当前位置: 首页>>代码示例>>Python>>正文


Python types.PermissionType类代码示例

本文整理汇总了Python中st2common.rbac.types.PermissionType的典型用法代码示例。如果您正苦于以下问题:Python PermissionType类的具体用法?Python PermissionType怎么用?Python PermissionType使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了PermissionType类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: main

def main():
    lines = []
    lines.append(HEADER)
    lines.append('')

    for resource_type in RESOURCE_DISPLAY_ORDER:
        resource_title = resource_type.replace('_', ' ').title()  # pylint: disable=no-member
        lines.append('%s' % (resource_title))
        lines.append('~' * len(resource_title))
        lines.append('')

        permission_types = PermissionType.get_valid_permissions_for_resource_type(
            resource_type=resource_type)

        rows = []
        rows.append(TABLE_HEADER)

        for permission_type in permission_types:
            description = PermissionType.get_permission_description(permission_type)
            rows.append([permission_type, description])

        table = as_rest_table(rows, full=True)
        lines.extend(table.split('\n'))
        lines.append('')

    result = '\n'.join(lines)
    with open(DESTINATION_PATH, 'w') as fp:
        fp.write(result)

    print('Generated: %s' % (DESTINATION_PATH))
    return result
开发者ID:alexmakarski,项目名称:st2,代码行数:31,代码来源:generate-available-permission-types-table.py

示例2: main

def main():
    lines = []
    lines.append(HEADER)
    lines.append("")

    for resource_type in RESOURCE_DISPLAY_ORDER:
        resource_title = resource_type.replace("_", " ").title()  # pylint: disable=no-member
        lines.append("%s" % (resource_title))
        lines.append("~" * len(resource_title))
        lines.append("")

        permission_types = PermissionType.get_valid_permissions_for_resource_type(resource_type=resource_type)

        rows = []
        rows.append(TABLE_HEADER)

        for permission_type in permission_types:
            description = PermissionType.get_permission_description(permission_type)
            rows.append(["**%s**" % (permission_type), description])

        table = as_rest_table(rows, full=True)
        lines.extend(table.split("\n"))
        lines.append("")

    result = "\n".join(lines)
    with open(DESTINATION_PATH, "w") as fp:
        fp.write(result)

    print("Generated: %s" % (DESTINATION_PATH))
    return result
开发者ID:jspittman,项目名称:st2,代码行数:30,代码来源:generate-available-permission-types-table.py

示例3: _user_has_resource_permission

    def _user_has_resource_permission(self, user_db, pack_uid, resource_uid, permission_type):
        log_context = {
            'user_db': user_db,
            'pack_uid': pack_uid,
            'resource_uid': resource_uid,
            'resource_type': self.resource_type,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user resource permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role', extra=log_context)
            return True

        # Check custom roles
        view_permission_type = PermissionType.get_permission_type(resource_type=self.resource_type,
                                                                  permission_name='view')
        all_permission_type = PermissionType.get_permission_type(resource_type=self.resource_type,
                                                                 permission_name='all')

        if permission_type == view_permission_type:
            # Note: Some permissions such as "create", "modify", "delete" and "execute" also
            # grant / imply "view" permission
            permission_types = self.view_grant_permission_types[:] + [permission_type]
        elif permission_type not in all_permission_type:
            permission_types = [all_permission_type, permission_type]
        else:
            permission_types = [permission_type]

        # Check direct grants on the specified resource
        resource_types = [self.resource_type]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=resource_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)
        if len(permission_grants) >= 1:
            self._log('Found a direct grant on the action', extra=log_context)
            return True

        # Check grants on the parent pack
        resource_types = [ResourceType.PACK]
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               resource_uid=pack_uid,
                                                               resource_types=resource_types,
                                                               permission_types=permission_types)

        if len(permission_grants) >= 1:
            self._log('Found a grant on the action parent pack', extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
开发者ID:hejin,项目名称:st2,代码行数:57,代码来源:resolvers.py

示例4: test_get_permission_type

 def test_get_permission_type(self):
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
                                                         permission_name='view'),
                     PermissionType.ACTION_VIEW)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
                                                         permission_name='all'),
                     PermissionType.ACTION_ALL)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
                                                         permission_name='execute'),
                     PermissionType.ACTION_EXECUTE)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.RULE,
                                                         permission_name='view'),
                     PermissionType.RULE_VIEW)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.RULE,
                                                         permission_name='delete'),
                     PermissionType.RULE_DELETE)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
                                                         permission_name='view'),
                     PermissionType.SENSOR_VIEW)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
                                                         permission_name='all'),
                     PermissionType.SENSOR_ALL)
     self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
                                                         permission_name='modify'),
                     PermissionType.SENSOR_MODIFY)
     self.assertEqual(
         PermissionType.get_permission_type(resource_type=ResourceType.RULE_ENFORCEMENT,
                                            permission_name='view'),
         PermissionType.RULE_ENFORCEMENT_VIEW)
开发者ID:lyandut,项目名称:st2,代码行数:29,代码来源:test_rbac_types.py

