本文整理汇总了Python中pulp.server.managers.factory.permission_manager函数的典型用法代码示例。如果您正苦于以下问题:Python permission_manager函数的具体用法?Python permission_manager怎么用?Python permission_manager使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了permission_manager函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: add_permissions_to_role
def add_permissions_to_role(role_id, resource, operations):
"""
Add permissions to a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to grant permissions to
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being granted
:raise MissingResource: if the given role does not exist
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
current_ops = role['permissions'].setdefault(resource, [])
for o in operations:
if o in current_ops:
continue
current_ops.append(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
factory.permission_manager().grant(resource, user['login'], operations)
Role.get_collection().save(role, safe=True)
开发者ID:VuokkoVuorinnen,项目名称:pulp,代码行数:30,代码来源:cud.py
示例2: add_user_to_role
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise MissingResource(login)
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for resource, operations in role['permissions'].items():
factory.permission_manager().grant(resource, login, operations)
开发者ID:skarmark,项目名称:pulp,代码行数:27,代码来源:cud.py
示例3: remove_user_from_role
def remove_user_from_role(role_id, login):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
:param role_id: role identifier
:type role_id: str
:param login: name of user
:type login: str
:raise MissingResource: if the given role or user does not exist
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = model.User.objects.get_or_404(login=login)
if role_id == SUPER_USER_ROLE and user_controller.is_last_super_user(login):
raise PulpDataException(
_('%(role)s cannot be empty, and %(login)s is the last member') %
{'role': SUPER_USER_ROLE, 'login': login})
if role_id not in user.roles:
return
user.roles.remove(role_id)
user.save()
for item in role['permissions']:
other_roles = factory.role_query_manager().get_other_roles(role, user.roles)
user_ops = _operations_not_granted_by_roles(item['resource'],
item['permission'],
other_roles)
factory.permission_manager().revoke(item['resource'], login, user_ops)
开发者ID:BrnoPCmaniak,项目名称:pulp,代码行数:35,代码来源:cud.py
示例4: add_user_to_role
def add_user_to_role(role_id, login):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
:param role_id: role identifier
:type role_id: str
:param login: login of user
:type login: str
:raise MissingResource: if the given role does not exist
:raise InvalidValue: if some params are invalid
"""
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
user = User.get_collection().find_one({'login': login})
if user is None:
raise InvalidValue(['login'])
if role_id in user['roles']:
return
user['roles'].append(role_id)
User.get_collection().save(user, safe=True)
for item in role['permissions']:
factory.permission_manager().grant(item['resource'], login,
item.get('permission', []))
开发者ID:nbetm,项目名称:pulp,代码行数:29,代码来源:cud.py
示例5: operation_to_name
def operation_to_name(operation):
"""
Convert an operation value to an operation name
Returns None if the operation value is invalid
@type operation: int
@param operation: operation value
@rtype: str or None
@return: operation name
"""
if operation < factory.permission_manager().CREATE or operation > factory.permission_manager().EXECUTE:
return None
return factory.permission_manager().operation_names[operation]
开发者ID:ashcrow,项目名称:pulp,代码行数:12,代码来源:authorization.py
示例6: name_to_operation
def name_to_operation(name):
"""
Convert a operation name to an operation value
Returns None if the name does not correspond to an operation
@type name: str
@param name: operation name
@rtype: int or None
@return: operation value
"""
name = name.upper()
if name not in factory.permission_manager().operation_names:
raise InvalidValue('operations')
return factory.permission_manager().operation_names.index(name)
开发者ID:ashcrow,项目名称:pulp,代码行数:13,代码来源:authorization.py
示例7: get
def get(self, request):
"""
List all roles.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of roles
:rtype: django.http.HttpResponse
"""
role_query_manager = factory.role_query_manager()
user_query_manager = factory.user_query_manager()
permissions_manager = factory.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
role['users'] = [u['login'] for u in
user_query_manager.find_users_belonging_to_role(role['id'])]
resource_permission = {}
# isolate schema change
if role['permissions']:
for item in role['permissions']:
resource = item['resource']
operations = item.get('permission', [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o)
for o in operations]
role['permissions'] = resource_permission
link = {'_href': reverse('role_resource',
kwargs={'role_id': role['id']})}
role.update(link)
return generate_json_response_with_pulp_encoder(roles)
开发者ID:hgschmie,项目名称:pulp,代码行数:33,代码来源:roles.py
示例8: test_syntactic_sugar_methods
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
开发者ID:credativ,项目名称:pulp,代码行数:29,代码来源:test_factory.py
示例9: GET
def GET(self):
role_query_manager = managers.role_query_manager()
user_query_manager = managers.user_query_manager()
permissions_manager = managers.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
role['users'] = [u['login'] for u in
user_query_manager.find_users_belonging_to_role(role['id'])]
resource_permission = {}
# isolate schema change
if role['permissions']:
for item in role['permissions']:
resource = item['resource']
operations = item.get('permission', [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o)
for o in operations]
