/
roles.py
84 lines (66 loc) · 2.35 KB
/
roles.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# -*- coding: utf-8 -*-
"""CRUD operations for user roles
:copyright: Copyright (c) 2017 RadiaSoft LLC. All Rights Reserved.
:license: http://www.apache.org/licenses/LICENSE-2.0.html
"""
from __future__ import absolute_import, division, print_function
from pykern.pkcollections import PKDict
from pykern.pkdebug import pkdc, pkdexc, pkdlog, pkdp
from sirepo.pkcli import admin
import contextlib
import pykern.pkcli
import sirepo.auth_role
import sirepo.quest
def add(uid_or_email, *roles):
"""Assign roles to a user
Args:
uid_or_email (str): Uid or email of the user
*roles: The roles to assign to the user
"""
with _parse_args(uid_or_email, roles) as qcall:
qcall.auth_db.model("UserRole").add_roles(roles)
def add_roles(*args):
"""DEPRECATED: Use add"""
add(*args)
def delete(uid_or_email, *roles):
"""Remove roles assigned to user
Args:
uid_or_email (str): Uid or email of the user
*roles (args): The roles to delete
"""
with _parse_args(uid_or_email, roles) as qcall:
qcall.auth_db.model("UserRole").delete_roles(roles)
def delete_roles(*args):
"""DEPRECATED: Use delete"""
delete(*args)
def list(uid_or_email):
"""List all roles assigned to a user
Args:
uid_or_email (str): Uid or email of the user
"""
with _parse_args(uid_or_email, []) as qcall:
return qcall.auth_db.model("UserRole").get_roles()
def list_roles(*args):
"""DEPRECATED: Use list"""
return list(*args)
# TODO(e-carlin): This only works for email auth or using a uid
# doesn't work for other auth methods
@contextlib.contextmanager
def _parse_args(uid_or_email, roles):
with sirepo.quest.start() as qcall:
# POSIT: Uid's are from the base62 charset so an '@' implies an email.
if "@" in uid_or_email:
u = qcall.auth_db.model("AuthEmailUser").unchecked_uid(
user_name=uid_or_email
)
else:
u = qcall.auth.unchecked_get_user(uid_or_email)
if not u:
pykern.pkcli.command_error("uid_or_email={} not found", uid_or_email)
if roles:
a = sirepo.auth_role.get_all()
assert set(roles).issubset(
a
), "roles={} not a subset of all_roles={}".format(roles, a)
with qcall.auth.logged_in_user_set(u):
yield qcall