blob: d544478f02c22ed0d8d42d4a26a0bddf3d1d08de [file] [log] [blame]
Copybara854996b2021-09-07 19:36:02 +00001# Copyright 2020 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style
3# license that can be found in the LICENSE file.
4
5from __future__ import print_function
6from __future__ import division
7from __future__ import absolute_import
8
9from google.protobuf import empty_pb2
10
11from api import resource_name_converters as rnc
12from api.v3 import permission_converters as pc
13from api.v3 import monorail_servicer
14from api.v3.api_proto import permission_objects_pb2
15from api.v3.api_proto import permissions_pb2
16from api.v3.api_proto import permissions_prpc_pb2
17from businesslogic import work_env
18from framework import exceptions
19
20
21class PermissionsServicer(monorail_servicer.MonorailServicer):
22 """Handle API requests related to Permissions.
23 Each API request is implemented with a method as defined in the
24 .proto file. Each method does any request-specific validation, uses work_env
25 to safely operate on business objects, and returns a response proto.
26 """
27
28 DESCRIPTION = permissions_prpc_pb2.PermissionsServiceDescription
29
30 @monorail_servicer.PRPCMethod
31 def BatchGetPermissionSets(self, mc, request):
32 # type: (MonorailContext, BatchGetPermissionSetsRequest) ->
33 # BatchGetPermissionSetsResponse
34 """pRPC API method that implements BatchGetPermissionSets.
35
36 Raises:
37 InputException: if any name in request.names is not a valid resource name
38 or a permission string is not recognized.
39 PermissionException: if the requester does not have permission to
40 view one of the resources.
41 """
42 api_permission_sets = []
43 with work_env.WorkEnv(mc, self.services) as we:
44 for name in request.names:
45 api_permission_sets.append(self._GetPermissionSet(mc.cnxn, we, name))
46
47 return permissions_pb2.BatchGetPermissionSetsResponse(
48 permission_sets=api_permission_sets)
49
50 def _GetPermissionSet(self, cnxn, we, name):
51 # type: (sql.MonorailConnection, businesslogic.WorkEnv, str) ->
52 # permission_objects_pb2.PermissionSet
53 """Takes a resource name and returns the PermissionSet for the resource.
54
55 Args:
56 cnxn: MonorailConnection object to the database.
57 we: WorkEnv object to get the permission strings.
58 name: resource name of a resource we want a PermissionSet for.
59
60 Returns:
61 PermissionSet object.
62
63 Raises:
64 InputException: if request.name is not a valid resource name or a
65 permission string is not recognized.
66 PermissionException: if the requester does not have permission to
67 view the resource.
68 """
69 try:
70 hotlist_id = rnc.IngestHotlistName(name)
71 permissions = we.ListHotlistPermissions(hotlist_id)
72 api_permissions = pc.ConvertHotlistPermissions(permissions)
73 return permission_objects_pb2.PermissionSet(
74 resource=name, permissions=api_permissions)
75 except exceptions.InputException:
76 pass
77 try:
78 project_id, field_id = rnc.IngestFieldDefName(cnxn, name, self.services)
79 permissions = we.ListFieldDefPermissions(field_id, project_id)
80 api_permissions = pc.ConvertFieldDefPermissions(permissions)
81 return permission_objects_pb2.PermissionSet(
82 resource=name, permissions=api_permissions)
83 except exceptions.InputException:
84 pass
85 # TODO(crbug/monorail/7339): Add more try-except blocks for other
86 # resource types.
87 raise exceptions.InputException('invalid resource name')