def create_users(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.user.post(flask.request.json))
if not (auth.is_admin(user)
or auth.is_admin_user(user, values['team_id'])):
raise auth.UNAUTHORIZED
role_id = values.get('role_id', auth.get_role_id('USER'))
if not auth.is_admin(user) and role_id == auth.get_role_id('SUPER_ADMIN'):
raise auth.UNAUTHORIZED
values.update({
'password': auth.hash_password(values.get('password')),
'role_id': role_id
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
# remove the password in the result for security reasons
del values['password']
return flask.Response(json.dumps({'user': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def get_role_by_id(user, role_id):
role = v1_utils.verify_existence_and_get(role_id, _TABLE)
if user['role_id'] != role_id and \
user['role_id'] not in [auth.get_role_id('ADMIN'),
auth.get_role_id('SUPER_ADMIN')]:
raise auth.UNAUTHORIZED
if not auth.is_admin(user) and auth.get_role_id('SUPER_ADMIN') == role_id:
raise auth.UNAUTHORIZED
return base.get_resource_by_id(user, role, _TABLE, _EMBED_MANY)
def create_feeders(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.feeder.post(flask.request.json))
if not user.is_in_team(values['team_id']):
raise auth.UNAUTHORIZED
values.update({
# XXX(fc): this should be populated as a default value from the
# model, but we don't return values from the database :(
'api_secret': signature.gen_secret(),
'role_id': auth.get_role_id('FEEDER'),
'data': values.get('data', {}),
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'feeder': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def get_role_by_id(user, role_id):
role = v1_utils.verify_existence_and_get(role_id, _TABLE)
if user.role_id != role_id and user.is_regular_user():
raise auth.UNAUTHORIZED
if not user.is_super_admin() and \
auth.get_role_id('SUPER_ADMIN') == role_id:
raise auth.UNAUTHORIZED
return base.get_resource_by_id(user, role, _TABLE, _EMBED_MANY)
def get_all_roles(user):
args = schemas.args(flask.request.args.to_dict())
query = v1_utils.QueryBuilder(_TABLE, args, _T_COLUMNS)
query.add_extra_condition(_TABLE.c.state != 'archived')
if not auth.is_admin(user):
query.add_extra_condition(_TABLE.c.label != 'SUPER_ADMIN')
if user['role_id'] not in [
auth.get_role_id('ADMIN'),
auth.get_role_id('SUPER_ADMIN')
]:
query.add_extra_condition(_TABLE.c.id == user['role_id'])
nb_rows = query.get_number_of_rows()
rows = query.execute(fetchall=True)
rows = v1_utils.format_result(rows, _TABLE.name, args['embed'],
_EMBED_MANY)
return flask.jsonify({'roles': rows, '_meta': {'count': nb_rows}})
def get_logs(user):
args = schemas.args(flask.request.args.to_dict())
if user['role_id'] not in [
auth.get_role_id('ADMIN'),
auth.get_role_id('SUPER_ADMIN')
]:
raise auth.UNAUTHORIZED
if args['limit'] is None:
args['limit'] = 10
query = v1_utils.QueryBuilder(_TABLE, args, _A_COLUMNS)
if not auth.is_admin(user):
query.add_extra_condition(_TABLE.c.team_id == user['team_id'])
nb_rows = query.get_number_of_rows()
rows = query.execute(fetchall=True)
rows = v1_utils.format_result(rows, _TABLE.name, args['embed'], None)
return flask.jsonify({'audits': rows, '_meta': {'count': nb_rows}})
def _create_user_and_get(self, decoded_token):
"""Create the user according to the token, this function assume that
the token has been verified."""
user_values = {
'role_id': auth.get_role_id('USER'),
'name': decoded_token.get('username'),
'fullname': decoded_token.get('username'),
'sso_username': decoded_token.get('username'),
'team_id': None,
'email': decoded_token.get('email'),
'timezone': 'UTC',
}
query = models.USERS.insert().values(user_values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(models.USERS.name, 'username')
return self._get_user_from_sso_username(decoded_token.get('username'))