11#!/usr/bin/env python
22"""
3- Manage app ans organisation v2 permissions for NRLF apps in a given environment ENV
3+ Manage app and organisation v2 permissions for NRLF apps in a given environment ENV
4+
5+ ```sh
6+ ENV=dev \
7+ \
8+
9+ ```
410"""
511import json
612import os
1521nrl_auth_bucket_name = os .getenv (
1622 "NRL_AUTH_BUCKET_NAME" , f"nhsd-nrlf--{ nrl_env }
1723)
18-
1924COMPARE_AND_CONFIRM = (
2025 True
2126 if nrl_env == "prod"
@@ -236,29 +241,82 @@ def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
236241 "pointer type" , perms_pretty .get ("types" , []), TYPE_ATTRIBUTES
237242 )
238243
239- _print_perm_with_lookup (
240- "pointer categories" , perms_pretty .get ("categories" , []), CATEGORY_ATTRIBUTES
241- )
244+ # _print_perm_with_lookup(
245+ # "pointer categories", perms_pretty.get("categories", []), CATEGORY_ATTRIBUTES
246+ # )
242247
243248 _print_perm (
244249 "access control" ,
245250 perms_pretty .get ("access_controls" , []),
246251 )
247252
248- _print_perm (
249- "API interaction" ,
250- perms_pretty .get ("interaction" , []),
251- )
253+ # _print_perm(
254+ # "API interaction",
255+ # perms_pretty.get("interaction", []),
256+ # )
252257
253- _print_perm (
254- "Produce for authors" ,
255- perms_pretty .get ("produce_for_authors" , []),
256- )
258+ # _print_perm(
259+ # "Produce for authors",
260+ # perms_pretty.get("produce_for_authors", []),
261+ # )
257262
258- _print_perm (
259- "Produce for custodians" ,
260- perms_pretty .get ("produce_for_custodians" , []),
263+ # _print_perm(
264+ # "Produce for custodians",
265+ # perms_pretty.get("produce_for_custodians", []),
266+ # )
267+
268+
269+ def clear_perms (supplier_type , app_id : str , org_ods = None ) -> None :
270+ """
271+ Clear permissions for an application or organization.
272+ This will remove all permissions for the specified app and org.
273+
274+ COMPARE_AND_CONFIRM=true \
275+
276+ """
277+ if supplier_type .lower () not in SupplierType .list () or not app_id :
278+ print ("Usage: clear permissions for a given organisation or app" )
279+ print (" clear_perms consumer <app_id> <org_ods>" )
280+ print (" clear_perms producer <app_id> <org_ods>" )
281+ print (" clear_perms consumer <app_id>" )
282+ print (" clear_perms producer <app_id>" )
283+ return
284+
285+ if org_ods :
286+ lookup_path = f"{ supplier_type } { app_id } { org_ods }
287+ else :
288+ lookup_path = f"{ supplier_type } { app_id }
289+
290+ if COMPARE_AND_CONFIRM :
291+ current_perms = _get_perms_from_s3 (lookup_path )
292+ if not current_perms or current_perms == "{}" :
293+ print (
294+ f"No need to clear permissions for { lookup_path }
295+ )
296+ return
297+
298+ print ()
299+ print (f"Current permissions for { lookup_path } )
300+ print (current_perms )
301+
302+ print ()
303+ confirm = (
304+ input ("Are you SURE you want to clear these permissions? (yes/NO): " )
305+ .strip ()
306+ .lower ()
307+ )
308+ if confirm != "yes" :
309+ print ("Operation cancelled at user request." )
310+ return
311+
312+ s3 = _get_s3_client ()
313+ s3 .put_object (
314+ Bucket = nrl_auth_bucket_name ,
315+ Key = lookup_path ,
316+ Body = "{}" ,
317+ ContentType = "application/json" ,
261318 )
319+ print (f"Cleared permissions for { lookup_path } )
262320
263321
264322if __name__ == "__main__" :
@@ -270,6 +328,7 @@ def show_perms(supplier_type: SupplierType, app_id: str, org_ods=None) -> None:
270328 "list_available_access_controls" : list_available_access_controls ,
271329 "show_perms" : show_perms ,
272330 # "set_perms": set_perms,
273- # "clear_perms": clear_perms,
331+ "clear_perms" : clear_perms ,
332+ # "help": help,
274333 }
275334 )
0 commit comments