def getUserGrups(dbSession, user):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this username or ID")
else:
return user.groups
def get_user_groups(db_session, user):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this username or ID")
else:
return user.groups
def getUserDirectPermissions(dbSession, user):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this username or ID")
return user.permissions
def deleteUser(dbSession, user, requester):
try:
user = User.getByNameOrID(user)
if user.id == requester['userid']:
raise HTTPRequestError(400, "a user can't remove himself")
dbSession.execute(
UserPermission.__table__.delete(UserPermission.user_id == user.id)
)
dbSession.execute(
UserGroup.__table__.delete(UserGroup.user_id == user.id)
)
cache.deleteKey(userid=user.id)
# The user is not hardDeleted.
# it should be copied to inactiveUser table
inactiveTables.PasswdInactive.createInactiveFromUser(dbSession,
user,)
inactiveTables.UserInactive.createInactiveFromUser(dbSession,
user,
requester['userid'])
passwd.expirePasswordResetRequests(dbSession, user.id)
dbSession.delete(user)
log().info('user ' + user.username + ' deleted by '
+ requester['username'],
user.safeDict())
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID")
def updateUser(dbSession, user, updatedInfo, requester):
# Drop invalid fields
updatedInfo = {
k: updatedInfo[k]
for k in updatedInfo
if k in User.fillable
}
oldUser = User.getByNameOrID(user)
if 'username' in updatedInfo.keys() \
and updatedInfo['username'] != oldUser.username:
raise HTTPRequestError(400, "usernames can't be updated")
checkUser(updatedInfo)
# Verify if the email is in use by another user
if 'email' in updatedInfo.keys() and updatedInfo['email'] != oldUser.email:
anotherUser = dbSession.query(User) \
.filter_by(email=updatedInfo['email']) \
.one_or_none()
if anotherUser:
raise HTTPRequestError(400, "email already in use")
log().info('user ' + oldUser.username + ' updated by '
+ requester['username'],
{'oldUser': oldUser.safeDict(), 'newUser': updatedInfo})
if 'name' in updatedInfo.keys():
oldUser.name = updatedInfo['name']
if 'service' in updatedInfo.keys():
oldUser.service = updatedInfo['service']
if 'email' in updatedInfo.keys():
oldUser.email = updatedInfo['email']
return oldUser
def get_all_user_permissions(db_session, user):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this username or ID")
permissions = user.permissions
permissions += [
perm for group in user.groups for perm in group.permissions
]
# drop possible duplicates
return list({v.id: v for v in permissions}.values())
def add_user_groups():
predef_user_group = [
{
"name": "admin",
"groups": ["admin"]
},
]
for user in predef_user_group:
user_id = User.getByNameOrID(user['name']).id
for group_name in user['groups']:
r = UserGroup(user_id=user_id,
group_id=Group.getByNameOrID(group_name).id)
db.session.add(r)
db.session.commit()
def removeUserGroup(dbSession, user, group, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
relation = dbSession.query(UserGroup) \
.filter_by(user_id=user.id, group_id=group.id).one()
dbSession.delete(relation)
cache.deleteKey(userid=user.id)
log().info('user ' + user.username + ' removed from ' + group.name +
' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User is not a member of the group")
def removeUserPermission(dbSession, user, permission, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(userid=user.id, action=perm.method, resource=perm.path)
log().info('user ' + user.username + ' removed permission ' +
perm.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def addUserGroup(dbSession, user, group, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
if dbSession.query(UserGroup).filter_by(user_id=user.id,
group_id=group.id).one_or_none():
raise HTTPRequestError(409, "User is already a member of the group")
r = UserGroup(user_id=user.id, group_id=group.id)
dbSession.add(r)
cache.deleteKey(userid=user.id)
log().info('user ' + user.username + ' added to group ' + group.name +
' by ' + requester['username'])
def resetPassword(dbSession, link, resetData):
if 'passwd' not in resetData.keys():
raise HTTPRequestError(400, 'missing password')
try:
resetRequest = dbSession.query(PasswordRequest). \
filter_by(link=link).one()
if chechRequestValidity(dbSession, resetRequest):
user = User.getByNameOrID(resetRequest.user_id)
user.salt, user.hash = update(dbSession, user, resetData['passwd'])
# remove this used reset request
PasswordRequestInactive.createInactiveFromRequest(
dbSession, resetRequest)
dbSession.delete(resetRequest)
return user
else:
raise HTTPRequestError(404, 'Page not found or expired')
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, 'Page not found or expired')
def add_user_permission(db_session, user, permission, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info('user ' + user.username + ' received permission '
+ perm.name + ' by ' + requester['username'])
def getUser(dbSession, user):
try:
user = User.getByNameOrID(user)
return user
except (sqlalchemy.orm.exc.NoResultFound, ValueError):
raise HTTPRequestError(404, "No user found with this ID")
def get_user(db_session, user):
try:
user = User.getByNameOrID(user)
return user
except (orm_exceptions.NoResultFound, ValueError):
raise HTTPRequestError(404, "No user found with this ID")