adding permissions support for workbook, datasource, project

* _PermissionsEndpoint to be used inside Endpoint that has the calls * Added a couple of classes related to permissions, followed naming convention of API

Author: DepthDeluxe

tableauserverclient/__init__.py

@@ -3,7 +3,7 @@
  GroupItem, JobItem, PaginationItem, ProjectItem, ScheduleItem, \
  SiteItem, TableauAuth, UserItem, ViewItem, WorkbookItem, UnpopulatedPropertyError, \
  HourlyInterval, DailyInterval, WeeklyInterval, MonthlyInterval, IntervalItem, TaskItem, \
- SubscriptionItem
+ SubscriptionItem, PermissionsItem, Permission, CapabilityItem
 from .server import RequestOptions, CSVRequestOptions, ImageRequestOptions, PDFRequestOptions, Filter, Sort, \
  Server, ServerResponseError, MissingRequiredFieldError, NotSignedInError, Pager
 from ._version import get_versions

tableauserverclient/models/__init__.py

@@ -16,3 +16,4 @@
 from .view_item import ViewItem
 from .workbook_item import WorkbookItem
 from .subscription_item import SubscriptionItem
+from .permissions_item import Permission, PermissionsItem, CapabilityItem

tableauserverclient/models/datasource_item.py

@@ -23,13 +23,22 @@ def __init__(self, project_id, name=None):
  self.project_id = project_id
  self.tags = set()
 
+ self._permissions = None
+
  @property
  def connections(self):
  if self._connections is None:
  error = 'Datasource item must be populated with connections first.'
  raise UnpopulatedPropertyError(error)
  return self._connections()
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Project item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @property
  def content_url(self):
  return self._content_url
@@ -84,6 +93,9 @@ def updated_at(self):
  def _set_connections(self, connections):
  self._connections = connections
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  def _parse_common_elements(self, datasource_xml, ns):
  if not isinstance(datasource_xml, ET.Element):
  datasource_xml = ET.fromstring(datasource_xml).find('.//t:datasource', namespaces=ns)

tableauserverclient/models/exceptions.py

@@ -1,2 +1,6 @@
 class UnpopulatedPropertyError(Exception):
  pass
+
+
+class UnknownGranteeTypeError(Exception):
+ pass

tableauserverclient/models/permissions_item.py

@@ -0,0 +1,120 @@
+import xml.etree.ElementTree as ET
+import logging
+
+from .exceptions import UnknownGranteeTypeError
+
+
+logger = logging.getLogger('tableau.models.permissions_item')
+
+
+class Permission:
+ class GranteeType:
+ User = 'user'
+ Group = 'group'
+
+ class CapabilityMode:
+ Allow = 'Allow'
+ Deny = 'Deny'
+
+ class DatasourceCapabilityType:
+ ChangePermissions = 'ChangePermissions'
+ Connect = 'Connect'
+ Delete = 'Delete'
+ ExportXml = 'ExportXml'
+ Read = 'Read'
+ Write = 'Write'
+
+ class WorkbookCapabilityType:
+ AddComment = 'AddComment'
+ ChangeHierarchy = 'ChangeHierarchy'
+ ChangePermissions = 'ChangePermissions'
+ Delete = 'Delete'
+ ExportData = 'ExportData'
+ ExportImage = 'ExportImage'
+ ExportXml = 'ExportXml'
+ Filter = 'Filter'
+ Read = 'Read'
+ ShareView = 'ShareView'
+ ViewComments = 'ViewComments'
+ ViewUnderlyingData = 'ViewUnderlyingData'
+ WebAuthoring = 'WebAuthoring'
+ Write = 'Write'
+
+ class ProjectCapabilityType:
+ ProjectLeader = 'ProjectLeader'
+ Read = 'Read'
+ Write = 'Write'
+
+
+class CapabilityItem(object):
+ def __init__(self, type=None, object_id=None, map={}):
+ self._type = type
+ self._object_id = object_id
+ self.map = map
+
+ @property
+ def type(self):
+ return self._type
+
+ @property
+ def object_id(self):
+ return self._object_id
+
+
+class PermissionsItem(object):
+ def __init__(self):
+ self._capabilities = None
+
+ def _set_values(self, capabilities):
+ self._capabilities = capabilities
+
+ @property
+ def capabilities(self):
+ return self._capabilities
+
+ @classmethod
+ def from_response(cls, resp, ns=None):
+ permissions = PermissionsItem()
+ parsed_response = ET.fromstring(resp)
+
+ capabilities = {}
+ all_xml = parsed_response.findall('.//t:granteeCapabilities',
+ namespaces=ns)
+
+ for grantee_capability_xml in all_xml:
+ grantee_id = None
+ grantee_type = None
+ capability_map = {}
+
+ try:
+ grantee_id = grantee_capability_xml.find('.//t:group',
+ namespaces=ns)\
+ .get('id')
+ grantee_type = Permission.GranteeType.Group
+ except AttributeError:
+ pass
+ try:
+ grantee_id = grantee_capability_xml.find('.//t:user',
+ namespaces=ns)\
+ .get('id')
+ grantee_type = Permission.GranteeType.User
+ except AttributeError:
+ pass
+
+ if grantee_id is None:
+ logger.error('Cannot find grantee type in response')
+ raise UnknownGranteeTypeError()
+
+ for capability_xml in grantee_capability_xml.findall(
+ './/t:capabilities/t:capability', namespaces=ns):
+ name = capability_xml.get('name')
+ mode = capability_xml.get('mode')
+
+ capability_map[name] = mode
+
+ capability_item = CapabilityItem(grantee_type, grantee_id,
+ capability_map)
+ capabilities[(grantee_type, grantee_id)] = capability_item
+
+ permissions._set_values(capabilities)
+ return permissions

tableauserverclient/models/project_item.py

@@ -1,5 +1,6 @@
 import xml.etree.ElementTree as ET
 from .property_decorators import property_is_enum, property_not_empty
+from .exceptions import UnpopulatedPropertyError
 
 
 class ProjectItem(object):
@@ -15,10 +16,19 @@ def __init__(self, name, description=None, content_permissions=None, parent_id=N
  self.content_permissions = content_permissions
  self.parent_id = parent_id
 
+ self._permissions = None
+
  @property
  def content_permissions(self):
  return self._content_permissions
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Project item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @content_permissions.setter
  @property_is_enum(ContentPermissions)
  def content_permissions(self, value):
@@ -61,6 +71,9 @@ def _set_values(self, project_id, name, description, content_permissions, parent
  if parent_id:
  self.parent_id = parent_id
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  @classmethod
  def from_response(cls, resp, ns):
  all_project_items = list()

tableauserverclient/models/workbook_item.py

@@ -3,6 +3,7 @@
 from .property_decorators import property_not_nullable, property_is_boolean
 from .tag_item import TagItem
 from .view_item import ViewItem
+from .permissions_item import PermissionsItem
 from ..datetime_helpers import parse_datetime
 import copy
 
@@ -24,6 +25,7 @@ def __init__(self, project_id, name=None, show_tabs=False):
  self.project_id = project_id
  self.show_tabs = show_tabs
  self.tags = set()
+ self._permissions = None
 
  @property
  def connections(self):
@@ -32,6 +34,13 @@ def connections(self):
  raise UnpopulatedPropertyError(error)
  return self._connections()
 
+ @property
+ def permissions(self):
+ if self._permissions is None:
+ error = "Workbook item must be populated with permissions first."
+ raise UnpopulatedPropertyError(error)
+ return self._permissions()
+
  @property
  def content_url(self):
  return self._content_url
@@ -101,6 +110,9 @@ def views(self):
  def _set_connections(self, connections):
  self._connections = connections
 
+ def _set_permissions(self, permissions):
+ self._permissions = permissions
+
  def _set_views(self, views):
  self._views = views
 

tableauserverclient/server/__init__.py

@@ -4,7 +4,7 @@
 from .sort import Sort
 from .. import ConnectionItem, DatasourceItem, JobItem, \
  GroupItem, PaginationItem, ProjectItem, ScheduleItem, SiteItem, TableauAuth,\
- UserItem, ViewItem, WorkbookItem, TaskItem, SubscriptionItem
+ UserItem, ViewItem, WorkbookItem, TaskItem, SubscriptionItem, PermissionsItem
 from .endpoint import Auth, Datasources, Endpoint, Groups, Projects, Schedules, \
  Sites, Users, Views, Workbooks, Subscriptions, ServerResponseError, \
  MissingRequiredFieldError

