oldaplib 0.3.30__py3-none-any.whl → 0.4.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. oldaplib/ontologies/admin-testing.trig +62 -11
  2. oldaplib/ontologies/admin.trig +12 -51
  3. oldaplib/ontologies/gaga.trigs +23 -0
  4. oldaplib/ontologies/oldap.trig +138 -62
  5. oldaplib/src/connection.py +39 -34
  6. oldaplib/src/enums/adminpermissions.py +1 -1
  7. oldaplib/src/enums/datapermissions.py +24 -4
  8. oldaplib/src/enums/{permissionsetattr.py → roleattr.py} +2 -3
  9. oldaplib/src/enums/userattr.py +3 -2
  10. oldaplib/src/helpers/observable_dict.py +1 -0
  11. oldaplib/src/in_project.py +0 -1
  12. oldaplib/src/objectfactory.py +349 -104
  13. oldaplib/src/propertyclass.py +1 -1
  14. oldaplib/src/{permissionset.py → role.py} +90 -112
  15. oldaplib/src/user.py +183 -97
  16. oldaplib/src/userdataclass.py +67 -38
  17. oldaplib/src/version.py +1 -1
  18. oldaplib/test/test_datamodel.py +5 -2
  19. oldaplib/test/test_in_project.py +21 -20
  20. oldaplib/test/test_objectfactory.py +100 -34
  21. oldaplib/test/test_resourceclass.py +3 -3
  22. oldaplib/test/test_role.py +407 -0
  23. oldaplib/test/test_user.py +159 -98
  24. oldaplib/testdata/instances_test.trig +48 -26
  25. {oldaplib-0.3.30.dist-info → oldaplib-0.4.1.dist-info}/METADATA +1 -1
  26. {oldaplib-0.3.30.dist-info → oldaplib-0.4.1.dist-info}/RECORD +27 -26
  27. oldaplib/test/test_permissionset.py +0 -443
  28. {oldaplib-0.3.30.dist-info → oldaplib-0.4.1.dist-info}/WHEEL +0 -0
oldaplib/src/user.py CHANGED
@@ -140,19 +140,22 @@ user3 = User.read(con=self._connection, userId="aedison")
140
140
  user3.delete()
141
141
  ```
142
142
  """
143
+ import textwrap
143
144
  from copy import deepcopy
144
145
  from enum import Enum
145
146
  from functools import partial
146
147
  from pprint import pprint
147
- from typing import List, Self, Optional, Any
148
+ from typing import List, Self, Optional, Any, Tuple
148
149
 
149
150
  import bcrypt
150
151
 
151
152
  from oldaplib.src.cachesingleton import CacheSingleton, CacheSingletonRedis
152
153
  from oldaplib.src.enums.action import Action
154
+ from oldaplib.src.enums.datapermissions import DataPermission
153
155
  from oldaplib.src.enums.userattr import UserAttr
154
156
  from oldaplib.src.helpers.context import Context
155
157
  from oldaplib.src.helpers.irincname import IriOrNCName
158
+ from oldaplib.src.helpers.observable_dict import ObservableDict
156
159
  from oldaplib.src.helpers.observable_set import ObservableSet
157
160
  from oldaplib.src.helpers.serializer import serializer
158
161
  from oldaplib.src.in_project import InProjectClass
@@ -235,6 +238,18 @@ class User(Model):
235
238
  validate=validate)
236
239
 
237
240
  self.set_attributes(kwargs, UserAttr)
241
+
242
+ #
243
+ # maybe we have to change the default data permissionss for the user
244
+ #
245
+ if self._attributes.get(UserAttr.HAS_ROLE):
246
+ tmp = ObservableDict()
247
+ for role, dperm in self._attributes[UserAttr.HAS_ROLE].items():
248
+ if not isinstance(dperm, DataPermission):
249
+ tmp[role] = DataPermission.from_qname(dperm) if isinstance(dperm, Xsd_QName) else DataPermission.from_string(dperm)
