archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Adding comments to hooks

Browse Source
This commit is contained in:
Francesco Siddi
2015-09-04 11:36:54 +02:00
parent 980837c166
commit 421a9938ab
1 changed files with 57 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
pillar/application/pre_hooks.py
View File

@@ -13,18 +13,18 @@ def permissions_lookup(action, lookup):
type_owner_permissions = g.get('type_owner_permissions') type_owner_permissions = g.get('type_owner_permissions')
node_types = [] node_types = []
# Get all node_types allowed by world: # Get all node_types allowed by world:
for per in type_world_permissions: for perm in type_world_permissions:
if action in type_world_permissions[per]: if action in type_world_permissions[perm]:
node_types.append(str(per)) node_types.append(str(perm))
# Get all nodes with node_type allowed by owner if user == owner # Get all nodes with node_type allowed by owner if user == owner
owner_lookup = [] owner_lookup = []
for per in type_owner_permissions: for perm in type_owner_permissions:
if action in type_owner_permissions[per]: if action in type_owner_permissions[perm]:
if action not in type_world_permissions[per]: if action not in type_world_permissions[perm]:
# If one of the following is true # If one of the following is true
# If node_type==node_type and user==user # If node_type==node_type and user==user
owner_lookup.append( owner_lookup.append(
{'$and': [{'node_type': str(per)}, {'$and': [{'node_type': str(perm)},
{'user': str(g.get('token_data')['user'])}]}) {'user': str(g.get('token_data')['user'])}]})
lookup['$or'] = [{'node_type': {'$in': node_types}}] lookup['$or'] = [{'node_type': {'$in': node_types}}]
if len(owner_lookup) > 0: if len(owner_lookup) > 0:
@@ -116,10 +116,15 @@ def compute_permissions(user, data_driver):
groups_permissions = [] groups_permissions = []
groups = data_driver.db['groups'] groups = data_driver.db['groups']
users = data_driver.db['users'] users = data_driver.db['users']
# The hardcoded owners group. In this group we define the default permission
# level that the user associated with a node has. These permissions can be
# overridden by custom group and world.
owner_group = groups.find_one({'name': 'owner'}) owner_group = groups.find_one({'name': 'owner'})
# The world group is always evaluated, especially when the user is not logged
# in.
world_group = groups.find_one({'name': 'world'}) world_group = groups.find_one({'name': 'world'})
user_data = users.find_one({'_id': ObjectId(user)}) user_data = users.find_one({'_id': ObjectId(user)})
# If is requesting a specific node # If we are requesting a specific node
try: try:
uuid = request.path.split("/")[2] uuid = request.path.split("/")[2]
nodes = data_driver.db['nodes'] nodes = data_driver.db['nodes']
@@ -128,9 +133,12 @@ def compute_permissions(user, data_driver):
except IndexError: except IndexError:
pass pass
if dbnode: if dbnode:
# If a node object is found, extract the node_type ObjectID
node_type = str(dbnode['node_type']) node_type = str(dbnode['node_type'])
# If we are creating a new node, we get the node_type ObjectID from the request
json_data = None json_data = None
# TODO(fsiddi): handle creation vs everything else in a more efficient way
try: try:
json_data = json.loads(request.data) json_data = json.loads(request.data)
except ValueError: except ValueError:
@@ -141,15 +149,17 @@ def compute_permissions(user, data_driver):
# Extract query lookup # Extract query lookup
# which node_type is asking for? # which node_type is asking for?
for arg in request.args: # TODO(fsiddi): It's not clear if this code is being used at all
if arg == 'where':
try: # for arg in request.args:
where = json.loads(request.args[arg]) # if arg == 'where':
except ValueError: # try:
raise # where = json.loads(request.args[arg])
if where.get('node_type'): # except ValueError:
node_type = where.get('node_type') # raise
break # if where.get('node_type'):
# node_type = where.get('node_type')
# break
# Get and store permissions for that node_type # Get and store permissions for that node_type
type_owner_permissions = {} type_owner_permissions = {}
@@ -157,33 +167,45 @@ def compute_permissions(user, data_driver):
type_groups_permissions = {} type_groups_permissions = {}
type_mixed_permissions = {} type_mixed_permissions = {}
for per in owner_group['permissions']: for perm in owner_group['permissions']:
type_owner_permissions[str(per['node_type'])] = per['permissions'] # Build the global type_owner_permission dictionary
if str(per['node_type']) == node_type: type_owner_permissions[str(perm['node_type'])] = perm['permissions']
owner_permissions = per['permissions'] if str(perm['node_type']) == node_type:
# If a node_type ObjectID matches the requested node_type, populate
# the actual owner permissions for the current user
owner_permissions = perm['permissions']
for per in world_group['permissions']: for perm in world_group['permissions']:
type_world_permissions[str(per['node_type'])] = per['permissions'] # Build the global type_owner_permission dictionary
if str(per['node_type']) == node_type: type_world_permissions[str(perm['node_type'])] = perm['permissions']
world_permissions = per['permissions'] if str(perm['node_type']) == node_type:
# If a node_type ObjectID matches the requested node_type, populate
# the actual world permissions in relation to the current user
world_permissions = perm['permissions']
# Adding empty permissions # Adding empty permissions
if str(per['node_type']) not in type_groups_permissions: if str(perm['node_type']) not in type_groups_permissions:
type_groups_permissions[str(per['node_type'])] = [] type_groups_permissions[str(perm['node_type'])] = []
# This dictionary will hold the combined permissions. Why?
type_mixed_permissions = type_world_permissions type_mixed_permissions = type_world_permissions
# Get group ObjectID associated with the requesting user
groups_data = user_data.get('groups') groups_data = user_data.get('groups')
if groups_data: if groups_data:
for group in groups_data: for group in groups_data:
group_data = groups.find_one({'_id': ObjectId(group)}) group_data = groups.find_one({'_id': ObjectId(group)})
for per in group_data['permissions']: for perm in group_data['permissions']:
type_groups_permissions[str(per['node_type'])] += \ # Populate the group permissions. This searches in the
per['permissions'] # type_groups_permissions dict, which is generated previously
type_mixed_permissions[str(per['node_type'])] += \ # using the world permissions. If a world permission is not
per['permissions'] # defined for a certain node type, this will fail.
if str(per['node_type']) == node_type: type_groups_permissions[str(perm['node_type'])] += \
groups_permissions = per['permissions'] perm['permissions']
type_mixed_permissions[str(perm['node_type'])] += \
perm['permissions']
if str(perm['node_type']) == node_type:
groups_permissions = perm['permissions']
return { return {
'owner_permissions': owner_permissions, 'owner_permissions': owner_permissions,
@@ -210,5 +232,4 @@ def check_permissions(user, data_driver):
setattr(g, 'groups_permissions', permissions['groups_permissions']) setattr(g, 'groups_permissions', permissions['groups_permissions'])
setattr(g, 'type_owner_permissions', permissions['type_owner_permissions']) setattr(g, 'type_owner_permissions', permissions['type_owner_permissions'])
setattr(g, 'type_world_permissions', permissions['type_world_permissions']) setattr(g, 'type_world_permissions', permissions['type_world_permissions'])
setattr(g, 'type_groups_permissions', setattr(g, 'type_groups_permissions', permissions['type_groups_permissions'])
permissions['type_groups_permissions'])