Revision cf341da4 pithos/backends/lib/sqlalchemy/permissions.py
b/pithos/backends/lib/sqlalchemy/permissions.py | ||
---|---|---|
58 | 58 |
if not members: |
59 | 59 |
return |
60 | 60 |
feature = self.xfeature_create(path) |
61 |
if feature is None: |
|
62 |
return |
|
63 | 61 |
self.feature_setmany(feature, access, members) |
64 | 62 |
|
65 | 63 |
def access_set(self, path, permissions): |
66 | 64 |
"""Set permissions for path. The permissions dict |
67 | 65 |
maps 'read', 'write' keys to member lists.""" |
68 | 66 |
|
69 |
self.xfeature_destroy(path) |
|
70 |
self.access_grant(path, READ, permissions.get('read', [])) |
|
71 |
self.access_grant(path, WRITE, permissions.get('write', [])) |
|
67 |
r = permissions.get('read', []) |
|
68 |
w = permissions.get('write', []) |
|
69 |
if not r and not w: |
|
70 |
self.xfeature_destroy(path) |
|
71 |
return |
|
72 |
feature = self.xfeature_create(path) |
|
73 |
if r: |
|
74 |
self.feature_clear(feature, READ) |
|
75 |
self.feature_setmany(feature, READ, r) |
|
76 |
if w: |
|
77 |
self.feature_clear(feature, WRITE) |
|
78 |
self.feature_setmany(feature, WRITE, w) |
|
79 |
|
|
80 |
def access_get(self, path): |
|
81 |
"""Get permissions for path.""" |
|
82 |
|
|
83 |
feature = self.xfeature_get(path) |
|
84 |
if not feature: |
|
85 |
return {} |
|
86 |
permissions = self.feature_dict(feature) |
|
87 |
if READ in permissions: |
|
88 |
permissions['read'] = permissions[READ] |
|
89 |
del(permissions[READ]) |
|
90 |
if WRITE in permissions: |
|
91 |
permissions['write'] = permissions[WRITE] |
|
92 |
del(permissions[WRITE]) |
|
93 |
return permissions |
|
72 | 94 |
|
73 | 95 |
def access_clear(self, path): |
74 | 96 |
"""Revoke access to path (both permissions and public).""" |
... | ... | |
79 | 101 |
def access_check(self, path, access, member): |
80 | 102 |
"""Return true if the member has this access to the path.""" |
81 | 103 |
|
82 |
if access == READ and self.public_get(path) is not None: |
|
83 |
return True |
|
84 |
|
|
85 |
r = self.xfeature_inherit(path) |
|
86 |
if not r: |
|
104 |
feature = self.xfeature_get(path) |
|
105 |
if not feature: |
|
87 | 106 |
return False |
88 |
fpath, feature = r |
|
89 | 107 |
members = self.feature_get(feature, access) |
90 | 108 |
if member in members or '*' in members: |
91 | 109 |
return True |
... | ... | |
95 | 113 |
return False |
96 | 114 |
|
97 | 115 |
def access_inherit(self, path): |
98 |
"""Return the inherited or assigned (path, permissions) pair for path."""
|
|
116 |
"""Return the paths influencing the access for path."""
|
|
99 | 117 |
|
100 | 118 |
r = self.xfeature_inherit(path) |
101 | 119 |
if not r: |
102 |
return (path, {}) |
|
103 |
fpath, feature = r |
|
104 |
permissions = self.feature_dict(feature) |
|
105 |
if READ in permissions: |
|
106 |
permissions['read'] = permissions[READ] |
|
107 |
del(permissions[READ]) |
|
108 |
if WRITE in permissions: |
|
109 |
permissions['write'] = permissions[WRITE] |
|
110 |
del(permissions[WRITE]) |
|
111 |
return (fpath, permissions) |
|
112 |
|
|
113 |
def access_list(self, path): |
|
114 |
"""List all permission paths inherited by or inheriting from path.""" |
|
120 |
return [] |
|
115 | 121 |
|
116 |
return [x[0] for x in self.xfeature_list(path) if x[0] != path] |
|
122 |
# Only keep path components. |
|
123 |
parts = path.rstrip('/').split('/') |
|
124 |
valid = [] |
|
125 |
for i in range(1, len(parts)): |
|
126 |
subp = '/'.join(parts[:i + 1]) |
|
127 |
valid.append(subp) |
|
128 |
valid.append(subp + '/') |
|
129 |
return [x[0] for x in r if x[0] in valid] |
|
117 | 130 |
|
118 | 131 |
def access_list_paths(self, member, prefix=None): |
119 | 132 |
"""Return the list of paths granted to member.""" |
Also available in: Unified diff