role['permissions'] = resource_permission
for role in roles:
role.update(serialization.link.child_link_obj(role['id']))
return self.ok(roles)
开发者ID:AndreaGiardini,项目名称:pulp,代码行数:25,代码来源:roles.py
示例10: POST
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_CREATE_OPERATION}}
args = [login]
kwargs = {'password': password,
'name': name}
weight = pulp_config.config.getint('tasks', 'create_weight')
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('create')]
call_request = CallRequest(manager.create_user,
args,
kwargs,
resources=resources,
weight=weight,
tags=tags,
kwarg_blacklist=['password'])
user = execution.execute_sync(call_request)
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)
开发者ID:bartwo,项目名称:pulp,代码行数:33,代码来源:users.py
示例11: POST
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
args = [login]
kwargs = {'password': password,
'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
user_link = serialization.link.child_link_obj(login)
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)
开发者ID:AndreaGiardini,项目名称:pulp,代码行数:26,代码来源:users.py
示例12: POST
def POST(self):
# Params
params = self.params()
login = params.get('login', None)
resource = params.get('resource', None)
operation_names = params.get('operations', None)
_check_invalid_params({'login':login,
'resource':resource,
'operation_names':operation_names})
operations = _get_operations(operation_names)
# Grant permission synchronously
permission_manager = managers.permission_manager()
tags = [resource_tag(dispatch_constants.RESOURCE_PERMISSION_TYPE, resource),
resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('grant_permission_to_user')]
call_request = CallRequest(permission_manager.grant,
[resource, login, operations],
tags=tags)
call_request.reads_resource(dispatch_constants.RESOURCE_USER_TYPE, login)
call_request.updates_resource(dispatch_constants.RESOURCE_PERMISSION_TYPE, resource)
return self.ok(execution.execute_sync(call_request))
开发者ID:ashcrow,项目名称:pulp,代码行数:27,代码来源:permissions.py
示例13: get
def get(self, request):
"""
List all roles.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of roles
:rtype: django.http.HttpResponse
"""
role_query_manager = factory.role_query_manager()
permissions_manager = factory.permission_manager()
roles = role_query_manager.find_all()
for role in roles:
users = [u.login for u in user_controller.find_users_belonging_to_role(role["id"])]
role["users"] = users
resource_permission = {}
# isolate schema change
if role["permissions"]:
for item in role["permissions"]:
resource = item["resource"]
operations = item.get("permission", [])
resource_permission[resource] = [permissions_manager.operation_value_to_name(o) for o in operations]
role["permissions"] = resource_permission
link = {"_href": reverse("role_resource", kwargs={"role_id": role["id"]})}
role.update(link)
return generate_json_response_with_pulp_encoder(roles)
开发者ID:pcreech,项目名称:pulp,代码行数:30,代码来源:roles.py
示例14: post
def post(self, request):
"""
Revoke permissions from a role.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An empty response
:rtype: django.http.HttpResponse
"""
params = request.body_as_json
role_id = params.get('role_id', None)
resource = params.get('resource', None)
operation_names = params.get('operations', None)
_validate_params({'role_id': role_id,
'resource': resource,
'operation_names': operation_names})
role_manager = factory.role_manager()
permission_manager = factory.permission_manager()
operations = permission_manager.operation_names_to_values(operation_names)
remove_perm = role_manager.remove_permissions_from_role(role_id, resource, operations)
return generate_json_response(remove_perm)
开发者ID:jeremycline,项目名称:pulp,代码行数:25,代码来源:permissions.py
示例15: get
def get(self, request):
"""
Retrieve permissions for all resources or for a particular resource.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing a list of permissions for resource/s
:rtype: django.http.HttpResponse
"""
query_params = request.GET
resource = query_params.get('resource', None)
permissions = []
if resource is None:
permissions = factory.permission_query_manager().find_all()
else:
permission = factory.permission_query_manager().find_by_resource(resource)
if permission is not None:
permissions = [permission]
for permission in permissions:
# Isolate the database schema change to behind the api. This should be transparent
users = {}
for item in permission['users']:
users[item['username']] = item['permissions']
permission['users'] = users
permission_manager = factory.permission_manager()
for user, ops in users.items():
users[user] = [permission_manager.operation_value_to_name(o) for o in ops]
return generate_json_response_with_pulp_encoder(permissions)
开发者ID:jeremycline,项目名称:pulp,代码行数:32,代码来源:permissions.py
示例16: post
def post(self, request):
"""
Grant permissions to a role.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An empty response
:rtype: django.http.HttpResponse
"""
params = request.body_as_json
role_id = params.get('role_id', None)
resource = params.get('resource', None)
operation_names = params.get('operations', None)
_check_invalid_params({'role_id': role_id,
'resource': resource,
'operation_names': operation_names})
# Grant permission synchronously
role_manager = factory.role_manager()
permission_manager = factory.permission_manager()
operations = permission_manager.operation_names_to_values(operation_names)
add_perm = role_manager.add_permissions_to_role(role_id, resource, operations)
return generate_json_response(add_perm)
开发者ID:hgschmie,项目名称:pulp,代码行数:25,代码来源:permissions.py
示例17: delete_user
def delete_user(login):
"""
Deletes the given user. Deletion of last superuser is not permitted.
