2727 else os .getenv ("COMPARE_AND_CONFIRM" , "false" ).lower () == "true"
2828)
2929
30+ currently_supported_access_controls = [
31+ AccessControls .ALLOW_ALL_TYPES ,
32+ AccessControls .ALLOW_OVERRIDE_CREATION_DATETIME ,
33+ AccessControls .ALLOW_SUPERSEDE_WITH_DELETE_FAILURE ,
34+ ]
35+
36+
3037print (f"Using NRL environment: { nrl_env } )
3138print (f"Using NRL auth bucket: { nrl_auth_bucket_name } )
3239print (f"Compare and confirm mode: { COMPARE_AND_CONFIRM } )
@@ -162,11 +169,6 @@ def list_available_access_controls() -> None:
162169 """
163170 print ("The following access controls can be assigned:" )
164171
165- currently_supported_access_controls = [
166- AccessControls .ALLOW_ALL_TYPES ,
167- AccessControls .ALLOW_OVERRIDE_CREATION_DATETIME ,
168- AccessControls .ALLOW_SUPERSEDE_WITH_DELETE_FAILURE ,
169- ]
170172 for control in currently_supported_access_controls :
171173 print (f"- { control } )
172174
@@ -269,6 +271,47 @@ def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
269271 # )
270272
271273
274+ def _save_pointer_types (
275+ lookup_path : str ,
276+ current_perms : dict ,
277+ proposed_pointer_types : list ,
278+ supplier_type : SupplierType ,
279+ app_id : str ,
280+ org_ods ,
281+ ) -> None :
282+ print ()
283+ _print_perm_with_lookup (
284+ "proposed pointer types" , proposed_pointer_types , TYPE_ATTRIBUTES
285+ )
286+
287+ if COMPARE_AND_CONFIRM :
288+ print ()
289+ confirm = (
290+ input ("Do you want to proceed with these changes? (yes/NO): " )
291+ .strip ()
292+ .lower ()
293+ )
294+ if confirm != "yes" :
295+ print ("Operation cancelled at user request." )
296+ return
297+
298+ current_perms ["types" ] = proposed_pointer_types
299+
300+ s3 = _get_s3_client ()
301+ s3 .put_object (
302+ Bucket = nrl_auth_bucket_name ,
303+ Key = lookup_path ,
304+ Body = json .dumps (current_perms , indent = 4 ),
305+ ContentType = "application/json" ,
306+ )
307+
308+ print ()
309+ print (f"Set permissions for { lookup_path } )
310+
311+ print ()
312+ show_perms (supplier_type , app_id , org_ods )
313+
314+
272315def add_pointer_type_perms (
273316 supplier_type : SupplierType , app_id : str , org_ods = None , * pointer_types_to_add : str
274317) -> None :
@@ -279,7 +322,6 @@ def add_pointer_type_perms(
279322
280323 TODO:
281324 highlight new additions in proposed pointer types list e.g. [NEW]
282- don't create at app level if ODS level present & backwards too? - hmm maybe too fancy
283325 """
284326 if supplier_type .lower () not in SupplierType .list () or not app_id :
285327 print ("Usage: add pointer type permissions for a given organisation or app" )
@@ -290,9 +332,7 @@ def add_pointer_type_perms(
290332 return
291333
292334 if not pointer_types_to_add :
293- print (
294- "No pointer types provided. Please specify at least one pointer type or use clear_perms command."
295- )
335+ print ("No pointer types provided. Please specify at least one pointer type." )
296336 return
297337
298338 if org_ods :
@@ -332,11 +372,91 @@ def add_pointer_type_perms(
332372 return
333373
334374 proposed_pointer_types = current_pointer_types + list (pointer_types_to_add )
335- print ()
336- _print_perm_with_lookup (
337- "proposed pointer types" , proposed_pointer_types , TYPE_ATTRIBUTES
375+ _save_pointer_types (
376+ lookup_path ,
377+ current_perms ,
378+ proposed_pointer_types ,
379+ supplier_type ,
380+ app_id ,
381+ org_ods ,
338382 )
339383
384+
385+ def add_access_control_perms (
386+ supplier_type : SupplierType , app_id : str , org_ods = None , * access_controls_to_add : str
387+ ) -> None :
388+ """
389+ Add permissions for a given list of access controls to an app or org.
390+
391+ Specify access_controls = all to add a list of all (current) access controls.
