Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Revoking Access from Group #338

Closed
schloerke opened this issue Nov 15, 2024 · 3 comments · Fixed by #339
Closed

Add Revoking Access from Group #338

schloerke opened this issue Nov 15, 2024 · 3 comments · Fixed by #339
Assignees
Labels
sdk Used for automation

Comments

@schloerke
Copy link
Collaborator

schloerke commented Nov 15, 2024

Related Recipe Issue: https://github.com/rstudio/connect/issues/28826

Current recipe code: https://docs.posit.co/connect/cookbook/content-access-controls/revoking-access-from-a-group/

from posit import connect

#### User-defined inputs ####
# 1. specify the guid for the content item
content_guid = "CONTENT_GUID_HERE"
# 2. specify either the guid or name for the group to be removed (group_name will be used if group_guid is blank)
group_guid = ""
group_name = "GROUP_NAME_HERE"
############################

client = connect.Client()

# search by group_name to find the group_guid if blank
if not group_guid and group_name:
    group_match = client.get("/v1/groups", params={"prefix": group_name}).json()
    if not group_match["results"]:
        raise Exception("Invalid group name")
    elif len(group_match["results"]) != 1:
        raise Exception("More than one group name found, ensure you enter a unique name")
    else:
        group_guid = group_match["results"][0]["guid"]
elif not group_name:
    raise Exception("Either group_guid or group_name must be specified")

# For the specified content item remove the desired user
for perm in client.content.get(content_guid).permissions.find():
    if perm.principal_guid == group_guid:
        perm.delete()

# Confirm new permissions
client.content.get(content_guid).permissions.find()
@schloerke schloerke self-assigned this Nov 15, 2024
@github-actions github-actions bot added the sdk Used for automation label Nov 15, 2024
@schloerke
Copy link
Collaborator Author

schloerke commented Nov 15, 2024

Proposed recipe; .delete(*permissions) would also handle receiving a Group or User as they have ['guid'] values that correspond with the principal_guid.

from posit import connect

#### User-defined inputs ####
# 1. specify the guid for the content item
content_guid = "CONTENT_GUID_HERE"
# 2. specify either the principal_guid or group name prefix
principal_guid = "USER_OR_GROUP_GUID_HERE"
group_name_prefix = "GROUP_NAME_PREFIX_HERE"
############################

client = connect.Client()

# Remove a single permission by principal_guid
client.content.get(content_guid).permissions.destroy(principal_guid)

# Remove by user (if principal_guid is a user)
user = client.users.get(principal_guid)
client.content.get(content_guid).permissions.destroy(user)

# Remove by group (if principal_guid is a group)
group = client.groups.get(principal_guid)
client.content.get(content_guid).permissions.destroy(group)

# Remove all groups with a matching prefix name
groups = client.groups.find(prefix=group_name_prefix)
client.content.get(content_guid).permissions.destroy(*groups)

# Confirm new permissions
client.content.get(content_guid).permissions.find()

@tdstein
Copy link
Collaborator

tdstein commented Nov 15, 2024

Nice! Let's use destroy instead of delete as the method name. But this looks great!

@tdstein
Copy link
Collaborator

tdstein commented Nov 15, 2024

For consistency, we can replace and/or deprecate Permission#delete in favor of Permission#destroy as part of this work as well.

def delete(self) -> None:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
sdk Used for automation
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants