本文整理汇总了Python中st2common.rbac.types.PermissionType类的典型用法代码示例。如果您正苦于以下问题:Python PermissionType类的具体用法?Python PermissionType怎么用?Python PermissionType使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了PermissionType类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
def main():
lines = []
lines.append(HEADER)
lines.append('')
for resource_type in RESOURCE_DISPLAY_ORDER:
resource_title = resource_type.replace('_', ' ').title() # pylint: disable=no-member
lines.append('%s' % (resource_title))
lines.append('~' * len(resource_title))
lines.append('')
permission_types = PermissionType.get_valid_permissions_for_resource_type(
resource_type=resource_type)
rows = []
rows.append(TABLE_HEADER)
for permission_type in permission_types:
description = PermissionType.get_permission_description(permission_type)
rows.append([permission_type, description])
table = as_rest_table(rows, full=True)
lines.extend(table.split('\n'))
lines.append('')
result = '\n'.join(lines)
with open(DESTINATION_PATH, 'w') as fp:
fp.write(result)
print('Generated: %s' % (DESTINATION_PATH))
return result
示例2: main
def main():
lines = []
lines.append(HEADER)
lines.append("")
for resource_type in RESOURCE_DISPLAY_ORDER:
resource_title = resource_type.replace("_", " ").title() # pylint: disable=no-member
lines.append("%s" % (resource_title))
lines.append("~" * len(resource_title))
lines.append("")
permission_types = PermissionType.get_valid_permissions_for_resource_type(resource_type=resource_type)
rows = []
rows.append(TABLE_HEADER)
for permission_type in permission_types:
description = PermissionType.get_permission_description(permission_type)
rows.append(["**%s**" % (permission_type), description])
table = as_rest_table(rows, full=True)
lines.extend(table.split("\n"))
lines.append("")
result = "\n".join(lines)
with open(DESTINATION_PATH, "w") as fp:
fp.write(result)
print("Generated: %s" % (DESTINATION_PATH))
return result
示例3: _user_has_resource_permission
def _user_has_resource_permission(self, user_db, pack_uid, resource_uid, permission_type):
log_context = {
'user_db': user_db,
'pack_uid': pack_uid,
'resource_uid': resource_uid,
'resource_type': self.resource_type,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user resource permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role', extra=log_context)
return True
# Check custom roles
view_permission_type = PermissionType.get_permission_type(resource_type=self.resource_type,
permission_name='view')
all_permission_type = PermissionType.get_permission_type(resource_type=self.resource_type,
permission_name='all')
if permission_type == view_permission_type:
# Note: Some permissions such as "create", "modify", "delete" and "execute" also
# grant / imply "view" permission
permission_types = self.view_grant_permission_types[:] + [permission_type]
elif permission_type not in all_permission_type:
permission_types = [all_permission_type, permission_type]
else:
permission_types = [permission_type]
# Check direct grants on the specified resource
resource_types = [self.resource_type]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=resource_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a direct grant on the action', extra=log_context)
return True
# Check grants on the parent pack
resource_types = [ResourceType.PACK]
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
resource_uid=pack_uid,
resource_types=resource_types,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a grant on the action parent pack', extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
示例4: test_get_permission_type
def test_get_permission_type(self):
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
permission_name='view'),
PermissionType.ACTION_VIEW)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
permission_name='all'),
PermissionType.ACTION_ALL)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.ACTION,
permission_name='execute'),
PermissionType.ACTION_EXECUTE)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.RULE,
permission_name='view'),
PermissionType.RULE_VIEW)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.RULE,
permission_name='delete'),
PermissionType.RULE_DELETE)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
permission_name='view'),
PermissionType.SENSOR_VIEW)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
permission_name='all'),
