Revision 18d46d23
| b/snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py | ||
|---|---|---|
| 31 | 31 |
# interpreted as representing official policies, either expressed |
| 32 | 32 |
# or implied, of GRNET S.A. |
| 33 | 33 |
|
| 34 |
from sqlalchemy.sql import select, literal |
|
| 34 |
from sqlalchemy.sql import select, literal, or_
|
|
| 35 | 35 |
from sqlalchemy.sql.expression import join, union |
| 36 | 36 |
|
| 37 | 37 |
from xfeatures import XFeatures |
| 38 | 38 |
from groups import Groups |
| 39 | 39 |
from public import Public |
| 40 |
from node import Node |
|
| 40 | 41 |
|
| 41 | 42 |
from dbworker import ESCAPE_CHAR |
| 42 | 43 |
|
| ... | ... | |
| 45 | 46 |
WRITE = 1 |
| 46 | 47 |
|
| 47 | 48 |
|
| 48 |
class Permissions(XFeatures, Groups, Public): |
|
| 49 |
class Permissions(XFeatures, Groups, Public, Node):
|
|
| 49 | 50 |
|
| 50 | 51 |
def __init__(self, **params): |
| 51 | 52 |
XFeatures.__init__(self, **params) |
| 52 | 53 |
Groups.__init__(self, **params) |
| 53 | 54 |
Public.__init__(self, **params) |
| 55 |
Node.__init__(self, **params) |
|
| 54 | 56 |
|
| 55 | 57 |
def access_grant(self, path, access, members=()): |
| 56 | 58 |
"""Grant members with access to path. |
| ... | ... | |
| 156 | 158 |
valid.append(subp + '/') |
| 157 | 159 |
return [x for x in valid if self.xfeature_get(x)] |
| 158 | 160 |
|
| 159 |
def access_list_paths(self, member, prefix=None): |
|
| 160 |
"""Return the list of paths granted to member.""" |
|
| 161 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
|
| 162 |
include_containers=True): |
|
| 163 |
"""Return the list of paths granted to member. |
|
| 164 |
|
|
| 165 |
Keyword arguments: |
|
| 166 |
prefix -- return only paths starting with prefix (default None) |
|
| 167 |
include_owned -- return also paths owned by member (default False) |
|
| 168 |
include_containers -- return also container paths owned by member |
|
| 169 |
(default True) |
|
| 170 |
|
|
| 171 |
""" |
|
| 161 | 172 |
|
| 162 | 173 |
xfeatures_xfeaturevals = self.xfeatures.join(self.xfeaturevals) |
| 163 | 174 |
|
| ... | ... | |
| 179 | 190 |
r = self.conn.execute(s) |
| 180 | 191 |
l = [row[0] for row in r.fetchall()] |
| 181 | 192 |
r.close() |
| 193 |
|
|
| 194 |
if include_owned: |
|
| 195 |
container_nodes = select( |
|
| 196 |
[self.nodes.c.node], |
|
| 197 |
self.nodes.c.parent == self.node_lookup(member)) |
|
| 198 |
condition = self.nodes.c.parent.in_(container_nodes) |
|
| 199 |
if include_containers: |
|
| 200 |
condition = or_(condition, |
|
| 201 |
self.nodes.c.node.in_(container_nodes)) |
|
| 202 |
s = select([self.nodes.c.path], condition) |
|
| 203 |
r = self.conn.execute(s) |
|
| 204 |
l += [row[0] for row in r.fetchall() if row[0] not in l] |
|
| 205 |
r.close() |
|
| 182 | 206 |
return l |
| 183 | 207 |
|
| 184 | 208 |
def access_list_shared(self, prefix=''): |
| b/snf-pithos-backend/pithos/backends/lib/sqlite/permissions.py | ||
|---|---|---|
| 34 | 34 |
from xfeatures import XFeatures |
| 35 | 35 |
from groups import Groups |
| 36 | 36 |
from public import Public |
| 37 |
from node import Node |
|
| 37 | 38 |
|
| 38 | 39 |
|
| 39 | 40 |
READ = 0 |
| 40 | 41 |
WRITE = 1 |
| 41 | 42 |
|
| 42 | 43 |
|
| 43 |
class Permissions(XFeatures, Groups, Public): |
|
| 44 |
class Permissions(XFeatures, Groups, Public, Node):
|
|
| 44 | 45 |
|
| 45 | 46 |
def __init__(self, **params): |
| 46 | 47 |
XFeatures.__init__(self, **params) |
| 47 | 48 |
Groups.__init__(self, **params) |
| 48 | 49 |
Public.__init__(self, **params) |
| 50 |
Node.__init__(self, **params) |
|
| 49 | 51 |
|
| 50 | 52 |
def access_grant(self, path, access, members=()): |
| 51 | 53 |
"""Grant members with access to path. |
| ... | ... | |
| 151 | 153 |
valid.append(subp + '/') |
| 152 | 154 |
return [x for x in valid if self.xfeature_get(x)] |
| 153 | 155 |
|
| 154 |
def access_list_paths(self, member, prefix=None): |
|
| 155 |
"""Return the list of paths granted to member.""" |
|
| 156 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
|
| 157 |
include_containers=True): |
|
| 158 |
"""Return the list of paths granted to member. |
|
| 159 |
|
|
| 160 |
Keyword arguments: |
|
| 161 |
prefix -- return only paths starting with prefix (default None) |
|
| 162 |
include_owned -- return also paths owned by member (default False) |
|
| 163 |
include_containers -- return also container paths owned by member |
|
| 164 |
(default True) |
|
| 165 |
|
|
| 166 |
""" |
|
| 156 | 167 |
|
| 157 | 168 |
q = ("select distinct path from xfeatures inner join "
|
| 158 | 169 |
" (select distinct feature_id, key from xfeaturevals inner join " |
| ... | ... | |
| 165 | 176 |
q += " where path like ? escape '\\'" |
| 166 | 177 |
p += (self.escape_like(prefix) + '%',) |
| 167 | 178 |
self.execute(q, p) |
| 168 |
return [r[0] for r in self.fetchall()] |
|
| 179 |
|
|
| 180 |
l = [r[0] for r in self.fetchall()] |
|
| 181 |
if include_owned: |
|
| 182 |
node = self.node_lookup(member) |
|
| 183 |
select_containers = "select node from nodes where parent = ? " |
|
| 184 |
q = ("select path from nodes where parent in (%s) " %
|
|
| 185 |
select_containers) |
|
| 186 |
args = [node] |
|
| 187 |
if include_containers: |
|
| 188 |
q += ("or node in (%s)" % select_containers)
|
|
| 189 |
args += [node] |
|
| 190 |
self.execute(q, args) |
|
| 191 |
l += [r[0] for r in self.fetchall() if r[0] not in l] |
|
| 192 |
return l |
|
| 169 | 193 |
|
| 170 | 194 |
def access_list_shared(self, prefix=''): |
| 171 | 195 |
"""Return the list of shared paths.""" |
| b/snf-pithos-backend/pithos/backends/modular.py | ||
|---|---|---|
| 1596 | 1596 |
|
| 1597 | 1597 |
@backend_method |
| 1598 | 1598 |
def get_domain_objects(self, domain, user=None): |
| 1599 |
allowed_paths = self.permissions.access_list_paths(user) |
|
| 1599 |
allowed_paths = self.permissions.access_list_paths( |
|
| 1600 |
user, include_owned=user is not None, include_containers=False) |
|
| 1600 | 1601 |
if not allowed_paths: |
| 1601 | 1602 |
return [] |
| 1602 | 1603 |
obj_list = self.node.domain_object_list( |
Also available in: Unified diff