250
+ else:
251
+ tmp[role] = dperm
252
+ self._attributes[UserAttr.HAS_ROLE] = tmp
238
253
  #
239
254
  # Consistency checks
240
255
  #
@@ -246,10 +261,11 @@ class User(Model):
246
261
  else:
247
262
  self._attributes[UserAttr.IN_PROJECT] = InProjectClass(notifier=self.__inProject_cb)
248
263
 
249
- if self._attributes.get(UserAttr.HAS_PERMISSIONS):
250
- self._attributes[UserAttr.HAS_PERMISSIONS].set_notifier(self.__hasPermission_cb, UserAttr.HAS_PERMISSIONS)
264
+ if self._attributes.get(UserAttr.HAS_ROLE):
265
+ #self._attributes[UserAttr.HAS_ROLE].set_on_change(self.__hasRole_cb, UserAttr.HAS_ROLE)
266
+ self._attributes[UserAttr.HAS_ROLE].set_on_change(self.__hasRole_cb)
251
267
  else:
252
- self._attributes[UserAttr.HAS_PERMISSIONS] = ObservableSet(notifier=self.__hasPermission_cb)
268
+ self._attributes[UserAttr.HAS_ROLE] = ObservableDict(on_change=self.__hasRole_cb)
253
269
 
254
270
  if self._attributes.get(UserAttr.CREDENTIALS):
255
271
  if not str(self._attributes[UserAttr.CREDENTIALS]).startswith(('$2a$', '$2b$', '$2y$')):
@@ -292,13 +308,13 @@ class User(Model):
292
308
  self._attributes[UserAttr.IN_PROJECT] = InProjectClass(notifier=self.__inProject_cb)
293
309
  else:
294
310
  self._attributes[UserAttr.IN_PROJECT] = InProjectClass(value, notifier=self.__inProject_cb)
295
- if attr == UserAttr.HAS_PERMISSIONS:
311
+ if attr == UserAttr.HAS_ROLE:
296
312
  if value is None:
297
- self._attributes[UserAttr.HAS_PERMISSIONS] = ObservableSet(notifier=self.__hasPermission_cb)
313
+ self._attributes[UserAttr.HAS_ROLE] = ObservableDict(on_change=self.__hasRole_cb)
298
314
  else:
299
- self._attributes[UserAttr.HAS_PERMISSIONS] = ObservableSet(value, notifier=self.__hasPermission_cb)
315
+ self._attributes[UserAttr.HAS_ROLE] = ObservableDict(value, on_change=self.__hasRole_cb)
300
316
 
301
- def check_for_permissions(self) -> (bool, str):
317
+ def check_for_permissions(self) -> Tuple[bool, str]:
302
318
  """
303
319
  Evaluates whether the currently logged-in user ("actor") has the necessary permissions
304
320
  to create a user for the specified project(s). The function checks if the actor has root
@@ -336,9 +352,9 @@ class User(Model):
336
352
  # Callbacks for the `ObservableSet`class. This is used whenever the `hasPermission`or
337
353
  # `inProject`properties are being modified
338
354
  #
339
- def __hasPermission_cb(self, data: Enum | Iri = None) -> None:
340
- if self._changeset.get(UserAttr.HAS_PERMISSIONS) is None:
341
- self._changeset[UserAttr.HAS_PERMISSIONS] = AttributeChange(None, Action.MODIFY)
355
+ def __hasRole_cb(self, old_value: ObservableDict) -> None:
356
+ if self._changeset.get(UserAttr.HAS_ROLE) is None:
357
+ self._changeset[UserAttr.HAS_ROLE] = AttributeChange(old_value, Action.MODIFY)
342
358
 
343
359
  def __inProject_cb(self, data: Enum | Iri = None) -> None:
344
360
  if self._changeset.get(UserAttr.IN_PROJECT) is None:
@@ -391,9 +407,12 @@ class User(Model):
391
407
  for p in self.inProject.keys():
392
408
  for admin_p in self.inProject[p]: # TODO: May be use .get() instead of [] !!!!!!!!!!!!!!!!!!!!!!!!!
