blob: d544478f02c22ed0d8d42d4a26a0bddf3d1d08de [file] [log] [blame]
# Copyright 2020 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import
from google.protobuf import empty_pb2
from api import resource_name_converters as rnc
from api.v3 import permission_converters as pc
from api.v3 import monorail_servicer
from api.v3.api_proto import permission_objects_pb2
from api.v3.api_proto import permissions_pb2
from api.v3.api_proto import permissions_prpc_pb2
from businesslogic import work_env
from framework import exceptions
class PermissionsServicer(monorail_servicer.MonorailServicer):
"""Handle API requests related to Permissions.
Each API request is implemented with a method as defined in the
.proto file. Each method does any request-specific validation, uses work_env
to safely operate on business objects, and returns a response proto.
"""
DESCRIPTION = permissions_prpc_pb2.PermissionsServiceDescription
@monorail_servicer.PRPCMethod
def BatchGetPermissionSets(self, mc, request):
# type: (MonorailContext, BatchGetPermissionSetsRequest) ->
# BatchGetPermissionSetsResponse
"""pRPC API method that implements BatchGetPermissionSets.
Raises:
InputException: if any name in request.names is not a valid resource name
or a permission string is not recognized.
PermissionException: if the requester does not have permission to
view one of the resources.
"""
api_permission_sets = []
with work_env.WorkEnv(mc, self.services) as we:
for name in request.names:
api_permission_sets.append(self._GetPermissionSet(mc.cnxn, we, name))
return permissions_pb2.BatchGetPermissionSetsResponse(
permission_sets=api_permission_sets)
def _GetPermissionSet(self, cnxn, we, name):
# type: (sql.MonorailConnection, businesslogic.WorkEnv, str) ->
# permission_objects_pb2.PermissionSet
"""Takes a resource name and returns the PermissionSet for the resource.
Args:
cnxn: MonorailConnection object to the database.
we: WorkEnv object to get the permission strings.
name: resource name of a resource we want a PermissionSet for.
Returns:
PermissionSet object.
Raises:
InputException: if request.name is not a valid resource name or a
permission string is not recognized.
PermissionException: if the requester does not have permission to
view the resource.
"""
try:
hotlist_id = rnc.IngestHotlistName(name)
permissions = we.ListHotlistPermissions(hotlist_id)
api_permissions = pc.ConvertHotlistPermissions(permissions)
return permission_objects_pb2.PermissionSet(
resource=name, permissions=api_permissions)
except exceptions.InputException:
pass
try:
project_id, field_id = rnc.IngestFieldDefName(cnxn, name, self.services)
permissions = we.ListFieldDefPermissions(field_id, project_id)
api_permissions = pc.ConvertFieldDefPermissions(permissions)
return permission_objects_pb2.PermissionSet(
resource=name, permissions=api_permissions)
except exceptions.InputException:
pass
# TODO(crbug/monorail/7339): Add more try-except blocks for other
# resource types.
raise exceptions.InputException('invalid resource name')