PermissionType.SENSOR_ALL)
self.assertEqual(PermissionType.get_permission_type(resource_type=ResourceType.SENSOR,
permission_name='modify'),
PermissionType.SENSOR_MODIFY)
self.assertEqual(
PermissionType.get_permission_type(resource_type=ResourceType.RULE_ENFORCEMENT,
permission_name='view'),
PermissionType.RULE_ENFORCEMENT_VIEW)
示例5: test_get_valid_permission_for_resource_type
def test_get_valid_permission_for_resource_type(self):
valid_action_permissions = PermissionType.get_valid_permissions_for_resource_type(
resource_type=ResourceType.ACTION
)
for name in valid_action_permissions:
self.assertTrue(name.startswith(ResourceType.ACTION + "_"))
valid_rule_permissions = PermissionType.get_valid_permissions_for_resource_type(resource_type=ResourceType.RULE)
for name in valid_rule_permissions:
self.assertTrue(name.startswith(ResourceType.RULE + "_"))
示例6: test_user_has_resource_db_permission
def test_user_has_resource_db_permission(self):
resolver = WebhookPermissionsResolver()
all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
ResourceType.WEBHOOK)
# Admin user, should always return true
resource_db = self.resources['webhook_1']
user_db = self.users['admin']
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with "webhook_send" grant on webhook_1
user_db = self.users['custom_role_webhook_grant']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.WEBHOOK_SEND)
permission_types = [
PermissionType.WEBHOOK_CREATE,
PermissionType.WEBHOOK_DELETE,
PermissionType.WEBHOOK_ALL
]
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
示例7: _user_has_list_permission
def _user_has_list_permission(self, user_db, permission_type):
"""
Common method for checking if a user has specific "list" resource permission (e.g.
rules_list, action_list, etc.).
"""
assert PermissionType.get_permission_name(permission_type) == 'list'
log_context = {
'user_db': user_db,
'permission_type': permission_type,
'resolver': self.__class__.__name__
}
self._log('Checking user permissions', extra=log_context)
# First check the system role permissions
has_system_role_permission = self._user_has_system_role_permission(
user_db=user_db, permission_type=permission_type)
if has_system_role_permission:
self._log('Found a matching grant via system role', extra=log_context)
return True
# Check custom roles
permission_types = [permission_type]
# Check direct grants
permission_grants = get_all_permission_grants_for_user(user_db=user_db,
permission_types=permission_types)
if len(permission_grants) >= 1:
self._log('Found a direct grant', extra=log_context)
return True
self._log('No matching grants found', extra=log_context)
return False
示例8: validate
def validate(self):
# Parent JSON schema validation
cleaned = super(RoleDefinitionFileFormatAPI, self).validate()
# Custom validation
# Validate that only the correct permission types are used
permission_grants = getattr(self, 'permission_grants', [])
for permission_grant in permission_grants:
resource_uid = permission_grant.get('resource_uid', None)
permission_types = permission_grant.get('permission_types', [])
if resource_uid:
# Permission types which apply to a resource
resource_type, _ = parse_uid(uid=resource_uid)
valid_permission_types = PermissionType.get_valid_permissions_for_resource_type(
resource_type=resource_type)
for permission_type in permission_types:
if permission_type not in valid_permission_types:
message = ('Invalid permission type "%s" for resource type "%s"' %
(permission_type, resource_type))
raise ValueError(message)
else:
# Right now we only support single permission type (list) which is global and
# doesn't apply to a resource
for permission_type in permission_types:
if not permission_type.endswith('_list'):
message = ('Invalid permission type "%s". Only "list" permission types '
'can be used without a resource id' % (permission_type))
raise ValueError(message)
return cleaned
示例9: _get_all_permission_type_for_resource
def _get_all_permission_type_for_resource(self, resource_db):
"""
Retrieve "ALL" permission type for the provided resource.
"""
resource_type = resource_db.get_resource_type()
permission_type = PermissionType.get_permission_type(resource_type=resource_type,
permission_name='all')
return permission_type
示例10: get_resolver_for_permission_type
def get_resolver_for_permission_type(permission_type):
"""
Return resolver instance for the provided permission type.