393
409
  star += f'{blank:{indent * indent_inc}}<<{self.userIri.toRdf} oldap:inProject {p.toRdf}>> oldap:hasAdminPermission {admin_p.value} .\n'
394
- if self.hasPermissions:
395
- rdfstr = ", ".join([str(x) for x in self.hasPermissions])
396
- sparql += f' ;\n{blank:{(indent + 1) * indent_inc}}oldap:hasPermissions {rdfstr}'
410
+ if self.hasRole:
411
+ rdfstr = ", ".join([str(x) for x in self.hasRole.keys()])
412
+ sparql += f' ;\n{blank:{(indent + 1) * indent_inc}}oldap:hasRole {rdfstr}'
413
+ for r, p in self.hasRole.items():
414
+ if p:
415
+ star += f'{blank:{(indent + 1) * indent_inc}}<<{self.userIri.toRdf} oldap:hasRole {r.toRdf}>> oldap:hasDefaultDataPermission {p.value} .\n'
397
416
  sparql += " .\n\n"
398
417
  sparql += star
399
418
  return sparql
@@ -427,52 +446,66 @@ class User(Model):
427
446
  self.userIri = Iri()
428
447
  context = Context(name=self._con.context_name)
429
448
  sparql1 = context.sparql_context
430
- sparql1 += f"""
431
- SELECT ?user
449
+ #
450
+ # SPARQL to test if a user with the same userId already exists
451
+ #
452
+ sparql1 += textwrap.dedent(f"""
453
+ ASK
432
454
  FROM oldap:admin
433
455
  WHERE {{
434
- ?user a oldap:User .
435
- ?user oldap:userId {self.userId.toRdf} .
456
+ ?user oldap:userId {self.userId.toRdf} .
436
457
  }}
437
- """
458
+ """)
438
459
 
460
+ #
461
+ # SPARQL to test if a user with the same userIri already exists
462
+ #
439
463
  sparql2 = context.sparql_context
440
- sparql2 += f"""
441
- SELECT ?user
464
+ sparql2 += textwrap.dedent(f"""
465
+ ASK
442
466
  FROM oldap:admin
443
467
  WHERE {{
444
- ?user a oldap:User .
445
- FILTER(?user = {self.userIri.toRdf})
468
+ {self.userIri.toRdf} ?p ?o
446
469
  }}
447
- """
470
+ """)
448
471
 
472
+ #
473
+ # SPARQL to test if the projects the user should be in do exist...
474
+ #
449
475
  proj_test = None
450
476
  if self.inProject:
451
477
  projs = [x.toRdf for x in self.inProject.keys()]
452
478
  projslist = ", ".join(projs)
453
479
  proj_test = context.sparql_context
454
- proj_test += f"""
480
+ proj_test += textwrap.dedent(f"""
455
481
  SELECT ?project
456
482
  FROM oldap:admin
457
483
  WHERE {{
458
484
  ?project a oldap:Project .
459
485
  FILTER(?project IN ({projslist}))
460
486
  }}
461
- """
462
-
463
- pset_test = None
464
- if self.hasPermissions:
465
- perms = [x.toRdf for x in self.hasPermissions]
466
- perms = ", ".join(perms)
467
- pset_test = context.sparql_context
468
- pset_test += f"""
469
- SELECT ?permissionset
487
+ """)
488
+ else:
489
+ projs = []
490
+
491
+ #
492
+ # SPARQL to test if the roles the user should have do exist...
493
+ #
494
+ roles_test = None
495
+ if self.hasRole:
496
+ roles = [x.toRdf for x in self.hasRole]
497
+ roles = ", ".join(roles)
498
+ roles_test = context.sparql_context
499
+ roles_test += textwrap.dedent(f"""
500
+ SELECT ?role
470
501
  FROM oldap:admin
471
502
  WHERE {{
472
- ?permissionset a oldap:PermissionSet .
473
- FILTER(?permissionset IN ({perms}))
503
+ ?role a oldap:Role .
