Beispiel #1
0
def delete_perm(db_session, permission: str, requester):
    """
    Removes a permission from the system
    :param db_session: The postgres session to be used.
    :param permission: String The permission to be removed (name or ID).
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username".
    :return:
    :raises HTTPRequestError: Can't delete a system permission.
    """
    try:
        perm = Permission.get_by_name_or_id(permission)
        if perm.type == PermissionTypeEnum.api:
            db_session.execute(
                UserPermission.__table__.delete(
                    UserPermission.permission_id == perm.id))
            db_session.execute(
                GroupPermission.__table__.delete(
                    GroupPermission.permission_id == perm.id))
            cache.delete_key(action=perm.method, resource=perm.path)
            LOGGER.info(
                f"permission {perm.name} deleted by {requester['username']}")
            LOGGER.info(perm.safe_dict())
            db_session.delete(perm)
            db_session.commit()
            MVUserPermission.refresh()
            MVGroupPermission.refresh()
        else:
            raise HTTPRequestError(405, "Can't delete a system permission")
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")
Beispiel #2
0
def add_user_group(db_session, user, group, requester):
    try:
        user = User.get_by_name_or_id(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404,
                               f"No user found with this ID or name: {user}")
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(
            404, f"No group found with this ID or name: {group}")

    if db_session.query(UserGroup).filter_by(user_id=user.id,
                                             group_id=group.id).one_or_none():
        raise HTTPRequestError(409, "User is already a member of the group")

    r = UserGroup(user_id=user.id, group_id=group.id)
    db_session.add(r)
    cache.delete_key(userid=user.id)

    user.reset_token()
    db_session.add(user)

    log().info(
        f"user {user.username} added to group {group.name} by {requester['username']}"
    )

    db_session.commit()
Beispiel #3
0
def delete_user(db_session, user, requester):
    try:
        user = User.getByNameOrID(user)
        if user.id == requester['userid']:
            raise HTTPRequestError(400, "a user can't remove himself")
        db_session.execute(
            UserPermission.__table__.delete(UserPermission.user_id == user.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.user_id == user.id))
        cache.delete_key(userid=user.id)

        # The user is not hardDeleted.
        # it should be copied to inactiveUser table
        inactiveTables.PasswdInactive.createInactiveFromUser(
            db_session,
            user,
        )
        inactiveTables.UserInactive.createInactiveFromUser(
            db_session, user, requester['userid'])
        password.expire_password_reset_requests(db_session, user.id)
        db_session.delete(user)
        log().info(
            'user ' + user.username + ' deleted by ' + requester['username'],
            user.safeDict())
        return user
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID")
Beispiel #4
0
def delete_user(db_session, username: str, requester):
    """
    Deletes an user from the system
    :param db_session: The postgres session to be used
    :param username: String The user to be removed
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The removed user
    :raises HTTPRequestError: If the user tries to remove itself.
    :raises HTTPRequestError: Can't delete the admin user.
    :raises HTTPRequestError: If the user is not in the database.
    """
    try:
        user = User.get_by_name_or_id(username)
        if user.id == requester['userid']:
            raise HTTPRequestError(400, "a user can't remove himself")
        elif user.username == 'admin':
            raise HTTPRequestError(405, "Can't delete the admin user")

        db_session.execute(
            UserPermission.__table__.delete(UserPermission.user_id == user.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.user_id == user.id))
        cache.delete_key(userid=user.id)

        # The user is not hardDeleted.
        # it should be copied to inactiveUser table
        inactiveTables.PasswdInactive.createInactiveFromUser(
            db_session,
            user,
        )
        inactiveTables.UserInactive.createInactiveFromUser(
            db_session, user, requester['userid'])
        password.expire_password_reset_requests(db_session, user.id)
        db_session.delete(user)
        LOGGER.info(f"user {user.username} deleted by {requester['username']}")
        LOGGER.info(user.safe_dict())

        kongUtils.remove_from_kong(user.username)
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        db_session.commit()

        if count_tenant_users(db_session, user.service) == 0:
            LOGGER.info(
                f"will emit tenant lifecycle event {user.service} - DELETE")
            Publisher.send_notification({
                "type": 'DELETE',
                'tenant': user.service
            })

        return user
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID")
Beispiel #5
0
def delete_group(db_session, group, requester):
    try:
        group = Group.getByNameOrID(group)
        db_session.execute(
            GroupPermission.__table__.delete(
                GroupPermission.group_id == group.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.group_id == group.id))
        cache.delete_key()
        log().info(
            'group ' + group.name + ' deleted by ' + requester['username'],
            group.safeDict())
        db_session.delete(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID")
Beispiel #6
0
def delete_perm(db_session, permission, requester):
    try:
        perm = Permission.getByNameOrID(permission)
        db_session.execute(
            UserPermission.__table__.delete(
                UserPermission.permission_id == perm.id))
        db_session.execute(
            GroupPermission.__table__.delete(
                GroupPermission.permission_id == perm.id))
        cache.delete_key(action=perm.method, resource=perm.path)
        log().info(
            'permission ' + str(perm.name) + ' deleted by ' +
            requester['username'], perm.safeDict())
        db_session.delete(perm)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")
Beispiel #7
0
def remove_user_group(db_session, user, group, requester):
    try:
        user = User.getByNameOrID(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        group = Group.getByNameOrID(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        relation = db_session.query(UserGroup) \
            .filter_by(user_id=user.id, group_id=group.id).one()
        db_session.delete(relation)
        cache.delete_key(userid=user.id)
        log().info('user ' + user.username + ' removed from ' + group.name
                   + ' by ' + requester['username'])
    except sqlalchemy.orm.exc.NoResultFound:
        raise HTTPRequestError(404, "User is not a member of the group")
def remove_user_group(db_session, user, group, requester):
    try:
        user = User.get_by_name_or_id(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        relation = db_session.query(UserGroup) \
            .filter_by(user_id=user.id, group_id=group.id).one()
        db_session.delete(relation)
        cache.delete_key(userid=user.id)
        log().info(f"user {user.username} removed from {group.name} by {requester['username']}")
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "User is not a member of the group")
Beispiel #9
0
def remove_group_permission(db_session, group, permission, requester):
    try:
        group = Group.getByNameOrID(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.getByNameOrID(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")
    try:
        relation = db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one()
        db_session.delete(relation)
        cache.delete_key(action=perm.method,
                         resource=perm.path)
        log().info('permission ' + perm.name + ' removed from '
                   ' group ' + group.name + ' by ' + requester['username'])
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "Group does not have this permission")
Beispiel #10
0
def add_group_permission(db_session, group, permission, requester):
    try:
        group = Group.getByNameOrID(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.getByNameOrID(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")

