You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.5 KiB
92 lines
2.5 KiB
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
# folderauth.py
|
|
#
|
|
#
|
|
# sets the authorizations of folders
|
|
# current authorizations are not removed, only new ones are added and existing
|
|
# rules might be updated
|
|
#
|
|
# CSV-Format
|
|
# Column 1 is the full path to the folder
|
|
# Column 2 is the principal type
|
|
# Column 3 is the principal id
|
|
# Column 4 is the access setting (read, full)
|
|
|
|
|
|
import argparse
|
|
import csv
|
|
import os
|
|
import json
|
|
import subprocess
|
|
import sys
|
|
from sharedfunctions import callrestapi, getfolderid, file_accessible
|
|
|
|
|
|
def addRule(data):
|
|
|
|
if debug: print("Rule data: "+str(data))
|
|
rst = callrestapi('authorization/rules','post',data=data,returnResponse=True)
|
|
|
|
if rst.status_code==201:
|
|
print(" done")
|
|
|
|
elif rst.status_code==400 and json.loads(rst.text)['errorCode']==1177:
|
|
print(" rule already exists, skiping")
|
|
|
|
elif (400 <= rst.status_code <=599):
|
|
print("http response code: "+ str(rst.status_code))
|
|
print("ret.text: "+rst.text)
|
|
sys.exit()
|
|
|
|
|
|
|
|
parser = argparse.ArgumentParser(description="Apply bulk auths from a CSV file to folders and contents")
|
|
parser.add_argument("-f","--file", help="Full path to CSV file.",required='True')
|
|
parser.add_argument("-d","--debug", help="Turn debug on", action='store_true', default=False)
|
|
|
|
args = parser.parse_args()
|
|
file=args.file
|
|
debug=args.debug
|
|
|
|
if not file_accessible(file,'r'):
|
|
print("Can not open file.")
|
|
sys.exit(1)
|
|
|
|
with open(file, 'rt') as f:
|
|
filecontents = csv.reader(f)
|
|
for row in filecontents:
|
|
print("Adding rule: "+str(row))
|
|
folderpath=row[0]
|
|
principaltype=row[1]
|
|
principalname=row[2]
|
|
accesscontrol=row[3]
|
|
|
|
folderid=getfolderid(folderpath)
|
|
folderuri=folderid[0]
|
|
|
|
if accesscontrol=="full":
|
|
permissions = ["create","read","update","delete","secure","add","remove"]
|
|
elif accesscontrol=="read":
|
|
permissions = ["read"]
|
|
else:
|
|
print("Unkown access control: "+accesscontrol)
|
|
|
|
data = {
|
|
'type': 'grant',
|
|
'objectUri': '/folders/folders/'+folderuri,
|
|
'principalType': principaltype,
|
|
'principal': principalname,
|
|
'permissions': permissions
|
|
}
|
|
addRule(data)
|
|
|
|
data = {
|
|
'type': 'grant',
|
|
'containerUri': '/folders/folders/'+folderuri,
|
|
'principalType': principaltype,
|
|
'principal': principalname,
|
|
'permissions': permissions
|
|
}
|
|
addRule(data)
|
|
|