adding permissions support for workbook, datasource, project

* _PermissionsEndpoint to be used inside Endpoint that has the calls * Added a couple of classes related to permissions, followed naming convention of API

Author: DepthDeluxe

tableauserverclient/__init__.py

@@ -3,7 +3,7 @@
  GroupItem, JobItem, PaginationItem, ProjectItem, ScheduleItem, \
  SiteItem, TableauAuth, UserItem, ViewItem, WorkbookItem, UnpopulatedPropertyError, \
  HourlyInterval, DailyInterval, WeeklyInterval, MonthlyInterval, IntervalItem, TaskItem, \
- SubscriptionItem
+ SubscriptionItem, PermissionsItem, Permission, GranteeCapabilityItem
 from .server import RequestOptions, CSVRequestOptions, ImageRequestOptions, PDFRequestOptions, Filter, Sort, \
  Server, ServerResponseError, MissingRequiredFieldError, NotSignedInError, Pager
 from ._version import get_versions

tableauserverclient/models/__init__.py

@@ -16,3 +16,4 @@
 from .view_item import ViewItem
 from .workbook_item import WorkbookItem
 from .subscription_item import SubscriptionItem
+from .permissions_item import Permission, PermissionsItem, GranteeCapabilityItem

tableauserverclient/models/datasource_item.py

@@ -23,13 +23,22 @@ def __init__(self, project_id, name=None):
  self.project_id = project_id
  self.tags = set()
 
+ self._permissions = None
+
  @property
  def connections(self):
  if self._connections is None:
  error = 'Datasource item must be populated with connections first.'
  raise UnpopulatedPropertyError(error)
  return self._connections()
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Project item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @property
  def content_url(self):
  return self._content_url
@@ -84,6 +93,9 @@ def updated_at(self):
  def _set_connections(self, connections):
  self._connections = connections
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  def _parse_common_elements(self, datasource_xml, ns):
  if not isinstance(datasource_xml, ET.Element):
  datasource_xml = ET.fromstring(datasource_xml).find('.//t:datasource', namespaces=ns)

tableauserverclient/models/permissions_item.py

@@ -0,0 +1,151 @@
+import xml.etree.ElementTree as ET
+
+
+class ItemWithPermissions(object):
+ pass
+
+
+class Permission:
+ class Type:
+ Datasource = 'datasource'
+ Workbook = 'workbook'
+ Project = 'project'
+
+ class GranteeType:
+ User = 'user'
+ Group = 'group'
+
+ class CapabilityMode:
+ Allow = 'Allow'
+ Deny = 'Deny'
+
+ class DatasourceCapabilityType:
+ ChangePermissions = 'ChangePermissions'
+ Connect = 'Connect'
+ Delete = 'Delete'
+ ExportXml = 'ExportXml'
+ Read = 'Read'
+ Write = 'Write'
+
+ class WorkbookCapabilityType:
+ AddComment = 'AddComment'
+ ChangeHierarchy = 'ChangeHierarchy'
+ ChangePermissions = 'ChangePermissions'
+ Delete = 'Delete'
+ ExportData = 'ExportData'
+ ExportImage = 'ExportImage'
+ ExportXml = 'ExportXml'
+ Filter = 'Filter'
+ Read = 'Read'
+ ShareView = 'ShareView'
+ ViewComments = 'ViewComments'
+ ViewUnderlyingData = 'ViewUnderlyingData'
+ WebAuthoring = 'WebAuthoring'
+ Write = 'Write'
+
+ class ProjectCapabilityType:
+ ProjectLeader = 'ProjectLeader'
+ Read = 'Read'
+ Write = 'Write'
+
+
+class GranteeCapabilityItem(object):
+ def __init__(self, grantee_type=None, grantee_id=None, capabilities=None):
+ self._grantee_type = grantee_type
+ self._grantee_id = grantee_id
+ self._capabilities = capabilities
+
+ def _set_values(self, grantee_type, grantee_id, capabilities):
+ self._grantee_type = grantee_type
+ self._grantee_id = grantee_id
+ self._capabilities = capabilities
+
+ @property
+ def grantee_type(self):
+ return self._grantee_type
+
+ @property
+ def grantee_id(self):
+ return self._grantee_id
+
+ @property
+ def capabilities(self):
+ return self._capabilities
+
+
+class PermissionsItem(object):
+ def __init__(self):
+ self._type = None
+ self._item_id = None
+ self._grantee_capabilities = None
+
+ def _set_values(self, type, item_id, grantee_capabilities):
+ self._type = type
+ self._item_id = item_id
+ self._grantee_capabilities = grantee_capabilities
+
+ @property
+ def type(self):
+ return self._type
+
+ @property
+ def item_id(self):
+ return self._item_id
+
+ @property
+ def grantee_capabilities(self):
+ return self._grantee_capabilities
+
+ @property
+ def is_user_permission(self):
+ return self._user_id is not None
+
+ @property
+ def is_group_permission(self):
+ return self._group_id is not None
+
+ @classmethod
+ def from_response(cls, resp, ns=None):
+ permissions = PermissionsItem()
+ parsed_response = ET.fromstring(resp)
+
+ for option in ('workbook', 'datasource', 'project'):
+ try:
+ item_id = parsed_response.find('.//t:{0}'.format(option), namespaces=ns).get('id')
+ permission_type = option
+ break
+ except AttributeError:
+ pass
+
+ all_xml = parsed_response.findall('.//t:granteeCapabilities', namespaces=ns)
+
+ grantee_capabilities = []
+ for grantee_capability_xml in all_xml:
+ grantee_capability = GranteeCapabilityItem()
+
+ try:
+ grantee_id = grantee_capability_xml.find('.//t:group', namespaces=ns).get('id')
+ grantee_type = Permission.GranteeType.Group
+ except AttributeError:
+ pass
+
+ try:
+ grantee_id = grantee_capability_xml.find('.//t:user', namespaces=ns).get('id')
+ grantee_type = Permission.GranteeType.User
+ except AttributeError:
+ pass
+
+ assert grantee_id is not None
+
+ capabilities = {}
+ for capability_xml in grantee_capability_xml.findall('.//t:capabilities/t:capability', namespaces=ns):
+ name = capability_xml.get('name')
+ mode = capability_xml.get('mode')
+
+ capabilities[name] = mode
+
+ grantee_capability._set_values(grantee_type, grantee_id, capabilities)
+ grantee_capabilities.append(grantee_capability)
+
+ permissions._set_values(permission_type, item_id, grantee_capabilities)
+ return permissions

