From 80711800deda1bea4f417a18dcd1e296efc37758 Mon Sep 17 00:00:00 2001 From: Eibriel Date: Tue, 19 May 2015 12:49:09 -0300 Subject: [PATCH] Fixing type_groups_permissions --- attract/application/__init__.py | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/attract/application/__init__.py b/attract/application/__init__.py index 14eede9a..e84955df 100644 --- a/attract/application/__init__.py +++ b/attract/application/__init__.py @@ -182,6 +182,7 @@ def pre_POST(request): global_validation() # print ("Post") # print ("World: {0}".format(g.get('world_permissions'))) + # print ("Group: {0}".format(g.get('groups_permissions'))) action = 'POST' print (g.get('type_groups_permissions')) # Is quering for one specific node @@ -195,9 +196,11 @@ def pre_DELETE(request, lookup): global_validation() type_world_permissions = g.get('type_world_permissions') type_owner_permissions = g.get('type_owner_permissions') + type_groups_permissions = g.get('type_groups_permissions') # print ("Delete") - # print ("Owner: {0}".format(type_owner_permissions)) - # print ("World: {0}".format(type_world_permissions)) + print ("Owner: {0}".format(type_owner_permissions)) + print ("World: {0}".format(type_world_permissions)) + print ("Groups: {0}".format(type_groups_permissions)) action = 'DELETE' if '_id' in lookup: @@ -210,7 +213,7 @@ def pre_DELETE(request, lookup): else: owner = False if action not in type_world_permissions[node_type] and \ - action not in g.get('groups_permissions'): + action not in type_groups_permissions[node_type]: if action not in type_owner_permissions[node_type]: print ("Abort1") abort(403) @@ -228,6 +231,7 @@ def check_permissions(user): dbnode = None owner_permissions = [] world_permissions = [] + groups_permissions = [] groups = app.data.driver.db['groups'] users = app.data.driver.db['users'] owner_group = groups.find_one({'name': 'owner'}) @@ -248,7 +252,11 @@ def check_permissions(user): if dbnode: node_type = str(dbnode['node_type']) - json_data = json.loads(request.data) + json_data = None + try: + json_data = json.loads(request.data) + except ValueError: + pass if not node_type and json_data: if 'node_type' in json_data: node_type = json_data['node_type'] @@ -268,7 +276,7 @@ def check_permissions(user): # Get and store permissions for that node_type type_owner_permissions = {} type_world_permissions = {} - groups_permissions = [] + type_groups_permissions = {} for per in owner_group['permissions']: type_owner_permissions[per['node_type']] = per['permissions'] @@ -280,19 +288,27 @@ def check_permissions(user): if str(per['node_type']) == node_type: world_permissions = per['permissions'] + # Adding empty permissions + if per['node_type'] not in type_groups_permissions: + type_groups_permissions[per['node_type']] = [] + groups_data = user_data.get('groups') if groups_data: for group in groups_data: group_data = groups.find_one({'_id': ObjectId(group)}) for per in group_data['permissions']: - groups_permissions += per['permissions'] + type_groups_permissions[per['node_type']] += \ + per['permissions'] + if str(per['node_type']) == node_type: + groups_permissions = per['permissions'] # Store permission properties on global setattr(g, 'owner_permissions', owner_permissions) setattr(g, 'world_permissions', world_permissions) - setattr(g, 'type_world_permissions', type_world_permissions) - setattr(g, 'type_owner_permissions', type_owner_permissions) setattr(g, 'groups_permissions', groups_permissions) + setattr(g, 'type_owner_permissions', type_owner_permissions) + setattr(g, 'type_world_permissions', type_world_permissions) + setattr(g, 'type_groups_permissions', type_groups_permissions) class TokensAuth(TokenAuth):