Merge branch 'master' into rakuyo/depr-libbytes-8060

changes/33127175adaff42214b2e19af4688fab.yaml

@@ -0,0 +1,6 @@
+---
+desc: Fix an issue where the default permission level specified when adding a graph
+  projection was overwritten.
+prs: []
+type: bug
+...

changes/44763e312940ac2d6b448d82442020c4.yaml

@@ -0,0 +1,5 @@
+---
+desc: Add ``$lib.graph.revoke()`` API for revoking user/role permissions on a graph projection.
+prs: []
+type: feat
+...

changes/d4c6fdc96cc6347ebcef68d8fa6b0131.yaml

@@ -0,0 +1,6 @@
+---
+desc: Deprecate ``$lib.inet.whois.guid``.
+prs:
+- 3951
+type: deprecation
+...

synapse/lib/cell.py

@@ -3560,7 +3560,7 @@ def _initEasyPerm(self, item, default=PERM_READ):
         item.setdefault('permissions', {})
         item['permissions'].setdefault('users', {})
         item['permissions'].setdefault('roles', {})
-        item['permissions']['default'] = default
+        item['permissions'].setdefault('default', default)
 
     async def getTeleApi(self, link, mesg, path):
 

synapse/lib/stormlib/graph.py

@@ -157,6 +157,15 @@ class GraphLib(s_stormtypes.Lib):
                   ),
                   'returns': {'type': 'null', }}},
 
+        {'name': 'revoke', 'desc': 'Revoke permissions granted to users/roles on a graph projection.',
+         'type': {'type': 'function', '_funcname': '_methGraphRevoke',
+                  'args': (
+                      {'name': 'gden', 'type': 'str', 'desc': 'Iden of the graph projection to modify.'},
+                      {'name': 'scope', 'type': 'str', 'desc': 'The scope, either "users" or "roles".'},
+                      {'name': 'iden', 'type': 'str', 'desc': 'The user/role iden depending on scope.'},
+                  ),
+                  'returns': {'type': 'null'}}},
+
         {'name': 'activate', 'desc': 'Set the graph projection to use for the top level Storm Runtime.',
          'type': {'type': 'function', '_funcname': '_methGraphActivate',
                   'args': (
@@ -174,6 +183,7 @@ def getObjLocals(self):
             'mod': self._methGraphMod,
             'list': self._methGraphList,
             'grant': self._methGraphGrant,
+            'revoke': self._methGraphRevoke,
             'activate': self._methGraphActivate,
         }
 
@@ -219,6 +229,13 @@ async def _methGraphGrant(self, gden, scope, iden, level):
 
         await self.runt.snap.core.setStormGraphPerm(gden, scope, iden, level, user=self.runt.user)
 
+    async def _methGraphRevoke(self, gden, scope, iden):
+        gden = await s_stormtypes.tostr(gden)
+        scope = await s_stormtypes.tostr(scope)
+        iden = await s_stormtypes.tostr(iden)
+
+        await self.runt.snap.core.setStormGraphPerm(gden, scope, iden, None, user=self.runt.user)
+
     async def _methGraphActivate(self, iden):
         gdef = await self._methGraphGet(iden)
         self.runt.setGraph(gdef)

synapse/lib/stormwhois.py

@@ -16,6 +16,7 @@ class LibWhois(s_stormtypes.Lib):
 
         Raises:
             StormRuntimeError: If form is not supported in this method.''',
+         'deprecated': {'eolvers': 'v3.0.0', 'mesg': 'Please use the GUID constructor syntax.'},
          'type': {'type': 'function', '_funcname': '_whoisGuid',
                   'args': (
                       {'name': 'props', 'type': 'dict', 'desc': 'Dictionary of properties used to create the form.', },
@@ -31,6 +32,8 @@ def getObjLocals(self):
          }
 
     async def _whoisGuid(self, props, form):
+        s_common.deprecated('$lib.inet.whois.guid()', curv='2.183.0')
+        await self.runt.snap.warnonce('$lib.inet.whois.guid() is deprecated. Use the GUID constructor syntax.')
         form = await s_stormtypes.tostr(form)
         props = await s_stormtypes.toprim(props)
         if form == 'iprec':

