feat: enable combining PermissionsRules

jorwoods · jorwoods · commit 4029583561f4 · 2024-05-29T22:05:05.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -156,3 +156,4 @@ docs/_site/
 docs/.jekyll-metadata
 docs/Gemfile.lock
 samples/credentials
+.venv/
diff --git a/tableauserverclient/models/permissions_item.py b/tableauserverclient/models/permissions_item.py
@@ -53,6 +53,32 @@ def __init__(self, grantee: ResourceReference, capabilities: Dict[str, str]) ->
     def __repr__(self):
         return "<PermissionsRule grantee={}, capabilities={}>".format(self.grantee, self.capabilities)
 
+    def __and__(self, other: "PermissionsRule") -> "PermissionsRule":
+        if self.grantee != other.grantee:
+            raise ValueError("Cannot AND two permissions rules with different grantees")
+        capabilities = set((*self.capabilities.keys(), *other.capabilities.keys()))
+        new_capabilities = {}
+        for capability in capabilities:
+            if (self.capabilities.get(capability), other.capabilities.get(capability)) == (Permission.Mode.Allow, Permission.Mode.Allow):
+                new_capabilities[capability] = Permission.Mode.Allow
+            elif Permission.Mode.Deny in (self.capabilities.get(capability), other.capabilities.get(capability)):
+                new_capabilities[capability] = Permission.Mode.Deny
+
+        return PermissionsRule(self.grantee, new_capabilities)
+
+    def __or__(self, other: "PermissionsRule") -> "PermissionsRule":
+        if self.grantee != other.grantee:
+            raise ValueError("Cannot AND two permissions rules with different grantees")
+        capabilities = set((*self.capabilities.keys(), *other.capabilities.keys()))
+        new_capabilities = {}
+        for capability in capabilities:
+            if Permission.Mode.Allow in (self.capabilities.get(capability), other.capabilities.get(capability)):
+                new_capabilities[capability] = Permission.Mode.Allow
+            elif (self.capabilities.get(capability), other.capabilities.get(capability)) == (Permission.Mode.Deny, Permission.Mode.Deny):
+                new_capabilities[capability] = Permission.Mode.Deny
+
+        return PermissionsRule(self.grantee, new_capabilities)
+
     @classmethod
     def from_response(cls, resp, ns=None) -> List["PermissionsRule"]:
         parsed_response = fromstring(resp)
diff --git a/tableauserverclient/models/reference_item.py b/tableauserverclient/models/reference_item.py
@@ -8,6 +8,9 @@ def __str__(self):
 
     __repr__ = __str__
 
+    def __eq__(self, other):
+        return (self.id == other.id) and (self.tag_name == other.tag_name)
+
     @property
     def id(self):
         return self._id
diff --git a/test/test_permissionsrule.py b/test/test_permissionsrule.py
@@ -0,0 +1,49 @@
+import unittest
+
+import tableauserverclient as TSC
+from tableauserverclient.models.reference_item import ResourceReference
+
+class TestPermissionsRules(unittest.TestCase):
+    def test_and(self):
+        grantee = ResourceReference("a", "user")
+        rule1 = TSC.PermissionsRule(grantee, {
+            TSC.Permission.Capability.ExportData: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.Delete: TSC.Permission.Mode.Deny,
+            TSC.Permission.Capability.ViewComments: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.ExportXml: TSC.Permission.Mode.Deny,
+        })
+        rule2 = TSC.PermissionsRule(grantee, {
+            TSC.Permission.Capability.ExportData: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.Delete: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.ExportXml: TSC.Permission.Mode.Deny,
+        })
+
+        composite = rule1 & rule2
+
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ExportData), TSC.Permission.Mode.Allow)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.Delete), TSC.Permission.Mode.Deny)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ViewComments), None)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ExportXml), TSC.Permission.Mode.Deny)
+
+
+    def test_or(self):
+        grantee = ResourceReference("a", "user")
+        rule1 = TSC.PermissionsRule(grantee, {
+            TSC.Permission.Capability.ExportData: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.Delete: TSC.Permission.Mode.Deny,
+            TSC.Permission.Capability.ViewComments: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.ExportXml: TSC.Permission.Mode.Deny,
+        })
+        rule2 = TSC.PermissionsRule(grantee, {
+            TSC.Permission.Capability.ExportData: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.Delete: TSC.Permission.Mode.Allow,
+            TSC.Permission.Capability.ExportXml: TSC.Permission.Mode.Deny,
+        })
+
+        composite = rule1 | rule2
+
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ExportData), TSC.Permission.Mode.Allow)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.Delete), TSC.Permission.Mode.Allow)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ViewComments), TSC.Permission.Mode.Allow)
+        self.assertEqual(composite.capabilities.get(TSC.Permission.Capability.ExportXml), TSC.Permission.Mode.Deny)
+
