@@ -423,55 +423,36 @@ def edit_permissions(self, data):
423423 }]
424424
425425 """
426- with db .session .begin_nested ():
427- for obj in data :
428- if obj ['type' ] == 'user' :
429- try :
430- user = get_existing_or_register_user (obj ['email' ])
431- except DoesNotExistInLDAP :
432- raise UpdateDepositPermissionsError (
433- 'User with this mail does not exist in LDAP.' )
434-
435- if obj ['op' ] == 'add' :
436- try :
437- self ._add_user_permissions (user , [obj ['action' ]],
438- db .session )
439- except IntegrityError :
440- raise UpdateDepositPermissionsError (
441- 'Permission already exist.' )
442-
443- elif obj ['op' ] == 'remove' :
444- try :
445- self ._remove_user_permissions (
446- user , [obj ['action' ]], db .session )
447- except NoResultFound :
448- raise UpdateDepositPermissionsError (
449- 'Permission does not exist.' )
450-
451- elif obj ['type' ] == 'egroup' :
452- try :
453- role = get_existing_or_register_role (obj ['email' ])
454- except DoesNotExistInLDAP :
455- raise UpdateDepositPermissionsError (
456- 'Egroup with this mail does not exist in LDAP.' )
457-
458- if obj ['op' ] == 'add' :
459- try :
460- self ._add_egroup_permissions (
461- role , [obj ['action' ]], db .session )
462- except IntegrityError :
463- raise UpdateDepositPermissionsError (
464- 'Permission already exist.' )
465- elif obj ['op' ] == 'remove' :
466- try :
467- self ._remove_egroup_permissions (
468- role , [obj ['action' ]], db .session )
469- except NoResultFound :
470- raise UpdateDepositPermissionsError (
471- 'Permission does not exist.' )
426+ for obj in data :
427+ if obj ['type' ] == 'user' :
428+ try :
429+ user = get_existing_or_register_user (obj ['email' ])
430+ except DoesNotExistInLDAP :
431+ raise UpdateDepositPermissionsError (
432+ 'User with this mail does not exist in LDAP.' )
433+
434+ if obj ['op' ] == 'add' :
435+ self ._add_user_permissions (
436+ user , [obj ['action' ]], db .session )
437+ elif obj ['op' ] == 'remove' :
438+ self ._remove_user_permissions (
439+ user , [obj ['action' ]], db .session )
440+
441+ elif obj ['type' ] == 'egroup' :
442+ try :
443+ role = get_existing_or_register_role (obj ['email' ])
444+ except DoesNotExistInLDAP :
445+ raise UpdateDepositPermissionsError (
446+ 'Egroup with this mail does not exist in LDAP.' )
447+
448+ if obj ['op' ] == 'add' :
449+ self ._add_egroup_permissions (
450+ role , [obj ['action' ]], db .session )
451+ elif obj ['op' ] == 'remove' :
452+ self ._remove_egroup_permissions (
453+ role , [obj ['action' ]], db .session )
472454
473455 self .commit ()
474-
475456 return self
476457
477458 @preserve (result = False , fields = PRESERVE_FIELDS )
@@ -500,45 +481,65 @@ def commit(self, *args, **kwargs):
500481 def _add_user_permissions (self , user , permissions , session ):
501482 """Adds permissions for user for this deposit."""
502483 for permission in permissions :
503- session .add (
504- ActionUsers .allow (DEPOSIT_ACTIONS_NEEDS (self .id )[permission ],
505- user = user ))
506-
507- session .flush ()
508-
509- self ['_access' ][permission ]['users' ].append (user .id )
484+ try :
485+ session .add (
486+ ActionUsers .allow (
487+ DEPOSIT_ACTIONS_NEEDS (self .id )[permission ],
488+ user = user )
489+ )
490+ session .flush ()
491+ except IntegrityError :
492+ session .rollback ()
493+
494+ if user .id not in self ['_access' ][permission ]['users' ]:
495+ self ['_access' ][permission ]['users' ].append (user .id )
510496
511497 def _remove_user_permissions (self , user , permissions , session ):
512498 """Remove permissions for user for this deposit."""
513499 for permission in permissions :
514- session .delete (
515- ActionUsers .query .filter (ActionUsers .action == permission ,
516- ActionUsers .argument == str (self .id ),
517- ActionUsers .user_id == user .id ).one ())
518- session .flush ()
500+ try :
501+ session .delete (
502+ ActionUsers .query .filter (
503+ ActionUsers .action == permission ,
504+ ActionUsers .argument == str (self .id ),
505+ ActionUsers .user_id == user .id ).one ()
506+ )
507+ session .flush ()
508+ except NoResultFound :
509+ session .rollback ()
519510
520- self ['_access' ][permission ]['users' ].remove (user .id )
511+ if user .id in self ['_access' ][permission ]['users' ]:
512+ self ['_access' ][permission ]['users' ].remove (user .id )
521513
522514 def _add_egroup_permissions (self , egroup , permissions , session ):
523515 for permission in permissions :
524- session .add (
525- ActionRoles .allow (DEPOSIT_ACTIONS_NEEDS (self .id )[permission ],
526- role = egroup ))
527- session .flush ()
516+ try :
517+ session .add (
518+ ActionRoles .allow (
519+ DEPOSIT_ACTIONS_NEEDS (self .id )[permission ],
520+ role = egroup )
521+ )
522+ session .flush ()
523+ except IntegrityError :
524+ session .rollback ()
528525
529526 if egroup .id not in self ['_access' ][permission ]['roles' ]:
530527 self ['_access' ][permission ]['roles' ].append (egroup .id )
531528
532529 def _remove_egroup_permissions (self , egroup , permissions , session ):
533530 for permission in permissions :
534- session .delete (
535- ActionRoles .query .filter (
536- ActionRoles .action == permission ,
537- ActionRoles .argument == str (self .id ),
538- ActionRoles .role_id == egroup .id ).one ())
539- session .flush ()
540-
541- self ['_access' ][permission ]['roles' ].remove (egroup .id )
531+ try :
532+ session .delete (
533+ ActionRoles .query .filter (
534+ ActionRoles .action == permission ,
535+ ActionRoles .argument == str (self .id ),
536+ ActionRoles .role_id == egroup .id ).one ())
537+ session .flush ()
538+ except NoResultFound :
539+ session .rollback ()
540+
541+ if egroup .id in self ['_access' ][permission ]['roles' ]:
542+ self ['_access' ][permission ]['roles' ].remove (egroup .id )
542543
543544 def _add_experiment_permissions (self , experiment , permissions ):
544545 """Add read permissions to everybody assigned to experiment."""
0 commit comments