Revision cf341da4 pithos/backends/lib/sqlalchemy/permissions.py
| b/pithos/backends/lib/sqlalchemy/permissions.py | ||
|---|---|---|
| 58 | 58 |
if not members: |
| 59 | 59 |
return |
| 60 | 60 |
feature = self.xfeature_create(path) |
| 61 |
if feature is None: |
|
| 62 |
return |
|
| 63 | 61 |
self.feature_setmany(feature, access, members) |
| 64 | 62 |
|
| 65 | 63 |
def access_set(self, path, permissions): |
| 66 | 64 |
"""Set permissions for path. The permissions dict |
| 67 | 65 |
maps 'read', 'write' keys to member lists.""" |
| 68 | 66 |
|
| 69 |
self.xfeature_destroy(path) |
|
| 70 |
self.access_grant(path, READ, permissions.get('read', []))
|
|
| 71 |
self.access_grant(path, WRITE, permissions.get('write', []))
|
|
| 67 |
r = permissions.get('read', [])
|
|
| 68 |
w = permissions.get('write', [])
|
|
| 69 |
if not r and not w: |
|
| 70 |
self.xfeature_destroy(path) |
|
| 71 |
return |
|
| 72 |
feature = self.xfeature_create(path) |
|
| 73 |
if r: |
|
| 74 |
self.feature_clear(feature, READ) |
|
| 75 |
self.feature_setmany(feature, READ, r) |
|
| 76 |
if w: |
|
| 77 |
self.feature_clear(feature, WRITE) |
|
| 78 |
self.feature_setmany(feature, WRITE, w) |
|
| 79 |
|
|
| 80 |
def access_get(self, path): |
|
| 81 |
"""Get permissions for path.""" |
|
| 82 |
|
|
| 83 |
feature = self.xfeature_get(path) |
|
| 84 |
if not feature: |
|
| 85 |
return {}
|
|
| 86 |
permissions = self.feature_dict(feature) |
|
| 87 |
if READ in permissions: |
|
| 88 |
permissions['read'] = permissions[READ] |
|
| 89 |
del(permissions[READ]) |
|
| 90 |
if WRITE in permissions: |
|
| 91 |
permissions['write'] = permissions[WRITE] |
|
| 92 |
del(permissions[WRITE]) |
|
| 93 |
return permissions |
|
| 72 | 94 |
|
| 73 | 95 |
def access_clear(self, path): |
| 74 | 96 |
"""Revoke access to path (both permissions and public).""" |
| ... | ... | |
| 79 | 101 |
def access_check(self, path, access, member): |
| 80 | 102 |
"""Return true if the member has this access to the path.""" |
| 81 | 103 |
|
| 82 |
if access == READ and self.public_get(path) is not None: |
|
| 83 |
return True |
|
| 84 |
|
|
| 85 |
r = self.xfeature_inherit(path) |
|
| 86 |
if not r: |
|
| 104 |
feature = self.xfeature_get(path) |
|
| 105 |
if not feature: |
|
| 87 | 106 |
return False |
| 88 |
fpath, feature = r |
|
| 89 | 107 |
members = self.feature_get(feature, access) |
| 90 | 108 |
if member in members or '*' in members: |
| 91 | 109 |
return True |
| ... | ... | |
| 95 | 113 |
return False |
| 96 | 114 |
|
| 97 | 115 |
def access_inherit(self, path): |
| 98 |
"""Return the inherited or assigned (path, permissions) pair for path."""
|
|
| 116 |
"""Return the paths influencing the access for path."""
|
|
| 99 | 117 |
|
| 100 | 118 |
r = self.xfeature_inherit(path) |
| 101 | 119 |
if not r: |
| 102 |
return (path, {})
|
|
| 103 |
fpath, feature = r |
|
| 104 |
permissions = self.feature_dict(feature) |
|
| 105 |
if READ in permissions: |
|
| 106 |
permissions['read'] = permissions[READ] |
|
| 107 |
del(permissions[READ]) |
|
| 108 |
if WRITE in permissions: |
|
| 109 |
permissions['write'] = permissions[WRITE] |
|
| 110 |
del(permissions[WRITE]) |
|
| 111 |
return (fpath, permissions) |
|
| 112 |
|
|
| 113 |
def access_list(self, path): |
|
| 114 |
"""List all permission paths inherited by or inheriting from path.""" |
|
| 120 |
return [] |
|
| 115 | 121 |
|
| 116 |
return [x[0] for x in self.xfeature_list(path) if x[0] != path] |
|
| 122 |
# Only keep path components. |
|
| 123 |
parts = path.rstrip('/').split('/')
|
|
| 124 |
valid = [] |
|
| 125 |
for i in range(1, len(parts)): |
|
| 126 |
subp = '/'.join(parts[:i + 1]) |
|
| 127 |
valid.append(subp) |
|
| 128 |
valid.append(subp + '/') |
|
| 129 |
return [x[0] for x in r if x[0] in valid] |
|
| 117 | 130 |
|
| 118 | 131 |
def access_list_paths(self, member, prefix=None): |
| 119 | 132 |
"""Return the list of paths granted to member.""" |
Also available in: Unified diff