Revision 0f9d752c pithos/backends/lib/permissions.py
| b/pithos/backends/lib/permissions.py | ||
|---|---|---|
| 48 | 48 |
Public.__init__(self, **params) |
| 49 | 49 |
|
| 50 | 50 |
def access_grant(self, path, access, members=()): |
| 51 |
"""Grant members with access to path.""" |
|
| 51 |
"""Grant members with access to path. |
|
| 52 |
Members can also be '*' (all), |
|
| 53 |
or some group specified as 'owner:group'.""" |
|
| 52 | 54 |
|
| 55 |
if not members: |
|
| 56 |
return |
|
| 53 | 57 |
feature = self.xfeature_create(path) |
| 54 | 58 |
if feature is None: |
| 55 | 59 |
return |
| 56 | 60 |
self.feature_setmany(feature, access, members) |
| 57 | 61 |
|
| 58 |
def access_revoke_all(self, path): |
|
| 59 |
"""Revoke access to path.""" |
|
| 62 |
def access_set(self, path, permissions): |
|
| 63 |
"""Set permissions for path. The permissions dict |
|
| 64 |
maps 'read', 'write' keys to member lists.""" |
|
| 65 |
|
|
| 66 |
self.xfeature_destroy(path) |
|
| 67 |
self.access_grant(path, READ, permissions.get('read', []))
|
|
| 68 |
self.access_grant(path, WRITE, permissions.get('write', []))
|
|
| 69 |
|
|
| 70 |
def access_clear(self, path): |
|
| 71 |
"""Revoke access to path (both permissions and public).""" |
|
| 60 | 72 |
|
| 61 | 73 |
self.xfeature_destroy(path) |
| 74 |
self.public_unset(path) |
|
| 62 | 75 |
|
| 63 | 76 |
def access_check(self, path, access, member): |
| 64 | 77 |
"""Return true if the member has this access to the path.""" |
| ... | ... | |
| 85 | 98 |
if not r: |
| 86 | 99 |
return (path, {})
|
| 87 | 100 |
fpath, feature = r |
| 88 |
return (fpath, self.feature_dict(feature)) |
|
| 101 |
permissions = self.feature_dict(feature) |
|
| 102 |
if READ in permissions: |
|
| 103 |
permissions['read'] = permissions[READ] |
|
| 104 |
del(permissions[READ]) |
|
| 105 |
if WRITE in permissions: |
|
| 106 |
permissions['write'] = permissions[WRITE] |
|
| 107 |
del(permissions[WRITE]) |
|
| 108 |
return (fpath, permissions) |
|
| 89 | 109 |
|
| 90 | 110 |
def access_list(self, path): |
| 91 | 111 |
"""List all permission paths inherited by or inheriting from path.""" |
| ... | ... | |
| 97 | 117 |
|
| 98 | 118 |
q = ("select distinct path from xfeatures inner join "
|
| 99 | 119 |
" (select distinct feature_id, key from xfeaturevals inner join " |
| 100 |
" (select owner || ':' || name as value from members "
|
|
| 120 |
" (select owner || ':' || name as value from groups "
|
|
| 101 | 121 |
" where member = ? union select ?) " |
| 102 | 122 |
" using (value)) " |
| 103 | 123 |
"using (feature_id)") |
Also available in: Unified diff