_type_view', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['policy_type_view'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['policy_type_list'].name,
            role=self.roles['policy_type_list'].name,
            source='assignments/%s.yaml' % self.users['policy_type_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['policy_type_view'].name,
            role=self.roles['policy_type_view'].name,
            source='assignments/%s.yaml' % self.users['policy_type_view'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:60,代码来源:test_policies_rbac.py

示例2: test_sync_roles_locally_removed_roles_are_removed_from_db

    def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
        syncer = RBACDefinitionsDBSyncer()

        # Initial state, DB is empty, we sync with two roles defined on disk
        self.assertEqual(len(Role.get_all()), 0)

        api1 = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                           permission_grants=[])
        api2 = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2',
                                           permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api1, api2])
        self.assertEqual(len(created_role_dbs), 2)
        self.assertItemsEqual(deleted_role_dbs, [])

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 2)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertRoleDBObjectExists(role_db=created_role_dbs[1])

        # We sync again, this time with one role (role 1) removed locally
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api2])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertEqual(len(deleted_role_dbs), 2)

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 1)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertEqual(Role.get_all()[0].name, 'test_role_2')
开发者ID:agilee,项目名称:st2,代码行数:28,代码来源:test_rbac_syncer.py

示例3: delete_role

def delete_role(name):
    """"
    Delete role with the provided name.
    """
    if name in SystemRole.get_valid_values():
        raise ValueError("System roles can't be deleted")

    role_db = Role.get(name=name)
    result = Role.delete(role_db)
    return result
开发者ID:rlugojr,项目名称:st2,代码行数:10,代码来源:rbac.py

示例4: setUp

    def setUp(self):
        super(RunnerPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='custom_role_runner_view_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_runner_view_grant'] = user_1_db

        user_2_db = UserDB(name='custom_role_runner_modify_grant')
        user_2_db = User.add_or_update(user_2_db)
        self.users['custom_role_runner_modify_grant'] = user_2_db

        # Create some mock resources on which permissions can be granted
        runner_1_db = RunnerTypeDB(name='runner_1')
        self.resources['runner_1'] = runner_1_db

        runner_2_db = RunnerTypeDB(name='runner_2')
        self.resources['runner_2'] = runner_2_db

        # Create some mock roles with associated permission grants
        # Custom role - "runner_view" grant on runner_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['runner_1'].get_uid(),
                                     resource_type=ResourceType.RUNNER,
                                     permission_types=[PermissionType.RUNNER_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_runner_view_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_runner_view_grant'] = role_db

        # Custom role - "runner_modify" grant on runner_2
        grant_db = PermissionGrantDB(resource_uid=self.resources['runner_2'].get_uid(),
                                     resource_type=ResourceType.RUNNER,
                                     permission_types=[PermissionType.RUNNER_MODIFY])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_runner_modify_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_runner_modify_grant'] = role_db

        # Create some mock role assignments
        user_db = self.users['custom_role_runner_view_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_runner_view_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        user_db = self.users['custom_role_runner_modify_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['custom_role_runner_modify_grant'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:Bala96,项目名称:st2,代码行数:54,代码来源:test_rbac_resolvers_runner.py

示例5: insert_system_roles

def insert_system_roles():
    """
    Migration which inserts the default system roles.
    """
    system_roles = SystemRole.get_valid_values()

    for role_name in system_roles:
        description = role_name
        role_db = RoleDB(name=role_name, description=description, system=True)

        try:
            Role.insert(role_db, log_not_unique_error_as_debug=True)
        except (StackStormDBObjectConflictError, NotUniqueError):
            pass
开发者ID:rlugojr,项目名称:st2,代码行数:14,代码来源:migrations.py

示例6: setUp

    def setUp(self):
        super(WebhookControllerRBACTestCase, self).setUp()

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='webhook_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['webhook_list'] = user_1_db

        user_2_db = UserDB(name='webhook_view')
        user_2_db = User.add_or_update(user_2_db)
        self.users['webhook_view'] = user_2_db

        # Roles
        # webhook_list
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_LIST])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='webhook_list', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['webhook_list'] = role_1_db

        # webhook_view on webhook 1 (git)
        name = 'git'
        webhook_db = WebhookDB(name=name)
        webhook_uid = webhook_db.get_uid()
        grant_db = PermissionGrantDB(resource_uid=webhook_uid,
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_VIEW])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='webhook_view', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['webhook_view'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['webhook_list'].name,
            role=self.roles['webhook_list'].name,
            source='assignments/%s.yaml' % self.users['webhook_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)

        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['webhook_view'].name,
            role=self.roles['webhook_view'].name,
            source='assignments/%s.yaml' % self.users['webhook_view'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:50,代码来源:test_webhooks_rbac.py

示例7: get_all_roles

def get_all_roles(exclude_system=False):
    """
    Retrieve all the available roles.