示例5: test_get_valid_permission_for_resource_type

    def test_get_valid_permission_for_resource_type(self):
        valid_action_permissions = PermissionType.get_valid_permissions_for_resource_type(
            resource_type=ResourceType.ACTION
        )

        for name in valid_action_permissions:
            self.assertTrue(name.startswith(ResourceType.ACTION + "_"))

        valid_rule_permissions = PermissionType.get_valid_permissions_for_resource_type(resource_type=ResourceType.RULE)

        for name in valid_rule_permissions:
            self.assertTrue(name.startswith(ResourceType.RULE + "_"))
开发者ID:agilee,项目名称:st2,代码行数:12,代码来源:test_rbac.py

示例6: test_user_has_resource_db_permission

    def test_user_has_resource_db_permission(self):
        resolver = WebhookPermissionsResolver()
        all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
            ResourceType.WEBHOOK)

        # Admin user, should always return true
        resource_db = self.resources['webhook_1']
        user_db = self.users['admin']
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with "webhook_send" grant on webhook_1
        user_db = self.users['custom_role_webhook_grant']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.WEBHOOK_SEND)

        permission_types = [
            PermissionType.WEBHOOK_CREATE,
            PermissionType.WEBHOOK_DELETE,
            PermissionType.WEBHOOK_ALL
        ]
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)
开发者ID:lyandut,项目名称:st2,代码行数:32,代码来源:test_rbac_resolvers_webhook.py

示例7: _user_has_list_permission

    def _user_has_list_permission(self, user_db, permission_type):
        """
        Common method for checking if a user has specific "list" resource permission (e.g.
        rules_list, action_list, etc.).
        """
        assert PermissionType.get_permission_name(permission_type) == 'list'

        log_context = {
            'user_db': user_db,
            'permission_type': permission_type,
            'resolver': self.__class__.__name__
        }
        self._log('Checking user permissions', extra=log_context)

        # First check the system role permissions
        has_system_role_permission = self._user_has_system_role_permission(
            user_db=user_db, permission_type=permission_type)

        if has_system_role_permission:
            self._log('Found a matching grant via system role', extra=log_context)
            return True

        # Check custom roles
        permission_types = [permission_type]

        # Check direct grants
        permission_grants = get_all_permission_grants_for_user(user_db=user_db,
                                                               permission_types=permission_types)
        if len(permission_grants) >= 1:
            self._log('Found a direct grant', extra=log_context)
            return True

        self._log('No matching grants found', extra=log_context)
        return False
开发者ID:hejin,项目名称:st2,代码行数:34,代码来源:resolvers.py

示例8: validate

    def validate(self):
        # Parent JSON schema validation
        cleaned = super(RoleDefinitionFileFormatAPI, self).validate()

        # Custom validation

        # Validate that only the correct permission types are used
        permission_grants = getattr(self, 'permission_grants', [])
        for permission_grant in permission_grants:
            resource_uid = permission_grant.get('resource_uid', None)
            permission_types = permission_grant.get('permission_types', [])

            if resource_uid:
                # Permission types which apply to a resource
                resource_type, _ = parse_uid(uid=resource_uid)
                valid_permission_types = PermissionType.get_valid_permissions_for_resource_type(
                    resource_type=resource_type)

                for permission_type in permission_types:
                    if permission_type not in valid_permission_types:
                        message = ('Invalid permission type "%s" for resource type "%s"' %
                                   (permission_type, resource_type))
                        raise ValueError(message)
            else:
                # Right now we only support single permission type (list) which is global and
                # doesn't apply to a resource
                for permission_type in permission_types:
                    if not permission_type.endswith('_list'):
                        message = ('Invalid permission type "%s". Only "list" permission types '
                                   'can be used without a resource id' % (permission_type))
                        raise ValueError(message)

            return cleaned
开发者ID:KenMercusLai,项目名称:st2,代码行数:33,代码来源:rbac.py

示例9: _get_all_permission_type_for_resource

 def _get_all_permission_type_for_resource(self, resource_db):
     """
     Retrieve "ALL" permission type for the provided resource.
     """
     resource_type = resource_db.get_resource_type()
     permission_type = PermissionType.get_permission_type(resource_type=resource_type,
                                                          permission_name='all')
     return permission_type
开发者ID:hejin,项目名称:st2,代码行数:8,代码来源:resolvers.py

示例10: get_resolver_for_permission_type

def get_resolver_for_permission_type(permission_type):
    """
    Return resolver instance for the provided permission type.

