Project import generated by Copybara.
GitOrigin-RevId: d9e9e3fb4e31372ec1fb43b178994ca78fa8fe70
diff --git a/api/v3/permissions_servicer.py b/api/v3/permissions_servicer.py
new file mode 100644
index 0000000..d544478
--- /dev/null
+++ b/api/v3/permissions_servicer.py
@@ -0,0 +1,87 @@
+# Copyright 2020 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+from __future__ import print_function
+from __future__ import division
+from __future__ import absolute_import
+
+from google.protobuf import empty_pb2
+
+from api import resource_name_converters as rnc
+from api.v3 import permission_converters as pc
+from api.v3 import monorail_servicer
+from api.v3.api_proto import permission_objects_pb2
+from api.v3.api_proto import permissions_pb2
+from api.v3.api_proto import permissions_prpc_pb2
+from businesslogic import work_env
+from framework import exceptions
+
+
+class PermissionsServicer(monorail_servicer.MonorailServicer):
+ """Handle API requests related to Permissions.
+ Each API request is implemented with a method as defined in the
+ .proto file. Each method does any request-specific validation, uses work_env
+ to safely operate on business objects, and returns a response proto.
+ """
+
+ DESCRIPTION = permissions_prpc_pb2.PermissionsServiceDescription
+
+ @monorail_servicer.PRPCMethod
+ def BatchGetPermissionSets(self, mc, request):
+ # type: (MonorailContext, BatchGetPermissionSetsRequest) ->
+ # BatchGetPermissionSetsResponse
+ """pRPC API method that implements BatchGetPermissionSets.
+
+ Raises:
+ InputException: if any name in request.names is not a valid resource name
+ or a permission string is not recognized.
+ PermissionException: if the requester does not have permission to
+ view one of the resources.
+ """
+ api_permission_sets = []
+ with work_env.WorkEnv(mc, self.services) as we:
+ for name in request.names:
+ api_permission_sets.append(self._GetPermissionSet(mc.cnxn, we, name))
+
+ return permissions_pb2.BatchGetPermissionSetsResponse(
+ permission_sets=api_permission_sets)
+
+ def _GetPermissionSet(self, cnxn, we, name):
+ # type: (sql.MonorailConnection, businesslogic.WorkEnv, str) ->
+ # permission_objects_pb2.PermissionSet
+ """Takes a resource name and returns the PermissionSet for the resource.
+
+ Args:
+ cnxn: MonorailConnection object to the database.
+ we: WorkEnv object to get the permission strings.
+ name: resource name of a resource we want a PermissionSet for.
+
+ Returns:
+ PermissionSet object.
+
+ Raises:
+ InputException: if request.name is not a valid resource name or a
+ permission string is not recognized.
+ PermissionException: if the requester does not have permission to
+ view the resource.
+ """
+ try:
+ hotlist_id = rnc.IngestHotlistName(name)
+ permissions = we.ListHotlistPermissions(hotlist_id)
+ api_permissions = pc.ConvertHotlistPermissions(permissions)
+ return permission_objects_pb2.PermissionSet(
+ resource=name, permissions=api_permissions)
+ except exceptions.InputException:
+ pass
+ try:
+ project_id, field_id = rnc.IngestFieldDefName(cnxn, name, self.services)
+ permissions = we.ListFieldDefPermissions(field_id, project_id)
+ api_permissions = pc.ConvertFieldDefPermissions(permissions)
+ return permission_objects_pb2.PermissionSet(
+ resource=name, permissions=api_permissions)
+ except exceptions.InputException:
+ pass
+ # TODO(crbug/monorail/7339): Add more try-except blocks for other
+ # resource types.
+ raise exceptions.InputException('invalid resource name')