in azure-devops/azext_devops/dev/team/security_permission.py [0:0]
def _resolve_bits(response, permissions_types, changed_bits=0):
inherited_allow = 0
inherited_deny = 0
effective_allow = 0
effective_deny = 0
if len(response) > 1 or len(response[0].aces_dictionary) > 1:
raise CLIError('Multiple entries found in acesDictionary. Please filter the response by token.')
acl = response[0]
ace = list(acl.aces_dictionary.values())[0]
allow_bit = ace.allow
deny_bit = ace.deny
if acl.include_extended_info is True:
if ace.extended_info.effective_allow is not None:
effective_allow = ace.extended_info.effective_allow
if ace.extended_info.effective_deny is not None:
effective_deny = ace.extended_info.effective_deny
if acl.include_extended_info is True:
inherited_allow = allow_bit ^ effective_allow
inherited_deny = deny_bit ^ effective_deny
# If changed_bits is zero, display all permissions
if changed_bits == 0:
total_permission_types = len(permissions_types[0].actions)
last_permission_bit_value = permissions_types[0].actions[total_permission_types - 1].bit
changed_bits = 2 * last_permission_bit_value - 1
permission_response = []
for item in permissions_types[0].actions:
if changed_bits & item.bit:
permission_value_string = None
if effective_deny and item.bit & effective_deny:
permission_value_string = 'Deny'
if inherited_deny & item.bit:
permission_value_string = 'Deny (inherited)'
elif effective_allow and item.bit & effective_allow:
permission_value_string = 'Allow'
if inherited_allow & item.bit:
permission_value_string = 'Allow (inherited)'
else:
permission_value_string = 'Not set'
permission_obj = PermissionDetails()
permission_obj.bit = item.bit
permission_obj.name = item.name
permission_obj.display_name = item.display_name
permission_obj.effective_permission = permission_value_string
permission_response.append(permission_obj)
return permission_response