Mercurial > libervia-backend
comparison sat/memory/memory.py @ 3313:624c60293deb
memory: new "affiliation" metadata for files:
this affiliation is similar to pubsub affiliation, for now only `owner` is used.
Affiliation is set when possible (peer_jid is set notably).
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 17 Jul 2020 12:58:57 +0200 |
| parents | b56e4c6b13fc |
| children | 83f25da66bec |
comparison
equal
deleted
inserted
replaced
| 3312:77177b13ff54 | 3313:624c60293deb |
|---|---|
| 20 import os.path | 20 import os.path |
| 21 import copy | 21 import copy |
| 22 import shortuuid | 22 import shortuuid |
| 23 import mimetypes | 23 import mimetypes |
| 24 import time | 24 import time |
| 25 from typing import Optional, Tuple | |
| 25 from pathlib import Path | 26 from pathlib import Path |
| 26 from uuid import uuid4 | 27 from uuid import uuid4 |
| 27 from collections import namedtuple | 28 from collections import namedtuple |
| 28 from twisted.python import failure | 29 from twisted.python import failure |
| 29 from twisted.internet import defer, reactor, error | 30 from twisted.internet import defer, reactor, error |
| 1180 return self.storage.delPrivateValue( | 1181 return self.storage.delPrivateValue( |
| 1181 namespace, key, binary=True, profile=client.profile) | 1182 namespace, key, binary=True, profile=client.profile) |
| 1182 | 1183 |
| 1183 ## Files ## | 1184 ## Files ## |
| 1184 | 1185 |
| 1185 def checkFilePermission(self, file_data, peer_jid, perms_to_check): | 1186 def checkFilePermission( |
| 1186 """check that an entity has the right permission on a file | 1187 self, |
| 1187 | 1188 file_data: dict, |
| 1188 @param file_data(dict): data of one file, as returned by getFiles | 1189 peer_jid: Optional[jid.JID], |
| 1189 @param peer_jid(jid.JID): entity trying to access the file | 1190 perms_to_check: Optional[Tuple[str]], |
| 1190 @param perms_to_check(tuple[unicode]): permissions to check | 1191 set_affiliation: bool = False |
| 1192 ) -> None: | |
| 1193 """Check that an entity has the right permission on a file | |
| 1194 | |
| 1195 @param file_data: data of one file, as returned by getFiles | |
| 1196 @param peer_jid: entity trying to access the file | |
| 1197 @param perms_to_check: permissions to check | |
| 1191 tuple of C.ACCESS_PERM_* | 1198 tuple of C.ACCESS_PERM_* |
| 1192 @param check_parents(bool): if True, also check all parents until root node | 1199 @param check_parents: if True, also check all parents until root node |
| 1200 @parma set_affiliation: if True, "affiliation" metadata will be set | |
| 1193 @raise exceptions.PermissionError: peer_jid doesn't have all permission | 1201 @raise exceptions.PermissionError: peer_jid doesn't have all permission |
| 1194 in perms_to_check for file_data | 1202 in perms_to_check for file_data |
| 1195 @raise exceptions.InternalError: perms_to_check is invalid | 1203 @raise exceptions.InternalError: perms_to_check is invalid |
| 1196 """ | 1204 """ |
| 1205 # TODO: knowing if user is owner is not enough, we need to check permission | |
| 1206 # to see if user can modify/delete files, and set corresponding affiliation (publisher, member) | |
| 1197 if peer_jid is None and perms_to_check is None: | 1207 if peer_jid is None and perms_to_check is None: |
| 1198 return | 1208 return |
| 1199 peer_jid = peer_jid.userhostJID() | 1209 peer_jid = peer_jid.userhostJID() |
| 1200 if peer_jid == file_data["owner"]: | 1210 if peer_jid == file_data["owner"]: |
| 1201 # the owner has all rights | 1211 if set_affiliation: |
| 1212 file_data['affiliation'] = 'owner' | |
| 1213 # the owner has all rights, nothing to check | |
| 1202 return | 1214 return |
| 1203 if not C.ACCESS_PERMS.issuperset(perms_to_check): | 1215 if not C.ACCESS_PERMS.issuperset(perms_to_check): |
| 1204 raise exceptions.InternalError(_("invalid permission")) | 1216 raise exceptions.InternalError(_("invalid permission")) |
| 1205 | 1217 |
| 1206 for perm in perms_to_check: | 1218 for perm in perms_to_check: |
| 1381 if peer_jid: | 1393 if peer_jid: |
| 1382 # if permission are checked, we must remove all file that user can't access | 1394 # if permission are checked, we must remove all file that user can't access |
| 1383 to_remove = [] | 1395 to_remove = [] |
| 1384 for file_data in files: | 1396 for file_data in files: |
| 1385 try: | 1397 try: |
| 1386 self.checkFilePermission(file_data, peer_jid, perms_to_check) | 1398 self.checkFilePermission(file_data, peer_jid, perms_to_check, set_affiliation=True) |
| 1387 except exceptions.PermissionError: | 1399 except exceptions.PermissionError: |
| 1388 to_remove.append(file_data) | 1400 to_remove.append(file_data) |
| 1389 for file_data in to_remove: | 1401 for file_data in to_remove: |
| 1390 files.remove(file_data) | 1402 files.remove(file_data) |
| 1391 defer.returnValue(files) | 1403 defer.returnValue(files) |