392+
393+ TODO:
394+ highlight new additions in proposed access controls list e.g. [NEW]
395+ """
396+ if supplier_type .lower () not in SupplierType .list () or not app_id :
397+ print ("Usage: add access control permissions for a given organisation or app" )
398+ print (
399+ " add_access_control_perms consumer <app_id> <org_ods> <access_controls>"
400+ )
401+ print (
402+ " add_access_control_perms producer <app_id> <org_ods> <access_controls>"
403+ )
404+ print (" add_access_control_perms consumer <app_id> <access_controls>" )
405+ print (" add_access_control_perms producer <app_id> <access_controls>" )
406+ return
407+
408+ if not access_controls_to_add :
409+ print (
410+ "No access controls provided. Please specify at least one access control."
411+ )
412+ return
413+
414+ if org_ods :
415+ lookup_path = f"{ supplier_type } { app_id } { org_ods }
416+ else :
417+ lookup_path = f"{ supplier_type } { app_id }
418+
419+ unknown_access_controls = [
420+ pt
421+ for pt in access_controls_to_add
422+ if pt not in currently_supported_access_controls
423+ ]
424+ if unknown_access_controls :
425+ print (
426+ f"Error: Unknown or unsupported access controls provided: { ', ' .join (unknown_access_controls )}
427+ )
428+ print (
429+ f"Error: Unknown or unsupported access controls provided: { ', ' .join (unknown_access_controls )}
430+ )
431+ print ()
432+ return
433+
434+ perms_ugly = _get_perms_from_s3 (lookup_path )
435+ if not perms_ugly :
436+ print (f"Setting up new permissions file..." )
437+ perms_ugly = "{}"
438+
439+ current_perms = json .loads (perms_ugly )
440+ current_access_controls : list = current_perms .get ("access_controls" , [])
441+
442+ already_added_access_controls = list (
443+ new_access_control
444+ for new_access_control in access_controls_to_add
445+ if new_access_control in current_access_controls
446+ )
447+ if len (already_added_access_controls ):
448+ print (
449+ f"Error: Unable to add access controls. These access controls are already assigned to { lookup_path }
450+ )
451+ _print_perm ("" , already_added_access_controls )
452+ print ()
453+ return
454+
455+ proposed_access_controls = current_access_controls + list (access_controls_to_add )
456+
457+ print ()
458+ _print_perm ("proposed access controls" , proposed_access_controls )
459+
340460 if COMPARE_AND_CONFIRM :
341461 print ()
342462 confirm = (
@@ -348,7 +468,7 @@ def add_pointer_type_perms(
348468 print ("Operation cancelled at user request." )
349469 return
350470
351- current_perms ["types " ] = proposed_pointer_types
471+ current_perms ["access_controls " ] = proposed_access_controls
352472
353473 s3 = _get_s3_client ()
354474 s3 .put_object (
@@ -425,38 +545,15 @@ def remove_pointer_type_perms(
425545 for current_pointer_type in current_pointer_types
426546 if current_pointer_type not in pointer_types_to_remove
427547 ]
428- print ()
429- _print_perm_with_lookup (
430- "proposed pointer types" , proposed_pointer_types , TYPE_ATTRIBUTES
431- )
432-
433- if COMPARE_AND_CONFIRM :
434- print ()
435- confirm = (
436- input ("Do you want to proceed with these changes? (yes/NO): " )
437- .strip ()
438- .lower ()
439- )
440- if confirm != "yes" :
441- print ("Operation cancelled at user request." )
442- return
443-
444- current_perms ["types" ] = proposed_pointer_types
445-
446- s3 = _get_s3_client ()
447- s3 .put_object (
448- Bucket = nrl_auth_bucket_name ,
449- Key = lookup_path ,
450- Body = json .dumps (current_perms , indent = 4 ),
451- ContentType = "application/json" ,
548+ _save_pointer_types (
549+ lookup_path ,
550+ current_perms ,
551+ proposed_pointer_types ,
552+ supplier_type ,
553+ app_id ,
554+ org_ods ,
452555 )
453556
454- print ()
455- print (f"Set permissions for { lookup_path } )
456-
457- print ()
458- show_perms (supplier_type , app_id , org_ods )
459-
460557
461558def clear_perms (supplier_type : SupplierType , app_id : str , org_ods = None ) -> None :
462559 """
@@ -520,6 +617,7 @@ def clear_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
520617 "list_available_access_controls" : list_available_access_controls ,
521618 "show_perms" : show_perms ,
522619 "add_pointer_type_to_perms" : add_pointer_type_perms ,
620+ "add_access_control_to_perms" : add_access_control_perms ,
523621 "remove_pointer_type_perms" : remove_pointer_type_perms ,
524622 "clear_perms" : clear_perms ,
525623 # "help": help,
0 commit comments