    :param exclude_system: True to exclude system roles.
    :type exclude_system: ``bool``

    :rtype: ``list`` of :class:`RoleDB`
    """
    if exclude_system:
        result = Role.query(system=False)
    else:
        result = Role.get_all()

    return result
开发者ID:rlugojr,项目名称:st2,代码行数:15,代码来源:rbac.py

示例8: get_all_permission_grants_for_user

def get_all_permission_grants_for_user(user_db, resource_uid=None, resource_types=None, permission_types=None):
    """
    Retrieve all the permission grants for a particular user optionally filtering on:

    - Resource uid
    - Resource types
    - Permission types

    The result is a union of all the permission grants assigned to the roles which are assigned to
    the user.

    :rtype: ``list`` or :class:`PermissionGrantDB`
    """
    role_names = UserRoleAssignment.query(user=user_db.name).only("role").scalar("role")
    permission_grant_ids = Role.query(name__in=role_names).scalar("permission_grants")
    permission_grant_ids = sum(permission_grant_ids, [])

    permission_grants_filters = {}
    permission_grants_filters["id__in"] = permission_grant_ids

    if resource_uid:
        permission_grants_filters["resource_uid"] = resource_uid

    if resource_types:
        permission_grants_filters["resource_type__in"] = resource_types

    if permission_types:
        permission_grants_filters["permission_types__in"] = permission_types

    permission_grant_dbs = PermissionGrant.query(**permission_grants_filters)
    return permission_grant_dbs
开发者ID:rlugojr,项目名称:st2,代码行数:31,代码来源:rbac.py

示例9: setUp

    def setUp(self):
        super(RBACRoleAssignmentsControllerRBACTestCase, self).setUp()

        # Insert mock users, roles and assignments
        self.role_assignments = {}

        # Users
        user_1_db = UserDB(name='user_foo')
        user_1_db = User.add_or_update(user_1_db)
        self.users['user_foo'] = user_1_db

        # Roles
        role_1_db = RoleDB(name='user_foo', permission_grants=[])
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['user_foo'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['user_foo'].name,
            role=self.roles['user_foo'].name,
            source='assignments/%s.yaml' % self.users['user_foo'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
        self.role_assignments['assignment_one'] = role_assignment_db

        role_assignment_db = UserRoleAssignmentDB(
            user='user_bar',
            role=self.roles['user_foo'].name,
            source='assignments/user_bar.yaml')
        UserRoleAssignment.add_or_update(role_assignment_db)
        self.role_assignments['assignment_two'] = role_assignment_db
开发者ID:lyandut,项目名称:st2,代码行数:30,代码来源:test_rbac_rbac.py

示例10: setUp

    def setUp(self):
        super(ActionControllerRBACTestCase, self).setUp()
        self.fixtures_loader.save_fixtures_to_db(fixtures_pack=FIXTURES_PACK,
                                                 fixtures_dict=TEST_FIXTURES)

        file_name = 'action1.yaml'
        ActionControllerRBACTestCase.ACTION_1 = self.fixtures_loader.load_fixtures(
            fixtures_pack=FIXTURES_PACK,
            fixtures_dict={'actions': [file_name]})['actions'][file_name]

        # Insert mock users, roles and assignments

        # Users
        user_2_db = UserDB(name='action_create')
        user_2_db = User.add_or_update(user_2_db)
        self.users['action_create'] = user_2_db

        # Roles
        # action_create grant on parent pack
        grant_db = PermissionGrantDB(resource_uid='pack:examples',
                                     resource_type=ResourceType.PACK,
                                     permission_types=[PermissionType.ACTION_CREATE])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='action_create', permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['action_create'] = role_1_db

        # Role assignments
        user_db = self.users['action_create']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name,
            role=self.roles['action_create'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:Bala96,项目名称:st2,代码行数:34,代码来源:test_actions_rbac.py

示例11: _sync_user_role_assignments

    def _sync_user_role_assignments(self, user_db, role_assignment_dbs, role_assignment_api):
        """
        Synchronize role assignments for a particular user.

        :param user_db: User to synchronize the assignments for.
        :type user_db: :class:`UserDB`

        :param role_assignment_dbs: Existing user role assignments.
        :type role_assignment_dbs: ``list`` of :class:`UserRoleAssignmentDB`

        :param role_assignment_api: Role assignment API for a particular user.
        :param role_assignment_api: :class:`UserRoleAssignmentFileFormatAPI`

        :rtype: ``tuple``
        """
        db_role_names = [role_assignment_db.role for role_assignment_db in role_assignment_dbs]
        db_role_names = set(db_role_names)
        api_role_names = role_assignment_api.roles if role_assignment_api else []
        api_role_names = set(api_role_names)

        # A list of new assignments which should be added to the database
        new_role_names = api_role_names.difference(db_role_names)

        # A list of assgignments which need to be updated in the database
        updated_role_names = db_role_names.intersection(api_role_names)

        # A list of assignments which should be removed from the database
        removed_role_names = db_role_names - api_role_names