tableauserverclient/models/project_item.py

@@ -1,5 +1,6 @@
 import xml.etree.ElementTree as ET
 from .property_decorators import property_is_enum, property_not_empty
+from .exceptions import UnpopulatedPropertyError
 
 
 class ProjectItem(object):
@@ -15,10 +16,19 @@ def __init__(self, name, description=None, content_permissions=None, parent_id=N
  self.content_permissions = content_permissions
  self.parent_id = parent_id
 
+ self._permissions = None
+
  @property
  def content_permissions(self):
  return self._content_permissions
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Project item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @content_permissions.setter
  @property_is_enum(ContentPermissions)
  def content_permissions(self, value):
@@ -61,6 +71,9 @@ def _set_values(self, project_id, name, description, content_permissions, parent
  if parent_id:
  self.parent_id = parent_id
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  @classmethod
  def from_response(cls, resp, ns):
  all_project_items = list()

tableauserverclient/models/workbook_item.py

@@ -3,6 +3,7 @@
 from .property_decorators import property_not_nullable, property_is_boolean
 from .tag_item import TagItem
 from .view_item import ViewItem
+from .permissions_item import PermissionsItem
 from ..datetime_helpers import parse_datetime
 import copy
 
@@ -24,6 +25,7 @@ def __init__(self, project_id, name=None, show_tabs=False):
  self.project_id = project_id
  self.show_tabs = show_tabs
  self.tags = set()
+ self._permissions = None
 
  @property
  def connections(self):
@@ -32,6 +34,13 @@ def connections(self):
  raise UnpopulatedPropertyError(error)
  return self._connections()
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Workbook item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @property
  def content_url(self):
  return self._content_url
@@ -101,6 +110,9 @@ def views(self):
  def _set_connections(self, connections):
  self._connections = connections
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  def _set_views(self, views):
  self._views = views
 

tableauserverclient/server/__init__.py

@@ -4,7 +4,7 @@
 from .sort import Sort
 from .. import ConnectionItem, DatasourceItem, JobItem, \
  GroupItem, PaginationItem, ProjectItem, ScheduleItem, SiteItem, TableauAuth,\
- UserItem, ViewItem, WorkbookItem, TaskItem, SubscriptionItem
+ UserItem, ViewItem, WorkbookItem, TaskItem, SubscriptionItem, PermissionsItem
 from .endpoint import Auth, Datasources, Endpoint, Groups, Projects, Schedules, \
  Sites, Users, Views, Workbooks, Subscriptions, ServerResponseError, \
  MissingRequiredFieldError

tableauserverclient/server/endpoint/datasources_endpoint.py

@@ -1,4 +1,5 @@
-from .endpoint import Endpoint, api, parameter_added_in
+from .endpoint import api, parameter_added_in, Endpoint
+from .permissions_endpoint import _PermissionsEndpoint
 from .exceptions import MissingRequiredFieldError
 from .fileuploads_endpoint import Fileuploads
 from .resource_tagger import _ResourceTagger
@@ -24,6 +25,7 @@ class Datasources(Endpoint):
  def __init__(self, parent_srv):
  super(Datasources, self).__init__(parent_srv)
  self._resource_tagger = _ResourceTagger(parent_srv)
+ self._permissions = _PermissionsEndpoint(parent_srv, lambda: self.baseurl)
 
  @property
  def baseurl(self):
@@ -196,3 +198,15 @@ def publish(self, datasource_item, file_path, mode, connection_credentials=None,
  new_datasource = DatasourceItem.from_response(server_response.content, self.parent_srv.namespace)[0]
  logger.info('Published {0} (ID: {1})'.format(filename, new_datasource.id))
  return new_datasource
+
+ @api(version='2.0')
+ def populate_permissions(self, item):
+ self._permissions.populate(item)
+
+ @api(version='2.0')
+ def update_permission(self, item, permission_item):
+ self._permissions.update(item, permission_item)
+
+ @api(version='2.0')
+ def delete_permission(self, item, grantee_capability):
+ self._permissions.delete(item, grantee_capability)

tableauserverclient/server/endpoint/permissions_endpoint.py

@@ -0,0 +1,74 @@
+import logging
+
+from .. import RequestFactory, PermissionsItem
+
+from .endpoint import Endpoint, api
+from .exceptions import MissingRequiredFieldError
+
+
+logger = logging.getLogger(__name__)
+
+
+class _PermissionsEndpoint(Endpoint):
+ ''' Adds permission model to another endpoint
+
+ Tableau permissions model is identical between objects but they are nested under
+ the parent object endpoint (i.e. permissions for workbooks are under
+ /workbooks/:id/permission). This class is meant to be instantated inside a
+ parent endpoint which has these supported endpoints
+ '''
+ def __init__(self, parent_srv, owner_baseurl):
+ super(_PermissionsEndpoint, self).__init__(parent_srv)
+
+ # owner_baseurl is the baseurl of the parent. The MUST be a lambda
+ # since we don't know the full site URL until we sign in. If
+ # populated without, we will get a sign-in error
+ self.owner_baseurl = owner_baseurl
+
+ def update(self, item, permission_item):
+ url = '{0}/{1}/permissions'.format(self.owner_baseurl(), item.id)
+ update_req = RequestFactory.Permission.add_req(permission_item)
+ response = self.put_request(url, update_req)
+ permissions = PermissionsItem.from_response(response.content,
+ self.parent_srv.namespace)
+
+ logger.info('Updated permissions for item {0}'.format(item.id))
+
+ return permissions
+
+ def delete(self, item, grantee_capability):
+ for capability_type in grantee_capability.capabilities:
+ capability_mode = grantee_capability.capabilities[capability_type]
+
+ url = '{0}/{1}/permissions/{2}/{3}/{4}/{5}'.format(
+ self.owner_baseurl(), item.id,
+ grantee_capability.grantee_type + 's',
+ grantee_capability.grantee_id, capability_type,
+ capability_mode)
+
+ logger.debug('Removing {0} permission for capabilty {1}'.format(
+ capability_mode, capability_type))
+
+ self.delete_request(url)
+
+ logger.info('Deleted permission for {0} {1} item {2}'.format(
+ grantee_capability.type,
+ grantee_capability.grantee_id,
+ item.id))
+
+ def populate(self, item):
+ if not item.id:
+ error = "Server item is missing ID. Item must be retrieved from server first."
+ raise MissingRequiredFieldError(error)
+
+ def permission_fetcher():
+ return self._get_permissions(item)
+
+ item._set_permissions(permission_fetcher)
+ logger.info('Populated permissions for item (ID: {0})'.format(item.id))
+
+ def _get_permissions(self, item, req_options=None):
+ url = "{0}/{1}/permissions".format(self.owner_baseurl(), item.id)
+ server_response = self.get_request(url, req_options)
+ permissions = PermissionsItem.from_response(server_response.content, self.parent_srv.namespace)
+ return permissions