504
+ FILTER(?role IN ({roles}))
474
505
  }}
475
- """
506
+ """)
507
+ else:
508
+ roles = []
476
509
 
477
510
  timestamp = Xsd_dateTime.now()
478
511
  blank = ''
@@ -492,31 +525,6 @@ class User(Model):
492
525
  contributor=self._con.userIri,
493
526
  modified=timestamp,
494
527
  indent=indent + 2, indent_inc=indent_inc)
495
- # sparql += f'{blank:{(indent + 2) * indent_inc}}{self.userIri.toRdf} a oldap:User'
496
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}dcterms:creator {self._con.userIri.toRdf}'
497
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}dcterms:created {timestamp.toRdf}'
498
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}dcterms:contributor {self._con.userIri.toRdf}'
499
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}dcterms:modified {timestamp.toRdf}'
500
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}oldap:userId {self.userId.toRdf}'
501
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}schema:familyName {self.familyName.toRdf}'
502
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}schema:givenName {self.givenName.toRdf}'
503
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}schema:email {self.email.toRdf}'
504
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}oldap:credentials {self.credentials.toRdf}'
505
- # activeval = "true" if self.isActive else "false"
506
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}oldap:isActive {activeval}'
507
- # star = ''
508
- # if self.inProject:
509
- # project = [p.toRdf for p in self.inProject.keys()]
510
- # rdfstr = ", ".join(project)
511
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}oldap:inProject {rdfstr}'
512
- # for p in self.inProject.keys():
513
- # for admin_p in self.inProject[p]: # TODO: May be use .get() instead of [] !!!!!!!!!!!!!!!!!!!!!!!!!
514
- # star += f'{blank:{(indent + 2) * indent_inc}}<<{self.userIri.toRdf} oldap:inProject {p.toRdf}>> oldap:hasAdminPermission {admin_p.value} .\n'
515
- # if self.hasPermissions:
516
- # rdfstr = ", ".join([str(x) for x in self.hasPermissions])
517
- # sparql += f' ;\n{blank:{(indent + 3) * indent_inc}}oldap:hasPermissions {rdfstr}'
518
- # sparql += " .\n\n"
519
- # sparql += star
520
528
  sparql += f'{blank:{(indent + 1) * indent_inc}}}}\n'
521
529
  sparql += f'{blank:{indent * indent_inc}}}}\n'
522
530
 
@@ -526,8 +534,7 @@ class User(Model):
526
534
  except OldapError:
527
535
  self._con.transaction_abort()
528
536
  raise
529
- res = QueryProcessor(context, jsonobj)
530
- if len(res) > 0:
537
+ if jsonobj['boolean']:
531
538
  self._con.transaction_abort()
532
539
  raise OldapErrorAlreadyExists(f'A user with a user ID "{self.userId}" already exists')
533
540
 
@@ -536,8 +543,7 @@ class User(Model):
536
543
  except OldapError:
537
544
  self._con.transaction_abort()
538
545
  raise
539
- res = QueryProcessor(context, jsonobj)
540
- if len(res) > 0:
546
+ if jsonobj['boolean']:
541
547
  self._con.transaction_abort()
542
548
  raise OldapErrorAlreadyExists(f'A user with a user IRI "{self.userIri}" already exists')
543
549
 
@@ -552,16 +558,16 @@ class User(Model):
552
558
  self._con.transaction_abort()
553
559
  raise OldapErrorValue("One of the projects is not existing!")
554
560
 
555
- if self.hasPermissions:
561
+ if self.hasRole:
556
562
  try:
557
- jsonobj = self._con.transaction_query(pset_test)
563
+ jsonobj = self._con.transaction_query(roles_test)
558
564
  except OldapError:
559
565
  self._con.transaction_abort()
560
566
  raise
561
567
  res = QueryProcessor(context, jsonobj)
562
- if len(res) != len(self.hasPermissions):
568
+ if len(res) != len(self.hasRole):
563
569
  self._con.transaction_abort()
564
- raise OldapErrorValue("One of the permission sets is not existing!")
570
+ raise OldapErrorValue(f"One of the Roles {self.hasRole} is not existing!")
