Skip to content

Owo Sugiana / opensipkd-base

Go to a project
Switch branch/tag
ziggurat.py 2.89 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 
from pyramid.security import (
    Allow,
    Authenticated,
    ALL_PERMISSIONS,
    )
from sqlalchemy import (
    Column,
    String,
    PrimaryKeyConstraint,
    )
import ziggurat_foundations.models
from ziggurat_foundations.models.base import BaseModel
from ziggurat_foundations.models.external_identity import ExternalIdentityMixin
from ziggurat_foundations.models.group import GroupMixin
from ziggurat_foundations.models.group_permission import GroupPermissionMixin
from ziggurat_foundations.models.group_resource_permission \
        import GroupResourcePermissionMixin
from ziggurat_foundations.models.resource import ResourceMixin
from ziggurat_foundations.models.user import UserMixin
from ziggurat_foundations.models.user_group import UserGroupMixin
from ziggurat_foundations.models.user_permission import UserPermissionMixin
from ziggurat_foundations.models.user_resource_permission \
        import UserResourcePermissionMixin
from ziggurat_foundations import ziggurat_model_init
from . import (
    Base,
    DBSession,
    CommonModel,
    )


# this is needed for scoped session approach like in pylons 1.0
ziggurat_foundations.models.DBSession = DBSession
# optional for folks who pass request.db to model methods

# Base is sqlalchemy's Base = declarative_base() from your project


class Group(GroupMixin, Base, CommonModel):
    pass


class GroupPermission(GroupPermissionMixin, Base):
    pass


class UserGroup(UserGroupMixin, Base):
    pass


class GroupResourcePermission(GroupResourcePermissionMixin, Base):
    __table_args__ = (
        PrimaryKeyConstraint(
            "group_id",
            "resource_id",
            "perm_name"),)


class Resource(ResourceMixin, Base):
    # ... your own properties....

    # example implementation of ACLS for pyramid application
    @property
    def __acl__(self):
        acls = []

        if self.owner_user_id:
            acls.extend([(Allow, self.owner_user_id, ALL_PERMISSIONS,), ])

        if self.owner_group_id:
            acls.extend([(Allow, "group:%s" % self.owner_group_id,
                          ALL_PERMISSIONS,), ])
        return acls


class UserPermission(UserPermissionMixin, Base):
    pass


class UserResourcePermission(UserResourcePermissionMixin, Base):
    pass


class User(UserMixin, Base, CommonModel):
    api_key = Column(String(256))


class ExternalIdentity(ExternalIdentityMixin, Base):
    pass


class RootFactory:
    def __init__(self, request):
        self.__acl__ = [
            (Allow, Authenticated, 'view'),
            (Allow, 'group:1', ALL_PERMISSIONS),
            ]
        for gp in DBSession.query(GroupPermission):
            acl_name = 'group:{}'.format(gp.group_id)
            self.__acl__.append((Allow, acl_name, gp.perm_name))


ziggurat_model_init(
    User, Group, UserGroup, GroupPermission, UserPermission,
    UserResourcePermission, GroupResourcePermission, Resource,
    ExternalIdentity, passwordmanager=None)