Use Pillar's new node_type_utils to set node type permissions.

This separates the mechanism of setting the policy from the actual policy itself.
2016-09-23 17:16:06 +02:00
parent 5c94fb5f9c
commit 56567532ff
1 changed files with 14 additions and 34 deletions
--- a/attract/setup.py
+++ b/attract/setup.py
@@ -6,12 +6,15 @@ for live/production situations.

 from __future__ import print_function, division

+import copy
 import logging

 from bson import ObjectId
 from eve.methods.put import put_internal
 from flask import current_app

+from pillar.api.utils import node_type_utils
+
 from . import EXTENSION_NAME

 log = logging.getLogger(__name__)
@@ -66,47 +69,24 @@ def setup_for_attract(project_url, replace=False, svn_url=None):

    from .node_types import NODE_TYPES, shot

-
    # Copy permissions from the project, then give everyone with PUT
    # access also DELETE access.
    project = _get_project(project_url)
-    permissions = {}

-    proj_perms = project['permissions']
-    for key in ('users', 'groups'):
-        perms = proj_perms[key]
-        singular = key.rstrip('s')
+    def permission_callback(node_type, ugw, ident, proj_methods):
+        if 'PUT' not in set(proj_methods):
+            return None

-        for perm in perms:
-            assert isinstance(perm, dict), 'perm should be dict, but is %r' % perm
-            id = perm[singular]  # group or user ID.
-            if 'PUT' not in set(perm['methods']):
-                continue
+        # TODO: we allow PATCH on shot node types, but that's not explicit in
+        # the permission system. Maybe we want to revisit that at some point.
+        # if node_type is shot.node_type_shot:
+        #     return ['DELETE', 'PATCH']

-            permissions.setdefault(key, []).append(
-                {singular: id,
-                 'methods': ['DELETE']}
-            )
+        return ['DELETE']

-    # Make a copy of the node types when setting the permissions, as
-    # we don't want to mutate the global node type objects.
-    node_types = (dict(permissions=permissions, **nt) for nt in NODE_TYPES)
-
-    # Add the missing node types.
-    for node_type in node_types:
-        found = [nt for nt in project['node_types']
-                 if nt['name'] == node_type['name']]
-        if found:
-            assert len(found) == 1, 'node type name should be unique (found %ix)' % len(found)
-
-            # TODO: validate that the node type contains all the properties Attract needs.
-            if replace:
-                log.info('Replacing existing node type %s', node_type['name'])
-                project['node_types'].remove(found[0])
-            else:
-                continue
-
-        project['node_types'].append(node_type)
+    # Add/replace our node types.
+    node_types = node_type_utils.assign_permissions(project, NODE_TYPES, permission_callback)
+    node_type_utils.add_to_project(project, node_types, replace_existing=replace)

    # Set default extension properties. Be careful not to overwrite any properties that
    # are already there.