565
571
 
566
572
  try:
567
573
  self._con.transaction_update(sparql)
@@ -640,7 +646,7 @@ class User(Model):
640
646
  credentials=userdata.credentials,
641
647
  isActive=userdata.isActive,
642
648
  inProject=userdata.inProject,
643
- hasPermissions=userdata.hasPermissions)
649
+ hasRole=userdata.hasRole)
644
650
  cache = CacheSingletonRedis()
645
651
  cache.set(instance.userIri, instance)
646
652
  instance.clear_changeset()
@@ -745,6 +751,14 @@ class User(Model):
745
751
  ?user a oldap:User .
746
752
  ?user oldap:userId {self.userId.toRdf} .
747
753
  }} ;
754
+ WITH oldap:admin
755
+ DELETE {{
756
+ <<?user oldap:hasRole ?role>> oldap:hasDefaultDataPermission ?dval .
757
+ }}
758
+ WHERE {{
759
+ ?user a oldap:User .
760
+ ?user oldap:userId {self.userId.toRdf} .
761
+ }} ;
748
762
  DELETE WHERE {{
749
763
  ?user a oldap:User .
750
764
  ?user oldap:userId {self.userId.toRdf} .
@@ -804,7 +818,7 @@ class User(Model):
804
818
  blank = ''
805
819
  sparql_list = []
806
820
  for field, change in self._changeset.items():
807
- if field == UserAttr.HAS_PERMISSIONS or field == UserAttr.IN_PROJECT:
821
+ if field == UserAttr.HAS_ROLE or field == UserAttr.IN_PROJECT:
808
822
  continue
809
823
  sparql = f'{blank:{indent * indent_inc}}# User field "{field.value}" with action "{change.action.value}"\n'
810
824
  sparql += f'{blank:{indent * indent_inc}}WITH oldap:admin\n'
@@ -823,33 +837,48 @@ class User(Model):
823
837
  sparql += f'{blank:{indent * indent_inc}}}}'
824
838
  sparql_list.append(sparql)
825
839
 
826
- if UserAttr.HAS_PERMISSIONS in self._changeset:
827
- added = set()
828
- removed = set()
829
- if self._changeset[UserAttr.HAS_PERMISSIONS].action == Action.CREATE:
830
- added = self._attributes[UserAttr.HAS_PERMISSIONS]
831
- elif self._changeset[UserAttr.HAS_PERMISSIONS].action == Action.DELETE:
832
- removed = self._changeset[UserAttr.HAS_PERMISSIONS].old_value
833
- elif self._changeset[UserAttr.HAS_PERMISSIONS].action == Action.REPLACE:
834
- added = self._attributes[UserAttr.HAS_PERMISSIONS]
835
- removed = self._changeset[UserAttr.HAS_PERMISSIONS].old_value
836
- elif self._changeset[UserAttr.HAS_PERMISSIONS].action == Action.MODIFY:
837
- A = self._attributes[UserAttr.HAS_PERMISSIONS]
838
- B = self._attributes[UserAttr.HAS_PERMISSIONS].old_value
839
- added = A - B
840
- removed = B - A
841
-
842
- sparql = f'{blank:{indent * indent_inc}}# User field "hasPermission"\n'
840
+ if UserAttr.HAS_ROLE in self._changeset:
841
+ added = {}
842
+ removed = {}
843
+ changed = {}
844
+ if self._changeset[UserAttr.HAS_ROLE].action == Action.CREATE:
845
+ added = self._attributes[UserAttr.HAS_ROLE]
846
+ elif self._changeset[UserAttr.HAS_ROLE].action == Action.DELETE:
847
+ removed = self._changeset[UserAttr.HAS_ROLE].old_value
848