@param login: identifies the user being deleted
@type login: str
@raise MissingResource: if the given user does not exist
@raise InvalidValue: if login value is invalid
"""
# Raise exception if login is invalid
if login is None or invalid_type(login, basestring):
raise InvalidValue(['login'])
# Check whether user exists
found = User.get_collection().find_one({'login': login})
if found is None:
raise MissingResource(login)
# Make sure user is not the last super user
if factory.user_query_manager().is_last_super_user(login):
raise PulpDataException(_("The last superuser [%s] cannot be deleted" % login))
# Revoke all permissions from the user
permission_manager = factory.permission_manager()
permission_manager.revoke_all_permissions_from_user(login)
User.get_collection().remove({'login': login})
开发者ID:jeremycline,项目名称:pulp,代码行数:29,代码来源:cud.py
示例18: remove_permissions_from_role
def remove_permissions_from_role(role_id, resource, operations):
"""
Remove permissions from a role.
:param role_id: role identifier
:type role_id: str
:param resource: resource path to revoke permissions from
:type resource: str
:param operations: list or tuple
:type operations: list of allowed operations being revoked
:raise InvalidValue: if some params are invalid
:raise PulpDataException: if role is a superuser role
"""
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('super-users role cannot be changed'))
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise InvalidValue(['role_id'])
resource_permission = {}
current_ops = []
for item in role['permissions']:
if item['resource'] == resource:
resource_permission = item
current_ops = resource_permission['permission']
if not current_ops:
return
for o in operations:
if o not in current_ops:
continue
current_ops.remove(o)
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for user in users:
other_roles = factory.role_query_manager().get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(resource,
operations,
other_roles)
factory.permission_manager().revoke(resource, user['login'], user_ops)
# in no more allowed operations, remove the resource
if not current_ops:
role['permissions'].remove(resource_permission)
Role.get_collection().save(role, safe=True)
开发者ID:nbetm,项目名称:pulp,代码行数:47,代码来源:cud.py
示例19: create_user
def create_user(login, password=None, name=None, roles=None):
"""
Creates a new Pulp user and adds it to specified to roles.
@param login: login name / unique identifier for the user
@type login: str
@param password: password for login credentials
@type password: str
@param name: user's full name
@type name: str
@param roles: list of roles user will belong to
@type roles: list
@raise DuplicateResource: if there is already a user with the requested login
@raise InvalidValue: if any of the fields are unacceptable
"""
existing_user = User.get_collection().find_one({'login': login})
if existing_user is not None:
raise DuplicateResource(login)
invalid_values = []
if login is None or _USER_LOGIN_REGEX.match(login) is None:
invalid_values.append('login')
if invalid_type(name, basestring):
invalid_values.append('name')
if invalid_type(roles, list):
invalid_values.append('roles')
if invalid_values:
raise InvalidValue(invalid_values)
# Use the login for name of the user if one was not specified
name = name or login
roles = roles or None
# Encode plain-text password
hashed_password = None
if password:
hashed_password = factory.password_manager().hash_password(password)
# Creation
create_me = User(login=login, password=hashed_password, name=name, roles=roles)
User.get_collection().save(create_me)
# Grant permissions
permission_manager = factory.permission_manager()
permission_manager.grant_automatic_permissions_for_user(create_me['login'])
# Retrieve the user to return the SON object
created = User.get_collection().find_one({'login': login})
created.pop('password')
return created
开发者ID:jeremycline,项目名称:pulp,代码行数:58,代码来源:cud.py
示例20: test_operation_value_to_name
def test_operation_value_to_name(self):
pm = manager_factory.permission_manager()
self.assertEqual(pm.operation_value_to_name(authorization.CREATE), "CREATE")
self.assertEqual(pm.operation_value_to_name(authorization.READ), "READ")
self.assertEqual(pm.operation_value_to_name(authorization.UPDATE), "UPDATE")
self.assertEqual(pm.operation_value_to_name(authorization.DELETE), "DELETE")
self.assertEqual(pm.operation_value_to_name(authorization.EXECUTE), "EXECUTE")
self.assertEqual(pm.operation_value_to_name("RANDOM"), None)
self.assertEqual(pm.operation_value_to_name(99), None)
self.assertEqual(pm.operation_value_to_name(-2), None)
开发者ID:credativ,项目名称:pulp,代码行数:10,代码来源:test_cud.py
注:本文中的pulp.server.managers.factory.permission_manager函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论