Revision 18d46d23
b/snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py | ||
---|---|---|
31 | 31 |
# interpreted as representing official policies, either expressed |
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 |
from sqlalchemy.sql import select, literal |
|
34 |
from sqlalchemy.sql import select, literal, or_
|
|
35 | 35 |
from sqlalchemy.sql.expression import join, union |
36 | 36 |
|
37 | 37 |
from xfeatures import XFeatures |
38 | 38 |
from groups import Groups |
39 | 39 |
from public import Public |
40 |
from node import Node |
|
40 | 41 |
|
41 | 42 |
from dbworker import ESCAPE_CHAR |
42 | 43 |
|
... | ... | |
45 | 46 |
WRITE = 1 |
46 | 47 |
|
47 | 48 |
|
48 |
class Permissions(XFeatures, Groups, Public): |
|
49 |
class Permissions(XFeatures, Groups, Public, Node):
|
|
49 | 50 |
|
50 | 51 |
def __init__(self, **params): |
51 | 52 |
XFeatures.__init__(self, **params) |
52 | 53 |
Groups.__init__(self, **params) |
53 | 54 |
Public.__init__(self, **params) |
55 |
Node.__init__(self, **params) |
|
54 | 56 |
|
55 | 57 |
def access_grant(self, path, access, members=()): |
56 | 58 |
"""Grant members with access to path. |
... | ... | |
156 | 158 |
valid.append(subp + '/') |
157 | 159 |
return [x for x in valid if self.xfeature_get(x)] |
158 | 160 |
|
159 |
def access_list_paths(self, member, prefix=None): |
|
160 |
"""Return the list of paths granted to member.""" |
|
161 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
|
162 |
include_containers=True): |
|
163 |
"""Return the list of paths granted to member. |
|
164 |
|
|
165 |
Keyword arguments: |
|
166 |
prefix -- return only paths starting with prefix (default None) |
|
167 |
include_owned -- return also paths owned by member (default False) |
|
168 |
include_containers -- return also container paths owned by member |
|
169 |
(default True) |
|
170 |
|
|
171 |
""" |
|
161 | 172 |
|
162 | 173 |
xfeatures_xfeaturevals = self.xfeatures.join(self.xfeaturevals) |
163 | 174 |
|
... | ... | |
179 | 190 |
r = self.conn.execute(s) |
180 | 191 |
l = [row[0] for row in r.fetchall()] |
181 | 192 |
r.close() |
193 |
|
|
194 |
if include_owned: |
|
195 |
container_nodes = select( |
|
196 |
[self.nodes.c.node], |
|
197 |
self.nodes.c.parent == self.node_lookup(member)) |
|
198 |
condition = self.nodes.c.parent.in_(container_nodes) |
|
199 |
if include_containers: |
|
200 |
condition = or_(condition, |
|
201 |
self.nodes.c.node.in_(container_nodes)) |
|
202 |
s = select([self.nodes.c.path], condition) |
|
203 |
r = self.conn.execute(s) |
|
204 |
l += [row[0] for row in r.fetchall() if row[0] not in l] |
|
205 |
r.close() |
|
182 | 206 |
return l |
183 | 207 |
|
184 | 208 |
def access_list_shared(self, prefix=''): |
b/snf-pithos-backend/pithos/backends/lib/sqlite/permissions.py | ||
---|---|---|
34 | 34 |
from xfeatures import XFeatures |
35 | 35 |
from groups import Groups |
36 | 36 |
from public import Public |
37 |
from node import Node |
|
37 | 38 |
|
38 | 39 |
|
39 | 40 |
READ = 0 |
40 | 41 |
WRITE = 1 |
41 | 42 |
|
42 | 43 |
|
43 |
class Permissions(XFeatures, Groups, Public): |
|
44 |
class Permissions(XFeatures, Groups, Public, Node):
|
|
44 | 45 |
|
45 | 46 |
def __init__(self, **params): |
46 | 47 |
XFeatures.__init__(self, **params) |
47 | 48 |
Groups.__init__(self, **params) |
48 | 49 |
Public.__init__(self, **params) |
50 |
Node.__init__(self, **params) |
|
49 | 51 |
|
50 | 52 |
def access_grant(self, path, access, members=()): |
51 | 53 |
"""Grant members with access to path. |
... | ... | |
151 | 153 |
valid.append(subp + '/') |
152 | 154 |
return [x for x in valid if self.xfeature_get(x)] |
153 | 155 |
|
154 |
def access_list_paths(self, member, prefix=None): |
|
155 |
"""Return the list of paths granted to member.""" |
|
156 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
|
157 |
include_containers=True): |
|
158 |
"""Return the list of paths granted to member. |
|
159 |
|
|
160 |
Keyword arguments: |
|
161 |
prefix -- return only paths starting with prefix (default None) |
|
162 |
include_owned -- return also paths owned by member (default False) |
|
163 |
include_containers -- return also container paths owned by member |
|
164 |
(default True) |
|
165 |
|
|
166 |
""" |
|
156 | 167 |
|
157 | 168 |
q = ("select distinct path from xfeatures inner join " |
158 | 169 |
" (select distinct feature_id, key from xfeaturevals inner join " |
... | ... | |
165 | 176 |
q += " where path like ? escape '\\'" |
166 | 177 |
p += (self.escape_like(prefix) + '%',) |
167 | 178 |
self.execute(q, p) |
168 |
return [r[0] for r in self.fetchall()] |
|
179 |
|
|
180 |
l = [r[0] for r in self.fetchall()] |
|
181 |
if include_owned: |
|
182 |
node = self.node_lookup(member) |
|
183 |
select_containers = "select node from nodes where parent = ? " |
|
184 |
q = ("select path from nodes where parent in (%s) " % |
|
185 |
select_containers) |
|
186 |
args = [node] |
|
187 |
if include_containers: |
|
188 |
q += ("or node in (%s)" % select_containers) |
|
189 |
args += [node] |
|
190 |
self.execute(q, args) |
|
191 |
l += [r[0] for r in self.fetchall() if r[0] not in l] |
|
192 |
return l |
|
169 | 193 |
|
170 | 194 |
def access_list_shared(self, prefix=''): |
171 | 195 |
"""Return the list of shared paths.""" |
b/snf-pithos-backend/pithos/backends/modular.py | ||
---|---|---|
1596 | 1596 |
|
1597 | 1597 |
@backend_method |
1598 | 1598 |
def get_domain_objects(self, domain, user=None): |
1599 |
allowed_paths = self.permissions.access_list_paths(user) |
|
1599 |
allowed_paths = self.permissions.access_list_paths( |
|
1600 |
user, include_owned=user is not None, include_containers=False) |
|
1600 | 1601 |
if not allowed_paths: |
1601 | 1602 |
return [] |
1602 | 1603 |
obj_list = self.node.domain_object_list( |
Also available in: Unified diff