def revoke(ctx, image, user, revoke_all, allow_home, allow_view, volume):
"""Revokes access to application identified by IMAGE to a specific
user USER and specified parameters."""
allow_common = False
source = target = mode = None
if volume is not None:
allow_common = True
try:
source, target, mode = parse_volume_string(volume)
except ValueError as e:
raise click.BadOptionUsage("volume", str(e))
session = ctx.obj.session
with orm.transaction(session):
orm_app = session.query(orm.Application).filter(
orm.Application.image == image).one()
orm_user = session.query(orm.User).filter(
orm.User.name == user).one()
if revoke_all:
session.query(orm.Accounting).filter(
orm.Accounting.application == orm_app,
orm.Accounting.user == orm_user,
).delete()
else:
orm_policy = session.query(orm.ApplicationPolicy).filter(
orm.ApplicationPolicy.allow_home == allow_home,
orm.ApplicationPolicy.allow_common == allow_common,
orm.ApplicationPolicy.allow_view == allow_view,
orm.ApplicationPolicy.volume_source == source,
orm.ApplicationPolicy.volume_target == target,
orm.ApplicationPolicy.volume_mode == mode).one()
session.query(orm.Accounting).filter(
orm.Accounting.application == orm_app,
orm.Accounting.user == orm_user,
orm.Accounting.application_policy == orm_policy,
).delete()
评论列表
文章目录