1 changed files with 92 additions and 0 deletions
@ -0,0 +1,92 @@ |
|||
#!/usr/bin/python |
|||
# -*- coding: utf-8 -*- |
|||
# |
|||
# folderauth.py |
|||
# |
|||
# |
|||
# sets the authorizations of folders |
|||
# current authorizations are not removed, only new ones are added and existing |
|||
# rules might be updated |
|||
# |
|||
# CSV-Format |
|||
# Column 1 is the full path to the folder |
|||
# Column 2 is the principal type |
|||
# Column 3 is the principal id |
|||
# Column 4 is the access setting (read, full) |
|||
|
|||
|
|||
import argparse |
|||
import csv |
|||
import os |
|||
import json |
|||
import subprocess |
|||
import sys |
|||
from sharedfunctions import callrestapi, getfolderid, file_accessible |
|||
|
|||
|
|||
def addRule(data): |
|||
|
|||
if debug: print("Rule data: "+str(data)) |
|||
rst = callrestapi('authorization/rules','post',data=data,returnResponse=True) |
|||
|
|||
if rst.status_code==201: |
|||
print(" done") |
|||
|
|||
elif rst.status_code==400 and json.loads(rst.text)['errorCode']==1177: |
|||
print(" rule already exists, skiping") |
|||
|
|||
elif (400 <= rst.status_code <=599): |
|||
print("http response code: "+ str(rst.status_code)) |
|||
print("ret.text: "+rst.text) |
|||
sys.exit() |
|||
|
|||
|
|||
|
|||
parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents") |
|||
parser.add_argument("-f","--file", help="Full path to CSV file.",required='True') |
|||
parser.add_argument("-d","--debug", help="Turn debug on", action='store_true', default=False) |
|||
|
|||
args = parser.parse_args() |
|||
file=args.file |
|||
debug=args.debug |
|||
|
|||
if not file_accessible(file,'r'): |
|||
print("Can not open file.") |
|||
sys.exit(1) |
|||
|
|||
with open(file, 'rt') as f: |
|||
filecontents = csv.reader(f) |
|||
for row in filecontents: |
|||
print("Adding rule: "+str(row)) |
|||
folderpath=row[0] |
|||
principaltype=row[1] |
|||
principalname=row[2] |
|||
accesscontrol=row[3] |
|||
|
|||
folderid=getfolderid(folderpath) |
|||
folderuri=folderid[0] |
|||
|
|||
if accesscontrol=="full": |
|||
permissions = ["create","read","update","delete","secure","add","remove"] |
|||
elif accesscontrol=="read": |
|||
permissions = ["read"] |
|||
else: |
|||
print("Unkown access control: "+accesscontrol) |
|||
|
|||
data = { |
|||
'type': 'grant', |
|||
'objectUri': '/folders/folders/'+folderuri, |
|||
'principalType': principaltype, |
|||
'principal': principalname, |
|||
'permissions': permissions |
|||
} |
|||
addRule(data) |
|||
|
|||
data = { |
|||
'type': 'grant', |
|||
'containerUri': '/folders/folders/'+folderuri, |
|||
'principalType': principaltype, |
|||
'principal': principalname, |
|||
'permissions': permissions |
|||
} |
|||
addRule(data) |
|||
Loading…
Reference in new issue