        LOG.debug('New assignments for user "%s": %r' % (user_db.name, new_role_names))
        LOG.debug('Updated assignments for user "%s": %r' % (user_db.name, updated_role_names))
        LOG.debug('Removed assignments for user "%s": %r' % (user_db.name, removed_role_names))

        # Build a list of role assignments to delete
        role_names_to_delete = updated_role_names.union(removed_role_names)
        role_assignment_dbs_to_delete = [
            role_assignment_db
            for role_assignment_db in role_assignment_dbs
            if role_assignment_db.role in role_names_to_delete
        ]

        UserRoleAssignment.query(user=user_db.name, role__in=role_names_to_delete).delete()
        LOG.debug('Removed %s assignments for user "%s"' % (len(role_assignment_dbs_to_delete), user_db.name))

        # Build a list of roles assignments to create
        role_names_to_create = new_role_names.union(updated_role_names)
        role_dbs_to_assign = Role.query(name__in=role_names_to_create)

        created_role_assignment_dbs = []
        for role_db in role_dbs_to_assign:
            if role_db.name in role_assignment_api.roles:
                description = getattr(role_assignment_api, "description", None)
            else:
                description = None
            assignment_db = rbac_services.assign_role_to_user(role_db=role_db, user_db=user_db, description=description)
            created_role_assignment_dbs.append(assignment_db)

        LOG.debug('Created %s new assignments for user "%s"' % (len(role_dbs_to_assign), user_db.name))

        return (created_role_assignment_dbs, role_assignment_dbs_to_delete)
开发者ID:azamsheriff,项目名称:st2,代码行数:60,代码来源:syncer.py

示例12: setUp

    def setUp(self):
        super(WebhookPermissionsResolverTestCase, self).setUp()

        # Create some mock users
        user_1_db = UserDB(name='custom_role_webhook_grant')
        user_1_db = User.add_or_update(user_1_db)
        self.users['custom_role_webhook_grant'] = user_1_db

        # Create some mock resources on which permissions can be granted
        webhook_1_db = WebhookDB(name='st2/')
        self.resources['webhook_1'] = webhook_1_db

        # Create some mock roles with associated permission grants
        # Custom role - "webhook_send" grant on webhook_1
        grant_db = PermissionGrantDB(resource_uid=self.resources['webhook_1'].get_uid(),
                                     resource_type=ResourceType.WEBHOOK,
                                     permission_types=[PermissionType.WEBHOOK_SEND])
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_db = RoleDB(name='custom_role_webhook_grant',
                         permission_grants=permission_grants)
        role_db = Role.add_or_update(role_db)
        self.roles['custom_role_webhook_grant'] = role_db

        # Create some mock role assignments
        user_db = self.users['custom_role_webhook_grant']
        role_assignment_db = UserRoleAssignmentDB(
            user=user_db.name, role=self.roles['custom_role_webhook_grant'].name,
            source='assignments/%s.yaml' % user_db.name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:30,代码来源:test_rbac_resolvers_webhook.py

示例13: setUp

    def setUp(self):
        super(ExecutionViewsFiltersControllerRBACTestCase, self).setUp()

        # Insert mock users, roles and assignments

        # Users
        user_1_db = UserDB(name='execution_views_filters_list')
        user_1_db = User.add_or_update(user_1_db)
        self.users['execution_views_filters_list'] = user_1_db

        # Roles
        # trace_list
        permission_types = [PermissionType.EXECUTION_VIEWS_FILTERS_LIST]
        grant_db = PermissionGrantDB(resource_uid=None,
                                     resource_type=ResourceType.EXECUTION,
                                     permission_types=permission_types)
        grant_db = PermissionGrant.add_or_update(grant_db)
        permission_grants = [str(grant_db.id)]
        role_1_db = RoleDB(name='execution_views_filters_list',
                           permission_grants=permission_grants)
        role_1_db = Role.add_or_update(role_1_db)
        self.roles['execution_views_filters_list'] = role_1_db

        # Role assignments
        role_assignment_db = UserRoleAssignmentDB(
            user=self.users['execution_views_filters_list'].name,
            role=self.roles['execution_views_filters_list'].name,
            source='assignments/%s.yaml' % self.users['execution_views_filters_list'].name)
        UserRoleAssignment.add_or_update(role_assignment_db)
开发者ID:lyandut,项目名称:st2,代码行数:29,代码来源:test_executions_filters_rbac.py

示例14: get_system_roles

def get_system_roles():
    """
    Retrieve all the available system roles.

    :rtype: ``list`` of :class:`RoleDB`
    """
    result = Role.query(system=True)
    return result
开发者ID:rlugojr,项目名称:st2,代码行数:8,代码来源:rbac.py

示例15: get_role_by_name

def get_role_by_name(name):
    """
    Retrieve role by name.

    :rtype: ``list`` of :class:`RoleDB`
    """
    result = Role.get(name=name)
    return result
开发者ID:rlugojr,项目名称:st2,代码行数:8,代码来源:rbac.py


注:本文中的st2common.persistence.rbac.Role类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。