+ elif self._changeset[UserAttr.HAS_ROLE].action == Action.REPLACE:
849
+ added = self._attributes[UserAttr.HAS_ROLE]
850
+ removed = self._changeset[UserAttr.HAS_ROLE].old_value
851
+ elif self._changeset[UserAttr.HAS_ROLE].action == Action.MODIFY:
852
+ if self._changeset[UserAttr.HAS_ROLE].old_value:
853
+ added = {key: self._attributes[UserAttr.HAS_ROLE][key] for key in self._attributes[UserAttr.HAS_ROLE].keys() - self._changeset[UserAttr.HAS_ROLE].old_value.keys()}
854
+ else:
855
+ added = self._attributes[UserAttr.HAS_ROLE]
856
+ if self._changeset[UserAttr.HAS_ROLE].old_value:
857
+ removed = {key: self._changeset[UserAttr.HAS_ROLE].old_value[key] for key in self._changeset[UserAttr.HAS_ROLE].old_value.keys() - self._attributes[UserAttr.HAS_ROLE].keys()}
858
+ else:
859
+ removed = {}
860
+ if self._changeset[UserAttr.HAS_ROLE].old_value:
861
+ changed = {key: {'old': self._changeset[UserAttr.HAS_ROLE].old_value.get(key), 'new': self._attributes[UserAttr.HAS_ROLE].get(key)}
862
+ for key in self._changeset[UserAttr.HAS_ROLE].old_value.keys() & self._attributes[UserAttr.HAS_ROLE].keys()
863
+ if self._attributes[UserAttr.HAS_ROLE][key] != self._changeset[UserAttr.HAS_ROLE].old_value[key]}
864
+ else:
865
+ changed = {}
866
+
867
+ #
868
+ # first we add new roles or delete removed roles from the user (oldap:hasRole). Roles where the
869
+ # oldap:hasDefaultDataPermission has changed are not considered here (but below) since its a RDF*star thing!
870
+ #
871
+ sparql = f'{blank:{indent * indent_inc}}# User field "hasRole"\n'
843
872
  sparql += f'{blank:{indent * indent_inc}}WITH oldap:admin\n'
844
873
  if removed:
845
874
  sparql += f'{blank:{indent * indent_inc}}DELETE {{\n'
846
- for perm in removed:
847
- sparql += f'{blank:{(indent + 1) * indent_inc}}?user oldap:hasPermissions {perm} .\n'
875
+ for role in removed.keys():
876
+ sparql += f'{blank:{(indent + 1) * indent_inc}}?user oldap:hasRole {role.toRdf} .\n'
848
877
  sparql += f'{blank:{indent * indent_inc}}}}\n'
849
878
  if added:
850
879
  sparql += f'{blank:{indent * indent_inc}}INSERT {{\n'
851
- for perm in added:
852
- sparql += f'{blank:{(indent + 1) * indent_inc}}?user oldap:hasPermissions {perm} .\n'
880
+ for role in added.keys():
881
+ sparql += f'{blank:{(indent + 1) * indent_inc}}?user oldap:hasRole {role.toRdf} .\n'
853
882
  sparql += f'{blank:{indent * indent_inc}}}}\n'
854
883
  sparql += f'{blank:{indent * indent_inc}}WHERE {{\n'
855
884
  sparql += f'{blank:{(indent + 1) * indent_inc}}BIND({self.userIri.toRdf} as ?user)\n'
@@ -859,17 +888,73 @@ class User(Model):
859
888
  sparql_list.append(sparql)
860
889
 
861
890
  #
862
- # check if existing :PermissionSet's have been given!
891
+ # Now we process the RDF*star triples where a Role has been added/deleted or the
892
+ # oldap:hasDefaultDataPermission has changed!