tableauserverclient/server/endpoint/datasources_endpoint.py

@@ -1,4 +1,5 @@
-from .endpoint import Endpoint, api, parameter_added_in
+from .endpoint import api, parameter_added_in, Endpoint
+from .permissions_endpoint import _PermissionsEndpoint
 from .exceptions import MissingRequiredFieldError
 from .fileuploads_endpoint import Fileuploads
 from .resource_tagger import _ResourceTagger
@@ -24,6 +25,7 @@ class Datasources(Endpoint):
  def __init__(self, parent_srv):
  super(Datasources, self).__init__(parent_srv)
  self._resource_tagger = _ResourceTagger(parent_srv)
+ self._permissions = _PermissionsEndpoint(parent_srv, lambda: self.baseurl)
 
  @property
  def baseurl(self):
@@ -196,3 +198,15 @@ def publish(self, datasource_item, file_path, mode, connection_credentials=None,
  new_datasource = DatasourceItem.from_response(server_response.content, self.parent_srv.namespace)[0]
  logger.info('Published {0} (ID: {1})'.format(filename, new_datasource.id))
  return new_datasource
+
+ @api(version='2.0')
+ def populate_permissions(self, item):
+ self._permissions.populate(item)
+
+ @api(version='2.0')
+ def update_permission(self, item, permission_item):
+ self._permissions.update(item, permission_item)
+
+ @api(version='2.0')
+ def delete_permission(self, item, capability_item):
+ self._permissions.delete(item, capability_item)

tableauserverclient/server/endpoint/permissions_endpoint.py

@@ -0,0 +1,73 @@
+import logging
+
+from .. import RequestFactory, PermissionsItem
+
+from .endpoint import Endpoint, api
+from .exceptions import MissingRequiredFieldError
+
+
+logger = logging.getLogger(__name__)
+
+
+class _PermissionsEndpoint(Endpoint):
+ ''' Adds permission model to another endpoint
+
+ Tableau permissions model is identical between objects but they are nested under
+ the parent object endpoint (i.e. permissions for workbooks are under
+ /workbooks/:id/permission). This class is meant to be instantated inside a
+ parent endpoint which has these supported endpoints
+ '''
+ def __init__(self, parent_srv, owner_baseurl):
+ super(_PermissionsEndpoint, self).__init__(parent_srv)
+
+ # owner_baseurl is the baseurl of the parent. The MUST be a lambda
+ # since we don't know the full site URL until we sign in. If
+ # populated without, we will get a sign-in error
+ self.owner_baseurl = owner_baseurl
+
+ def update(self, item, permission_item):
+ url = '{0}/{1}/permissions'.format(self.owner_baseurl(), item.id)
+ update_req = RequestFactory.Permission.add_req(item, permission_item)
+ response = self.put_request(url, update_req)
+ permissions = PermissionsItem.from_response(response.content,
+ self.parent_srv.namespace)
+
+ logger.info('Updated permissions for item {0}'.format(item.id))
+
+ return permissions
+
+ def delete(self, item, capability_item):
+ for capability_type, capability_mode in capability_item.map.items():
+ url = '{0}/{1}/permissions/{2}/{3}/{4}/{5}'.format(
+ self.owner_baseurl(), item.id,
+ capability_item.type + 's',
+ capability_item.object_id, capability_type,
+ capability_mode)
+
+ logger.debug('Removing {0} permission for capabilty {1}'.format(
+ capability_mode, capability_type))
+
+ self.delete_request(url)
+
+ logger.info('Deleted permission for {0} {1} item {2}'.format(
+ capability_item.type,
+ capability_item.object_id,
+ item.id))
+
+ def populate(self, item):
+ if not item.id:
+ error = "Server item is missing ID. Item must be retrieved from server first."
+ raise MissingRequiredFieldError(error)
+
+ def permission_fetcher():
+ return self._get_permissions(item)
+
+ item._set_permissions(permission_fetcher)
+ logger.info('Populated permissions for item (ID: {0})'.format(item.id))
+
+ def _get_permissions(self, item, req_options=None):
+ url = "{0}/{1}/permissions".format(self.owner_baseurl(), item.id)
+ server_response = self.get_request(url, req_options)
+ permissions = PermissionsItem.from_response(server_response.content,
+ self.parent_srv.namespace)
+ return permissions