    :rtype: Instance of :class:`PermissionsResolver`
    """
    resource_type = PermissionType.get_resource_type(permission_type=permission_type)
    resolver_instance = get_resolver_for_resource_type(resource_type=resource_type)
    return resolver_instance
开发者ID:hejin,项目名称:st2,代码行数:9,代码来源:resolvers.py

示例11: test_user_has_resource_db_permission

    def test_user_has_resource_db_permission(self):
        resolver = RunnerPermissionsResolver()
        all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
            ResourceType.RUNNER)

        # Admin user, should always return true
        resource_db = self.resources['runner_1']
        user_db = self.users['admin']
        self.assertUserHasResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=all_permission_types)

        # Custom role with "runner_view" grant on runner_1
        resource_db = self.resources['runner_1']
        user_db = self.users['custom_role_runner_view_grant']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.RUNNER_VIEW)

        permission_types = [
            PermissionType.RUNNER_MODIFY,
            PermissionType.RUNNER_ALL
        ]
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)

        # Custom role with "runner_modify" grant on runner_2
        resource_db = self.resources['runner_2']
        user_db = self.users['custom_role_runner_modify_grant']
        self.assertUserHasResourceDbPermission(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_type=PermissionType.RUNNER_MODIFY)

        permission_types = [
            PermissionType.RUNNER_VIEW,
            PermissionType.RUNNER_ALL
        ]
        self.assertUserDoesntHaveResourceDbPermissions(
            resolver=resolver,
            user_db=user_db,
            resource_db=resource_db,
            permission_types=permission_types)
开发者ID:Bala96,项目名称:st2,代码行数:51,代码来源:test_rbac_resolvers_runner.py

示例12: _validate_permission_types

def _validate_permission_types(resource_db, permission_types):
    """
    Validate that the permission_types list only contains valid values for the
    provided resource.
    """
    resource_db = _validate_resource_type(resource_db=resource_db)
    resource_type = resource_db.get_resource_type()
    valid_permission_types = PermissionType.get_valid_permissions_for_resource_type(resource_type)

    for permission_type in permission_types:
        if permission_type not in valid_permission_types:
            raise ValueError("Invalid permission type: %s" % (permission_type))

    return permission_types
开发者ID:rlugojr,项目名称:st2,代码行数:14,代码来源:rbac.py

示例13: test_get_permission_name

 def test_get_permission_name(self):
     self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_LIST),
                      'list')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_CREATE),
                      'create')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_DELETE),
                      'delete')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_ALL),
                      'all')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.PACK_ALL),
                      'all')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.SENSOR_MODIFY),
                      'modify')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_EXECUTE),
                      'execute')
     self.assertEqual(PermissionType.get_permission_name(PermissionType.RULE_ENFORCEMENT_LIST),
                      'list')
开发者ID:lyandut,项目名称:st2,代码行数:17,代码来源:test_rbac_types.py

示例14: test_user_has_resource_db_permissions

    def test_user_has_resource_db_permissions(self):
        # Note: Right now we don't support granting permissions on key value items so we just check
        # that the method always returns True
        resolver = KeyValuePermissionsResolver()

        # No roles
        user_db = self.users['no_roles']
        resource_db = self.resources['kvp_1']

        permission_types = PermissionType.get_valid_permissions_for_resource_type(
            ResourceType.KEY_VALUE_PAIR)
        for permission_type in permission_types:
            self.assertTrue(resolver.user_has_resource_db_permission(
                user_db=user_db,
                resource_db=resource_db,
                permission_type=permission_type))
开发者ID:jspittman,项目名称:st2,代码行数:16,代码来源:test_rbac_resolvers_key_value_pair.py

示例15: _user_has_system_role_permission

    def _user_has_system_role_permission(self, user_db, permission_type):
        """
        Check the user system roles and return True if user has the required permission.

        :rtype: ``bool``
        """
        permission_name = PermissionType.get_permission_name(permission_type)

        user_role_dbs = get_roles_for_user(user_db=user_db)
        user_role_names = [role_db.name for role_db in user_role_dbs]

        if SystemRole.SYSTEM_ADMIN in user_role_names:
            # System admin has all the permissions
            return True
        elif SystemRole.ADMIN in user_role_names:
            # Admin has all the permissions
            return True
        elif SystemRole.OBSERVER in user_role_names and permission_name in READ_PERMISSION_NAMES:
            # Observer role has "view" permission on all the resources
            return True

        return False
开发者ID:hejin,项目名称:st2,代码行数:22,代码来源:resolvers.py


注:本文中的st2common.rbac.types.PermissionType类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。