synapse/tests/test_cortex.py

@@ -3885,6 +3885,15 @@ def checkGraph(seeds, alldefs):
             opts['vars']['useriden'] = visi.iden
 
             await self.asyncraises(s_exc.AuthDeny, core.nodes('$lib.graph.del($iden2)', opts=uopts))
+            await core.nodes('$lib.graph.grant($iden2, users, $useriden, 3)', opts=opts)
+
+            await core.nodes('$lib.graph.mod($iden2, ({"name": "newname"}))', opts=uopts)
+            gdef = await core.callStorm('return($lib.graph.get($iden2))', opts=opts)
+            self.eq(gdef['name'], 'newname')
+
+            await core.nodes('$lib.graph.revoke($iden2, users, $useriden)', opts=opts)
+            await self.asyncraises(s_exc.AuthDeny, core.nodes('$lib.graph.mod($iden2, ({"name": "newp"}))', opts=uopts))
+
             await core.nodes('$lib.graph.grant($iden2, users, $useriden, 3)', opts=opts)
             await core.nodes('$lib.graph.del($iden2)', opts=uopts)
 
@@ -3974,6 +3983,12 @@ def checkGraph(seeds, alldefs):
             async with self.getTestCore(dirn=dirn) as core:
                 self.len(3, await core.callStorm('return($lib.graph.list())', opts=opts))
 
+                gdef = await core.callStorm('return($lib.graph.add(({"name": "nodef"})))')
+                self.eq(1, gdef['permissions']['default'])
+
+                gdef = await core.callStorm('return($lib.graph.add(({"name": "def", "permissions": {"default": 0}})))')
+                self.eq(0, gdef['permissions']['default'])
+
     async def test_storm_two_level_assignment(self):
         async with self.getTestCore() as core:
             q = '$foo=baz $bar=$foo [test:str=$bar]'

synapse/tests/test_lib_storm.py

@@ -3917,6 +3917,11 @@ async def test_storm_help_cmd(self):
             self.stormIsInPrint('Warning', msgs)
             self.stormIsInPrint('``$lib.infosec.cvss.saveVectToNode`` has been deprecated and will be removed in version v3.0.0.', msgs)
 
+            msgs = await core.stormlist('help --verbose $lib.inet.whois.guid')
+            self.stormIsInPrint('Warning', msgs)
+            self.stormIsInPrint('``$lib.inet.whois.guid`` has been deprecated and will be removed in version v3.0.0.', msgs)
+            self.stormIsInPrint('Please use the GUID constructor syntax.', msgs)
+
             msgs = await core.stormlist('help $lib.inet')
             self.stormIsInPrint('The following libraries are available:\n\n'
                                 '$lib.inet.http                : A Storm Library exposing an HTTP client API.\n'

synapse/tests/test_lib_stormwhois.py

@@ -84,8 +84,8 @@ async def test_storm_whois_guid(self):
             '''
             opts = {'vars': {'props': props}}
             mesgs = await core.stormlist(stormcmd, opts=opts)
-            warn = [m[1]['mesg'] for m in mesgs if m[0] == 'warn']
-            self.isin('Insufficient guid vals identified, using random guid:', warn[0])
+            self.stormIsInWarn('$lib.inet.whois.guid() is deprecated', mesgs)
+            self.stormIsInWarn('Insufficient guid vals identified, using random guid:', mesgs)
             self.len(1, await core.nodes(f'inet:whois:ipquery:fqdn={props["fqdn"]}'))
 
             props = {
@@ -97,8 +97,8 @@ async def test_storm_whois_guid(self):
             '''
             opts = {'vars': {'props': props}}
             mesgs = await core.stormlist(stormcmd, opts=opts)
-            warn = [m[1]['mesg'] for m in mesgs if m[0] == 'warn']
-            self.isin('Insufficient guid vals identified, using random guid:', warn[0])
+            self.stormIsInWarn('$lib.inet.whois.guid() is deprecated', mesgs)
+            self.stormIsInWarn('Insufficient guid vals identified, using random guid:', mesgs)
             self.len(1, await core.nodes(f'inet:whois:ipcontact:asn={props["asn"]}'))
 
             # Failure cases