    if db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
        raise HTTPRequestError(409, "Group already have this permission")

    r = GroupPermission(group_id=group.id, permission_id=perm.id)
    db_session.add(r)
    cache.delete_key(action=perm.method,
                     resource=perm.path)
    log().info('permission ' + perm.name + ' added to group ' + group.name
               + ' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester):
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")
    try:
        relation = db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one()
        db_session.delete(relation)
        cache.delete_key(action=perm.method,
                         resource=perm.path)
        log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
        MVGroupPermission.refresh()
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "Group does not have this permission")
Beispiel #12
0
def remove_user_permission(db_session, user, permission, requester):
    try:
        user = User.getByNameOrID(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        perm = Permission.getByNameOrID(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")
    try:
        relation = db_session.query(UserPermission) \
            .filter_by(user_id=user.id, permission_id=perm.id).one()
        db_session.delete(relation)
        cache.delete_key(userid=user.id,
                         action=perm.method,
                         resource=perm.path)
        log().info('user ' + user.username + ' removed permission '
                   + perm.name + ' by ' + requester['username'])
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "User does not have this permission")
Beispiel #13
0
def add_user_group(db_session, user, group, requester):
    try:
        user = User.getByNameOrID(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        group = Group.getByNameOrID(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")

    if db_session.query(UserGroup).filter_by(
                                                user_id=user.id,
                                                group_id=group.id
                                             ).one_or_none():
        raise HTTPRequestError(409, "User is already a member of the group")

    r = UserGroup(user_id=user.id, group_id=group.id)
    db_session.add(r)
    cache.delete_key(userid=user.id)
    log().info('user ' + user.username + ' added to group ' + group.name
               + ' by ' + requester['username'])
Beispiel #14
0
def add_user_permission(db_session, user, permission, requester):
    try:
        user = User.getByNameOrID(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        perm = Permission.getByNameOrID(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")

    if db_session.query(UserPermission) \
            .filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
        raise HTTPRequestError(409, "User already have this permission")

    r = UserPermission(user_id=user.id, permission_id=perm.id)
    db_session.add(r)
    cache.delete_key(userid=user.id,
                     action=perm.method,
                     resource=perm.path)
    log().info('user ' + user.username + ' received permission '
               + perm.name + ' by ' + requester['username'])
def add_group_permission(db_session, group, permission, requester):
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")

    if db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
        raise HTTPRequestError(409, "Group already have this permission")

    r = GroupPermission(group_id=group.id, permission_id=perm.id)
    db_session.add(r)
    cache.delete_key(action=perm.method,
                     resource=perm.path)
    log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
    MVGroupPermission.refresh()
    db_session.commit()
Beispiel #16
0
def delete_group(db_session, group, requester):
    try:
        group = Group.get_by_name_or_id(group)

        if group.name == 'admin':
            raise HTTPRequestError(405, "Can't delete admin group")

        db_session.execute(
            GroupPermission.__table__.delete(
                GroupPermission.group_id == group.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.group_id == group.id))
        cache.delete_key()
        LOGGER.info(
            'group ' + group.name + ' deleted by ' + requester['username'],
            group.safe_dict())
        db_session.delete(group)
        MVGroupPermission.refresh()
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID")
def remove_user_permission(db_session, user, permission, requester):
    try:
        user = User.get_by_name_or_id(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")
    try:
        relation = db_session.query(UserPermission) \
            .filter_by(user_id=user.id, permission_id=perm.id).one()
        db_session.delete(relation)
        cache.delete_key(userid=user.id,
                         action=perm.method,
                         resource=perm.path)
        log().info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}")
        MVUserPermission.refresh()
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "User does not have this permission")
Beispiel #18
0
def add_user_permission(db_session, user, permission, requester):
    try:
        user = User.get_by_name_or_id(user)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")

    if db_session.query(UserPermission) \
            .filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
        raise HTTPRequestError(409, "User already have this permission")

    r = UserPermission(user_id=user.id, permission_id=perm.id)
    db_session.add(r)
    cache.delete_key(userid=user.id, action=perm.method, resource=perm.path)
    MVUserPermission.refresh()
    db_session.commit()
    log().info(
        f"user {user.username} received permission {perm.name} by {requester['username']}"
    )
Beispiel #19
0
def drop_cache():
    cache.delete_key()
    return format_response(200)