893
+ #
894
+ rdfstar = False
895
+ sparql = ''
896
+ if removed or changed:
897
+ sparql += f'{blank:{indent * indent_inc}}# RDF*Star DELETE: <<.. oldap:hasRole ...>> oldap:hasDefaultDataPermission ...\n'
898
+ sparql += f'{blank:{indent * indent_inc}}DELETE DATA {{\n'
899
+ sparql += f'{blank:{(indent + 1) * indent_inc}}GRAPH oldap:admin {{\n'
900
+ rdfstar = True
901
+ if removed:
902
+ tmp = [role for role, dperm in removed.items() if dperm] # check if we have roles with dterm not None
903
+ if tmp:
904
+ for role, dperm in removed.items():
905
+ if dperm:
906
+ sparql += f'{blank:{(indent + 2) * indent_inc}}<<{self.userIri.toRdf} oldap:hasRole {role.toRdf}>> oldap:hasDefaultDataPermission {dperm.toRdf} .\n'
907
+ if changed: # remove RDF*Star triples of the roles that have changed
908
+ tmp = [role for role, dperm in changed.items() if dperm['old']]
909
+ if tmp:
910
+ for role, changes in changed.items():
911
+ if changes['old']:
912
+ sparql += f'{blank:{(indent + 1) * indent_inc}}<<{self.userIri.toRdf} oldap:hasRole {role.toRdf}>> oldap:hasDefaultDataPermission {changes["old"].toRdf} .\n'
913
+
914
+ if rdfstar:
915
+ sparql += f'{blank:{(indent + 1) * indent_inc}}}}\n'
916
+ sparql += f'{blank:{indent * indent_inc}}}}\n'
917
+ if added or changed:
918
+ if rdfstar:
919
+ sparql += f'{blank:{indent * indent_inc}};\n'
920
+ sparql += f'{blank:{indent * indent_inc}}# RDF*Star INSERT: <<.. oldap:hasRole ...>> oldap:hasDefaultDataPermission ...\n'
921
+ sparql += f'{blank:{indent * indent_inc}}INSERT DATA {{\n'
922
+ sparql += f'{blank:{(indent + 1) * indent_inc}}GRAPH oldap:admin {{\n'
923
+ rdfstar = True
924
+ else:
925
+ rdfstar = False
926
+ if added:
927
+ tmp = [role for role, dperm in added.items() if dperm] # check if we have roles with dterm not None
928
+ if tmp:
929
+ for role, dperm in added.items():
930
+ if dperm:
931
+ sparql += f'{blank:{(indent + 2) * indent_inc}}<<{self.userIri.toRdf} oldap:hasRole {role.toRdf}>> oldap:hasDefaultDataPermission {dperm.toRdf} .\n'
932
+ rdfstar = True
933
+ if changed: # add the RDF*Star triples of the roles that have changed
934
+ tmp = [role for role, dperm in changed.items() if dperm['new']]
935
+ if tmp:
936
+ for role, changes in changed.items():
937
+ if changes['new']:
938
+ sparql += f'{blank:{(indent + 1) * indent_inc}}<<{self.userIri.toRdf} oldap:hasRole {role.toRdf}>> oldap:hasDefaultDataPermission {changes["new"].toRdf} .\n'
939
+ rdfstar = True
940
+ if rdfstar:
941
+ sparql += f'{blank:{(indent + 1) * indent_inc}}}}\n'
942
+ sparql += f'{blank:{indent * indent_inc}}}}\n'
943
+ if sparql:
944
+ sparql_list.append(sparql)
945
+
946
+ #
947
+ # check if existing :Roles's have been given!
863
948
  #
864
949
  if added:
865
950
  tmp = [x.toRdf for x in added]
866
951
  tmp = ", ".join(tmp)
867
952
  ptest = f"""
868
- SELECT ?permissionset
953
+ SELECT ?role
869
954
  FROM oldap:admin
870
955
  WHERE {{
871
- ?permissionset a oldap:PermissionSet .
872
- FILTER(?permissionset IN ({tmp}))
956
+ ?role a oldap:Role .
957
+ FILTER(?role IN ({tmp}))
873
958
  }}
874
959
  """
875
960
  ptest_len = len(added)
@@ -1036,6 +1121,7 @@ class User(Model):
1036
1121
  self.set_modified_by_iri(Xsd_QName('oldap:admin'), self.userIri, self.modified, timestamp)
1037
1122
  modtime = self.get_modified_by_iri(Xsd_QName('oldap:admin'), self.userIri)
1038
1123
  except OldapError:
1124
+ print(sparql)
1039
1125
  self._con.transaction_abort()
1040
1126
  raise
1041
1127
  if timestamp != modtime: