Use Pillar's new node_type_utils to set node type permissions.
This separates the mechanism of setting the policy from the actual policy itself.
This commit is contained in:
@@ -6,12 +6,15 @@ for live/production situations.
|
|||||||
|
|
||||||
from __future__ import print_function, division
|
from __future__ import print_function, division
|
||||||
|
|
||||||
|
import copy
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from bson import ObjectId
|
from bson import ObjectId
|
||||||
from eve.methods.put import put_internal
|
from eve.methods.put import put_internal
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
|
||||||
|
from pillar.api.utils import node_type_utils
|
||||||
|
|
||||||
from . import EXTENSION_NAME
|
from . import EXTENSION_NAME
|
||||||
|
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
@@ -66,47 +69,24 @@ def setup_for_attract(project_url, replace=False, svn_url=None):
|
|||||||
|
|
||||||
from .node_types import NODE_TYPES, shot
|
from .node_types import NODE_TYPES, shot
|
||||||
|
|
||||||
|
|
||||||
# Copy permissions from the project, then give everyone with PUT
|
# Copy permissions from the project, then give everyone with PUT
|
||||||
# access also DELETE access.
|
# access also DELETE access.
|
||||||
project = _get_project(project_url)
|
project = _get_project(project_url)
|
||||||
permissions = {}
|
|
||||||
|
|
||||||
proj_perms = project['permissions']
|
def permission_callback(node_type, ugw, ident, proj_methods):
|
||||||
for key in ('users', 'groups'):
|
if 'PUT' not in set(proj_methods):
|
||||||
perms = proj_perms[key]
|
return None
|
||||||
singular = key.rstrip('s')
|
|
||||||
|
|
||||||
for perm in perms:
|
# TODO: we allow PATCH on shot node types, but that's not explicit in
|
||||||
assert isinstance(perm, dict), 'perm should be dict, but is %r' % perm
|
# the permission system. Maybe we want to revisit that at some point.
|
||||||
id = perm[singular] # group or user ID.
|
# if node_type is shot.node_type_shot:
|
||||||
if 'PUT' not in set(perm['methods']):
|
# return ['DELETE', 'PATCH']
|
||||||
continue
|
|
||||||
|
|
||||||
permissions.setdefault(key, []).append(
|
return ['DELETE']
|
||||||
{singular: id,
|
|
||||||
'methods': ['DELETE']}
|
|
||||||
)
|
|
||||||
|
|
||||||
# Make a copy of the node types when setting the permissions, as
|
# Add/replace our node types.
|
||||||
# we don't want to mutate the global node type objects.
|
node_types = node_type_utils.assign_permissions(project, NODE_TYPES, permission_callback)
|
||||||
node_types = (dict(permissions=permissions, **nt) for nt in NODE_TYPES)
|
node_type_utils.add_to_project(project, node_types, replace_existing=replace)
|
||||||
|
|
||||||
# Add the missing node types.
|
|
||||||
for node_type in node_types:
|
|
||||||
found = [nt for nt in project['node_types']
|
|
||||||
if nt['name'] == node_type['name']]
|
|
||||||
if found:
|
|
||||||
assert len(found) == 1, 'node type name should be unique (found %ix)' % len(found)
|
|
||||||
|
|
||||||
# TODO: validate that the node type contains all the properties Attract needs.
|
|
||||||
if replace:
|
|
||||||
log.info('Replacing existing node type %s', node_type['name'])
|
|
||||||
project['node_types'].remove(found[0])
|
|
||||||
else:
|
|
||||||
continue
|
|
||||||
|
|
||||||
project['node_types'].append(node_type)
|
|
||||||
|
|
||||||
# Set default extension properties. Be careful not to overwrite any properties that
|
# Set default extension properties. Be careful not to overwrite any properties that
|
||||||
# are already there.
|
# are already there.
|
||||||
|
|||||||
Reference in New Issue
Block a user