| Copybara | 854996b | 2021-09-07 19:36:02 +0000 | [diff] [blame] | 1 | # Copyright 2020 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style |
| 3 | # license that can be found in the LICENSE file. |
| 4 | |
| 5 | from __future__ import print_function |
| 6 | from __future__ import division |
| 7 | from __future__ import absolute_import |
| 8 | |
| 9 | from google.protobuf import empty_pb2 |
| 10 | |
| 11 | from api import resource_name_converters as rnc |
| 12 | from api.v3 import permission_converters as pc |
| 13 | from api.v3 import monorail_servicer |
| 14 | from api.v3.api_proto import permission_objects_pb2 |
| 15 | from api.v3.api_proto import permissions_pb2 |
| 16 | from api.v3.api_proto import permissions_prpc_pb2 |
| 17 | from businesslogic import work_env |
| 18 | from framework import exceptions |
| 19 | |
| 20 | |
| 21 | class PermissionsServicer(monorail_servicer.MonorailServicer): |
| 22 | """Handle API requests related to Permissions. |
| 23 | Each API request is implemented with a method as defined in the |
| 24 | .proto file. Each method does any request-specific validation, uses work_env |
| 25 | to safely operate on business objects, and returns a response proto. |
| 26 | """ |
| 27 | |
| 28 | DESCRIPTION = permissions_prpc_pb2.PermissionsServiceDescription |
| 29 | |
| 30 | @monorail_servicer.PRPCMethod |
| 31 | def BatchGetPermissionSets(self, mc, request): |
| 32 | # type: (MonorailContext, BatchGetPermissionSetsRequest) -> |
| 33 | # BatchGetPermissionSetsResponse |
| 34 | """pRPC API method that implements BatchGetPermissionSets. |
| 35 | |
| 36 | Raises: |
| 37 | InputException: if any name in request.names is not a valid resource name |
| 38 | or a permission string is not recognized. |
| 39 | PermissionException: if the requester does not have permission to |
| 40 | view one of the resources. |
| 41 | """ |
| 42 | api_permission_sets = [] |
| 43 | with work_env.WorkEnv(mc, self.services) as we: |
| 44 | for name in request.names: |
| 45 | api_permission_sets.append(self._GetPermissionSet(mc.cnxn, we, name)) |
| 46 | |
| 47 | return permissions_pb2.BatchGetPermissionSetsResponse( |
| 48 | permission_sets=api_permission_sets) |
| 49 | |
| 50 | def _GetPermissionSet(self, cnxn, we, name): |
| 51 | # type: (sql.MonorailConnection, businesslogic.WorkEnv, str) -> |
| 52 | # permission_objects_pb2.PermissionSet |
| 53 | """Takes a resource name and returns the PermissionSet for the resource. |
| 54 | |
| 55 | Args: |
| 56 | cnxn: MonorailConnection object to the database. |
| 57 | we: WorkEnv object to get the permission strings. |
| 58 | name: resource name of a resource we want a PermissionSet for. |
| 59 | |
| 60 | Returns: |
| 61 | PermissionSet object. |
| 62 | |
| 63 | Raises: |
| 64 | InputException: if request.name is not a valid resource name or a |
| 65 | permission string is not recognized. |
| 66 | PermissionException: if the requester does not have permission to |
| 67 | view the resource. |
| 68 | """ |
| 69 | try: |
| 70 | hotlist_id = rnc.IngestHotlistName(name) |
| 71 | permissions = we.ListHotlistPermissions(hotlist_id) |
| 72 | api_permissions = pc.ConvertHotlistPermissions(permissions) |
| 73 | return permission_objects_pb2.PermissionSet( |
| 74 | resource=name, permissions=api_permissions) |
| 75 | except exceptions.InputException: |
| 76 | pass |
| 77 | try: |
| 78 | project_id, field_id = rnc.IngestFieldDefName(cnxn, name, self.services) |
| 79 | permissions = we.ListFieldDefPermissions(field_id, project_id) |
| 80 | api_permissions = pc.ConvertFieldDefPermissions(permissions) |
| 81 | return permission_objects_pb2.PermissionSet( |
| 82 | resource=name, permissions=api_permissions) |
| 83 | except exceptions.InputException: |
| 84 | pass |
| 85 | # TODO(crbug/monorail/7339): Add more try-except blocks for other |
| 86 | # resource types. |
| 87 | raise exceptions.InputException('invalid resource name') |