def removeSubscriptionUser(subscriptionId, userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
if not AgentUser.GetUser(subscriptionId, userId):
return "The user with user id {userId} doesn't exist in subscription {subscriptionId}".format(
userId=userId, subscriptionId=subscriptionId), 404
AgentUser.DeleteUser(subscriptionId, userId)
return jsonify({}), 204
except Exception as e:
return handleExceptions(e)
def removeAdmin(userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
objectId = AuthenticationHelper.GetUserObjectId(getToken())
admin = AgentUser.GetAdmin(userId)
if not admin:
return "The admin with user id {userId} doesn't exist.".format(
userId=userId), 404
if admin.ObjectId.lower() == objectId:
raise LunaUserException(
HTTPStatus.CONFLICT,
"Admin cannot remove themselves from Admin list.")
AgentUser.DeleteAdmin(userId)
return jsonify({}), 204
except Exception as e:
return handleExceptions(e)
def listAllAdmins():
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
admins = AgentUser.ListAllAdmin()
return jsonify(admins), 200
except Exception as e:
return handleExceptions(e)
def getSubscriptionUser(subscriptionId, userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
user = AgentUser.GetUser(subscriptionId, userId)
return jsonify(user), 200
except Exception as e:
return handleExceptions(e)
def listAllSubscriptionUsers(subscriptionId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
users = AgentUser.ListAllBySubscriptionId(subscriptionId)
return jsonify(users), 200
except Exception as e:
return handleExceptions(e)
def ValidateSignitureAndUser(token, subscriptionId=None):
signiture = AuthenticationHelper.ValidateSigniture(token)
objectId = signiture["oid"].lower()
for user in AgentUser.ListAllAdmin():
## TODO: which property should we use here
if objectId == user.ObjectId.lower():
return "Admin"
## If the subscription id is specified, validate the user permission. Otherwise, return user name directly
if subscriptionId:
for user in AgentUser.ListAllBySubscriptionId(subscriptionId):
if objectId == user.ObjectId.lower():
return objectId
raise LunaUserException(HTTPStatus.FORBIDDEN, "The resource doesn't exist or you don't have permission to access it.")
else:
return objectId
def ValidateSignitureAndAdmin(token):
signiture = AuthenticationHelper.ValidateSigniture(token)
for admin in AgentUser.ListAllAdmin():
## TODO: which property should we use here
if signiture["oid"].lower() == admin.ObjectId.lower():
return "Admin"
raise LunaUserException(HTTPStatus.FORBIDDEN, "Admin permission is required for this operation.")
def ListAllByUserObjectId(objectId):
subscriptions = APISubscription.ListAll()
result = []
for subscription in subscriptions:
users = AgentUser.ListAllBySubscriptionId(subscription.SubscriptionId)
if any(user.ObjectId == objectId for user in users):
result.append(subscription)
return result
def getAdmin(userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
admin = AgentUser.GetAdmin(userId)
if not admin:
return "The admin with user id {userId} doesn't exist.".format(
userId=userId), 404
return jsonify(admin), 200
except Exception as e:
return handleExceptions(e)
def Get(subscriptionId, objectId="Admin"):
""" the function will should only be called in local mode, otherwise, the keys might be out of date! """
if objectId != "Admin":
# validate the userId
users = AgentUser.ListAllBySubscriptionId(subscriptionId)
if not any(user.ObjectId == objectId for user in users):
raise LunaUserException(HTTPStatus.FORBIDDEN, "The subscription {} doesn't exist or you don't have permission to access it.".format(subscriptionId))
session = Session()
subscription = session.query(APISubscription).filter_by(SubscriptionId = subscriptionId).first()
session.close()
if not subscription:
return None
subscription.PrimaryKey = key_vault_helper.get_secret(subscription.PrimaryKeySecretName)
subscription.SecondaryKey = key_vault_helper.get_secret(subscription.SecondaryKeySecretName)
if os.environ["AGENT_MODE"] == "LOCAL" and objectId == "Admin":
subscription.Admins = AgentUser.ListAllAdmin()
subscription.Users = AgentUser.ListAllBySubscriptionId(subscriptionId)
subscription.AvailablePlans = ["Basic", "Premium"]
return subscription
def addAdmin(userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
if AgentUser.GetAdmin(userId):
return "The admin with user id {userId} already exists.".format(
userId=userId), 409
if "ObjectId" not in request.json:
raise LunaUserException(HTTPStatus.BAD_REQUEST,
"The object id is required")
user = AgentUser(**request.json)
if user.Role != "Admin":
return "The role of the admin user must be Admin.", 400
if userId != user.AADUserId:
return "The user id in request body doesn't match the user id in request url.", 400
AgentUser.Create(user)
return jsonify(request.json), 202
except Exception as e:
return handleExceptions(e)
def addSubscriptionUser(subscriptionId, userId):
try:
AuthenticationHelper.ValidateSignitureAndAdmin(getToken())
if AgentUser.GetUser(subscriptionId, userId):
return "The user with user id {userId} already exists in subscription {subscriptionId}".format(
userId=userId, subscriptionId=subscriptionId), 409
if "ObjectId" not in request.json:
raise LunaUserException(HTTPStatus.BAD_REQUEST,
"The object id is required")
user = AgentUser(**request.json)
if subscriptionId != user.SubscriptionId:
return "The subscription id in request body doesn't match the subscription id in request url.", 400
if userId != user.AADUserId:
return "The user id in request body doesn't match the user id in request url.", 400
AgentUser.Create(user)
return jsonify(request.json), 202
except Exception as e:
return handleExceptions(e)