Skip to content

Commit 70e2484

Browse files
NRL-2099 Clear permissions for a given app id or ods code
1 parent b011a89 commit 70e2484

File tree

1 file changed

+76
-17
lines changed

1 file changed

+76
-17
lines changed

scripts/manage_permissions.py

Lines changed: 76 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,12 @@
11
#!/usr/bin/env python
22
"""
3-
Manage app ans organisation v2 permissions for NRLF apps in a given environment ENV
3+
Manage app and organisation v2 permissions for NRLF apps in a given environment ENV
4+
5+
```sh
6+
ENV=dev \
7+
COMPARE_AND_CONFIRM=true \
8+
poetry run python ./scripts/manage_permissions.py <command> <args>
9+
```
410
"""
511
import json
612
import os
@@ -15,7 +21,6 @@
1521
nrl_auth_bucket_name = os.getenv(
1622
"NRL_AUTH_BUCKET_NAME", f"nhsd-nrlf--{nrl_env}-authorization-store"
1723
)
18-
1924
COMPARE_AND_CONFIRM = (
2025
True
2126
if nrl_env == "prod"
@@ -236,29 +241,82 @@ def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
236241
"pointer type", perms_pretty.get("types", []), TYPE_ATTRIBUTES
237242
)
238243

239-
_print_perm_with_lookup(
240-
"pointer categories", perms_pretty.get("categories", []), CATEGORY_ATTRIBUTES
241-
)
244+
# _print_perm_with_lookup(
245+
# "pointer categories", perms_pretty.get("categories", []), CATEGORY_ATTRIBUTES
246+
# )
242247

243248
_print_perm(
244249
"access control",
245250
perms_pretty.get("access_controls", []),
246251
)
247252

248-
_print_perm(
249-
"API interaction",
250-
perms_pretty.get("interaction", []),
251-
)
253+
# _print_perm(
254+
# "API interaction",
255+
# perms_pretty.get("interaction", []),
256+
# )
252257

253-
_print_perm(
254-
"Produce for authors",
255-
perms_pretty.get("produce_for_authors", []),
256-
)
258+
# _print_perm(
259+
# "Produce for authors",
260+
# perms_pretty.get("produce_for_authors", []),
261+
# )
257262

258-
_print_perm(
259-
"Produce for custodians",
260-
perms_pretty.get("produce_for_custodians", []),
263+
# _print_perm(
264+
# "Produce for custodians",
265+
# perms_pretty.get("produce_for_custodians", []),
266+
# )
267+
268+
269+
def clear_perms(supplier_type, app_id: str, org_ods=None) -> None:
270+
"""
271+
Clear permissions for an application or organization.
272+
This will remove all permissions for the specified app and org.
273+
274+
COMPARE_AND_CONFIRM=true \
275+
poetry run python ./scripts/manage_permissions.py clear_perms consumer ANJALI_POSTMAN_APP TEST4
276+
"""
277+
if supplier_type.lower() not in SupplierType.list() or not app_id:
278+
print("Usage: clear permissions for a given organisation or app")
279+
print(" clear_perms consumer <app_id> <org_ods>")
280+
print(" clear_perms producer <app_id> <org_ods>")
281+
print(" clear_perms consumer <app_id>")
282+
print(" clear_perms producer <app_id>")
283+
return
284+
285+
if org_ods:
286+
lookup_path = f"{supplier_type}/{app_id}/{org_ods}.json"
287+
else:
288+
lookup_path = f"{supplier_type}/{app_id}.json"
289+
290+
if COMPARE_AND_CONFIRM:
291+
current_perms = _get_perms_from_s3(lookup_path)
292+
if not current_perms or current_perms == "{}":
293+
print(
294+
f"No need to clear permissions for {lookup_path} as it currently has no permissions set."
295+
)
296+
return
297+
298+
print()
299+
print(f"Current permissions for {lookup_path}:")
300+
print(current_perms)
301+
302+
print()
303+
confirm = (
304+
input("Are you SURE you want to clear these permissions? (yes/NO): ")
305+
.strip()
306+
.lower()
307+
)
308+
if confirm != "yes":
309+
print("Operation cancelled at user request.")
310+
return
311+
312+
s3 = _get_s3_client()
313+
s3.put_object(
314+
Bucket=nrl_auth_bucket_name,
315+
Key=lookup_path,
316+
Body="{}",
317+
ContentType="application/json",
261318
)
319+
print(f"Cleared permissions for {lookup_path}.")
262320

263321

264322
if __name__ == "__main__":
@@ -270,6 +328,7 @@ def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
270328
"list_available_access_controls": list_available_access_controls,
271329
"show_perms": show_perms,
272330
# "set_perms": set_perms,
273-
# "clear_perms": clear_perms,
331+
"clear_perms": clear_perms,
332+
# "help": help,
274333
}
275334
)

0 commit comments

Comments
 (0)