Revision dc88754b snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py
b/snf-pithos-backend/pithos/backends/lib/sqlalchemy/permissions.py | ||
---|---|---|
31 | 31 |
# interpreted as representing official policies, either expressed |
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 |
from sqlalchemy.sql import select, literal, or_ |
|
34 |
from sqlalchemy.sql import select, literal, or_, and_
|
|
35 | 35 |
from sqlalchemy.sql.expression import join, union |
36 | 36 |
|
37 | 37 |
from xfeatures import XFeatures |
38 | 38 |
from groups import Groups |
39 | 39 |
from public import Public |
40 | 40 |
from node import Node |
41 |
from collections import defaultdict |
|
41 | 42 |
|
42 | 43 |
from dbworker import ESCAPE_CHAR |
43 | 44 |
|
... | ... | |
81 | 82 |
if w: |
82 | 83 |
self.feature_setmany(feature, WRITE, w) |
83 | 84 |
|
85 |
def access_get_for_bulk(self, perms): |
|
86 |
"""Get permissions for path.""" |
|
87 |
allowed = None |
|
88 |
d = defaultdict(list) |
|
89 |
for value, feature_id, key in perms: |
|
90 |
d[key].append(value) |
|
91 |
permissions = d |
|
92 |
if READ in permissions: |
|
93 |
allowed = 0 |
|
94 |
permissions['read'] = permissions[READ] |
|
95 |
del(permissions[READ]) |
|
96 |
if WRITE in permissions: |
|
97 |
allowed = 1 |
|
98 |
permissions['write'] = permissions[WRITE] |
|
99 |
del(permissions[WRITE]) |
|
100 |
return (permissions, allowed) |
|
101 |
|
|
84 | 102 |
def access_get(self, path): |
85 | 103 |
"""Get permissions for path.""" |
86 | 104 |
|
... | ... | |
139 | 157 |
return True |
140 | 158 |
return False |
141 | 159 |
|
160 |
def access_check_bulk(self, paths, member): |
|
161 |
rows = None |
|
162 |
xfeatures_xfeaturevals = self.xfeaturevals.join(self.xfeatures, |
|
163 |
onclause=and_(self.xfeatures.c.feature_id == |
|
164 |
self.xfeaturevals.c.feature_id, self.xfeatures.c.path.in_(paths))) |
|
165 |
s = select([self.xfeatures.c.path, |
|
166 |
self.xfeaturevals.c.value, |
|
167 |
self.xfeaturevals.c.feature_id, |
|
168 |
self.xfeaturevals.c.key], from_obj=[xfeatures_xfeaturevals]) |
|
169 |
r = self.conn.execute(s) |
|
170 |
rows = r.fetchall() |
|
171 |
r.close() |
|
172 |
if rows: |
|
173 |
access_check_paths = {} |
|
174 |
for path, value, feature_id, key in rows: |
|
175 |
try: |
|
176 |
access_check_paths[path].append((value, feature_id, key)) |
|
177 |
except KeyError: |
|
178 |
access_check_paths[path] = [(value, feature_id, key)] |
|
179 |
access_check_paths['group_parents'] = self.group_parents(member) |
|
180 |
return access_check_paths |
|
181 |
return None |
|
182 |
|
|
142 | 183 |
def access_inherit(self, path): |
143 | 184 |
"""Return the paths influencing the access for path.""" |
144 | 185 |
|
... | ... | |
158 | 199 |
valid.append(subp + '/') |
159 | 200 |
return [x for x in valid if self.xfeature_get(x)] |
160 | 201 |
|
202 |
def access_inherit_bulk(self, paths): |
|
203 |
"""Return the paths influencing the access for path.""" |
|
204 |
|
|
205 |
# Only keep path components. |
|
206 |
valid = [] |
|
207 |
for path in paths: |
|
208 |
parts = path.rstrip('/').split('/') |
|
209 |
for i in range(1, len(parts)): |
|
210 |
subp = '/'.join(parts[:i + 1]) |
|
211 |
valid.append(subp) |
|
212 |
if subp != path: |
|
213 |
valid.append(subp + '/') |
|
214 |
valid = self.xfeature_get_bulk(valid) |
|
215 |
return [x[1] for x in valid] |
|
216 |
|
|
161 | 217 |
def access_list_paths(self, member, prefix=None, include_owned=False, |
162 | 218 |
include_containers=True): |
163 | 219 |
"""Return the list of paths granted to member. |
Also available in: Unified diff