:rtype: Instance of :class:`PermissionsResolver`
"""
resource_type = PermissionType.get_resource_type(permission_type=permission_type)
resolver_instance = get_resolver_for_resource_type(resource_type=resource_type)
return resolver_instance
示例11: test_user_has_resource_db_permission
def test_user_has_resource_db_permission(self):
resolver = RunnerPermissionsResolver()
all_permission_types = PermissionType.get_valid_permissions_for_resource_type(
ResourceType.RUNNER)
# Admin user, should always return true
resource_db = self.resources['runner_1']
user_db = self.users['admin']
self.assertUserHasResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=all_permission_types)
# Custom role with "runner_view" grant on runner_1
resource_db = self.resources['runner_1']
user_db = self.users['custom_role_runner_view_grant']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.RUNNER_VIEW)
permission_types = [
PermissionType.RUNNER_MODIFY,
PermissionType.RUNNER_ALL
]
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
# Custom role with "runner_modify" grant on runner_2
resource_db = self.resources['runner_2']
user_db = self.users['custom_role_runner_modify_grant']
self.assertUserHasResourceDbPermission(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_type=PermissionType.RUNNER_MODIFY)
permission_types = [
PermissionType.RUNNER_VIEW,
PermissionType.RUNNER_ALL
]
self.assertUserDoesntHaveResourceDbPermissions(
resolver=resolver,
user_db=user_db,
resource_db=resource_db,
permission_types=permission_types)
示例12: _validate_permission_types
def _validate_permission_types(resource_db, permission_types):
"""
Validate that the permission_types list only contains valid values for the
provided resource.
"""
resource_db = _validate_resource_type(resource_db=resource_db)
resource_type = resource_db.get_resource_type()
valid_permission_types = PermissionType.get_valid_permissions_for_resource_type(resource_type)
for permission_type in permission_types:
if permission_type not in valid_permission_types:
raise ValueError("Invalid permission type: %s" % (permission_type))
return permission_types
示例13: test_get_permission_name
def test_get_permission_name(self):
self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_LIST),
'list')
self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_CREATE),
'create')
self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_DELETE),
'delete')
self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_ALL),
'all')
self.assertEqual(PermissionType.get_permission_name(PermissionType.PACK_ALL),
'all')
self.assertEqual(PermissionType.get_permission_name(PermissionType.SENSOR_MODIFY),
'modify')
self.assertEqual(PermissionType.get_permission_name(PermissionType.ACTION_EXECUTE),
'execute')
self.assertEqual(PermissionType.get_permission_name(PermissionType.RULE_ENFORCEMENT_LIST),
'list')
示例14: test_user_has_resource_db_permissions
def test_user_has_resource_db_permissions(self):
# Note: Right now we don't support granting permissions on key value items so we just check
# that the method always returns True
resolver = KeyValuePermissionsResolver()
# No roles
user_db = self.users['no_roles']
resource_db = self.resources['kvp_1']
permission_types = PermissionType.get_valid_permissions_for_resource_type(
ResourceType.KEY_VALUE_PAIR)
for permission_type in permission_types:
self.assertTrue(resolver.user_has_resource_db_permission(
user_db=user_db,
resource_db=resource_db,
permission_type=permission_type))
示例15: _user_has_system_role_permission
def _user_has_system_role_permission(self, user_db, permission_type):
"""
Check the user system roles and return True if user has the required permission.
:rtype: ``bool``
"""
permission_name = PermissionType.get_permission_name(permission_type)
user_role_dbs = get_roles_for_user(user_db=user_db)
user_role_names = [role_db.name for role_db in user_role_dbs]
if SystemRole.SYSTEM_ADMIN in user_role_names:
# System admin has all the permissions
return True
elif SystemRole.ADMIN in user_role_names:
# Admin has all the permissions
return True
elif SystemRole.OBSERVER in user_role_names and permission_name in READ_PERMISSION_NAMES:
# Observer role has "view" permission on all the resources
return True
return False