Revision dc88754b snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py
| b/snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py | ||
|---|---|---|
| 31 | 31 |
# interpreted as representing official policies, either expressed |
| 32 | 32 |
# or implied, of GRNET S.A. |
| 33 | 33 |
|
| 34 |
from sqlalchemy.sql import select, literal, or_ |
|
| 34 |
from sqlalchemy.sql import select, literal, or_, and_
|
|
| 35 | 35 |
from sqlalchemy.sql.expression import join, union |
| 36 | 36 |
|
| 37 | 37 |
from xfeatures import XFeatures |
| 38 | 38 |
from groups import Groups |
| 39 | 39 |
from public import Public |
| 40 | 40 |
from node import Node |
| 41 |
from collections import defaultdict |
|
| 41 | 42 |
|
| 42 | 43 |
from dbworker import ESCAPE_CHAR |
| 43 | 44 |
|
| ... | ... | |
| 81 | 82 |
if w: |
| 82 | 83 |
self.feature_setmany(feature, WRITE, w) |
| 83 | 84 |
|
| 85 |
def access_get_for_bulk(self, perms): |
|
| 86 |
"""Get permissions for path.""" |
|
| 87 |
allowed = None |
|
| 88 |
d = defaultdict(list) |
|
| 89 |
for value, feature_id, key in perms: |
|
| 90 |
d[key].append(value) |
|
| 91 |
permissions = d |
|
| 92 |
if READ in permissions: |
|
| 93 |
allowed = 0 |
|
| 94 |
permissions['read'] = permissions[READ] |
|
| 95 |
del(permissions[READ]) |
|
| 96 |
if WRITE in permissions: |
|
| 97 |
allowed = 1 |
|
| 98 |
permissions['write'] = permissions[WRITE] |
|
| 99 |
del(permissions[WRITE]) |
|
| 100 |
return (permissions, allowed) |
|
| 101 |
|
|
| 84 | 102 |
def access_get(self, path): |
| 85 | 103 |
"""Get permissions for path.""" |
| 86 | 104 |
|
| ... | ... | |
| 139 | 157 |
return True |
| 140 | 158 |
return False |
| 141 | 159 |
|
| 160 |
def access_check_bulk(self, paths, member): |
|
| 161 |
rows = None |
|
| 162 |
xfeatures_xfeaturevals = self.xfeaturevals.join(self.xfeatures, |
|
| 163 |
onclause=and_(self.xfeatures.c.feature_id == |
|
| 164 |
self.xfeaturevals.c.feature_id, self.xfeatures.c.path.in_(paths))) |
|
| 165 |
s = select([self.xfeatures.c.path, |
|
| 166 |
self.xfeaturevals.c.value, |
|
| 167 |
self.xfeaturevals.c.feature_id, |
|
| 168 |
self.xfeaturevals.c.key], from_obj=[xfeatures_xfeaturevals]) |
|
| 169 |
r = self.conn.execute(s) |
|
| 170 |
rows = r.fetchall() |
|
| 171 |
r.close() |
|
| 172 |
if rows: |
|
| 173 |
access_check_paths = {}
|
|
| 174 |
for path, value, feature_id, key in rows: |
|
| 175 |
try: |
|
| 176 |
access_check_paths[path].append((value, feature_id, key)) |
|
| 177 |
except KeyError: |
|
| 178 |
access_check_paths[path] = [(value, feature_id, key)] |
|
| 179 |
access_check_paths['group_parents'] = self.group_parents(member) |
|
| 180 |
return access_check_paths |
|
| 181 |
return None |
|
| 182 |
|
|
| 142 | 183 |
def access_inherit(self, path): |
| 143 | 184 |
"""Return the paths influencing the access for path.""" |
| 144 | 185 |
|
| ... | ... | |
| 158 | 199 |
valid.append(subp + '/') |
| 159 | 200 |
return [x for x in valid if self.xfeature_get(x)] |
| 160 | 201 |
|
| 202 |
def access_inherit_bulk(self, paths): |
|
| 203 |
"""Return the paths influencing the access for path.""" |
|
| 204 |
|
|
| 205 |
# Only keep path components. |
|
| 206 |
valid = [] |
|
| 207 |
for path in paths: |
|
| 208 |
parts = path.rstrip('/').split('/')
|
|
| 209 |
for i in range(1, len(parts)): |
|
| 210 |
subp = '/'.join(parts[:i + 1]) |
|
| 211 |
valid.append(subp) |
|
| 212 |
if subp != path: |
|
| 213 |
valid.append(subp + '/') |
|
| 214 |
valid = self.xfeature_get_bulk(valid) |
|
| 215 |
return [x[1] for x in valid] |
|
| 216 |
|
|
| 161 | 217 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
| 162 | 218 |
include_containers=True): |
| 163 | 219 |
"""Return the list of paths granted to member. |
Also available in: Unified diff