Beispiel #1
0
    def check_permissions(cls,
                          request: Request,
                          user: AbstractUser,
                          with_permissions: List[str] = None):
        """
        Check if user having permissions in provided list
        If user has `manage_{resource_name}`, assume he can do all actions: `view, edit, change, delete`
        :param request: request instance
        :param user: normally a reference to request.user
        :param with_permissions: list of permissions for checking
        :return: True if all permission checked successfully, else False
        """
        app_label = "crm"
        app_permissions_to_check = dict()

        for permission in with_permissions:
            try:
                permission_parts = permission.split("_")
                action_name = permission_parts[0]
                resource_name = permission_parts[1]
                app_permission = f"{app_label}.{permission}"
                if user.has_perm(f"{app_label}.manage_{resource_name}"):
                    app_permissions_to_check[permission] = True
                else:
                    app_permissions_to_check[permission] = user.has_perm(
                        app_permission)
            except IndexError:
                continue

        return all([v for _, v in app_permissions_to_check.items()])
Beispiel #2
0
def revoke_stale_memberships(user: AbstractUser, group_paths: Iterable[str]):
    """Remove user from django groups that are not specified in keycloak"""
    logger.debug("Revoking stale memberships for user {}...".format(user))
    allowed_group_names = [path.rpartition("/")[-1] for path in group_paths]
    for group in user.groups.exclude(name__in=allowed_group_names):
        logger.debug("removing user {} from group {}...".format(user, group))
        user.groups.remove(group)
    user.save()
Beispiel #3
0
def create_django_memberships(user: AbstractUser, group_paths: Iterable[str]):
    """Add user to django groups that are specified in keycloak

    This function will create new django groups if they do not exist yet

    """

    logger.debug("Creating new django memberships for user {}...".format(user))
    allowed_group_names = [path.rpartition("/")[-1] for path in group_paths]
    for group_name in allowed_group_names:
        group = Group.objects.get_or_create(name=group_name)[0]
        logger.debug("adding user {} to group {}".format(user, group))
        user.groups.add(group)
    user.save()
Beispiel #4
0
def enforce_staff_role(user: AbstractUser, roles: list) -> list:
    """Synchronize django ``staff`` role from the keycloak roles

    The returned list of roles does not contain the staff role anymore.

    """
    logger.debug("Enforcing staff role for user {}...".format(user))
    result = roles[:]
    try:
        result.remove(settings.KEYCLOAK.get("staff_role"))
        user.is_staff = True
    except ValueError:
        user.is_staff = False
    user.save()
    return result
Beispiel #5
0
 def has_perm(self, perm, obj=None):
     if self.employee_id is not None and perm in ['c.scheduling.view_customer', 'c.scheduling.view_service',
                                                  'c.scheduling.view_appointment', 'c.scheduling.view_schedule']:
         return True
     if perm.startswith('c.'):
         perm = perm[2:]
     return AbstractUser.has_perm(self, perm, obj)
Beispiel #6
0
class Player(AbstractUser):

    objects = PlayerManager
    user = AbstractUser()

    active = models.BooleanField(default=True)

    is_referee = models.BooleanField(default=False)

    wins = models.IntegerField(default=0, )

    losses = models.IntegerField(default=0, )

    player_bio = models.TextField(
        blank=True,
        default='',
        max_length=280,
    )

    player_ranking = models.ForeignKey(
        'ranking.Ranking',
        on_delete=models.CASCADE,
        null=True,
        blank=True,
        related_name='player_ranking',
    )

    def __str__(self):
        return self.user.get_username()
Beispiel #7
0
    def update_translation_string(cls, user: AbstractUser, translation_id: int,
                                  key: str, value: str):
        """
        create/update a single translation
        :param user: the user calling the service
        :param translation_id: the translation_id this string is related to
        :param key: the translation key
        :param value: the translation value
        :return: the newly created translation object
        """
        translation = FormTranslation.objects.get(pk=translation_id)

        if not user.has_perm(CanAddFormTranslationPermission):
            raise PermissionError(
                "You are not allowed to change a translation for this form")

        try:
            trans_key = TranslationKey.objects.get(key=key,
                                                   translation=translation.pk)
            trans_key = TranslationKeyService._update(trans_key.pk, {
                "value": value,
                "key": key
            })
        except TranslationKey.DoesNotExist:
            trans_key = TranslationKeyService._create({
                "translation": translation_id,
                "key": key,
                "value": value,
            })

        return trans_key
    def remove_member(cls, user: AbstractUser, team_id: int,
                      affected_user_id: int) -> bool:
        """
        update a team member
        :param user: user calling the service
        :param team_id: id of the team the user should be removed from
        :param affected_user_id: the user that should be removed
        :return: True if user has been sucessfully removed
        """

        team = TeamService.retrieve(user, team_id)

        if not team.members.filter(
                user=user, role=TeamRoleChoices.ADMIN).exists(
                ) and not user.has_perm(CanRemoveTeamMemberPermission):
            raise TeamServiceException(
                "You don't have the permission to remove a team member."
                "You must be either team admin or have the permission 'CanRemoveTeamMemberPermission'."
            )

        membership = team.members.filter(user=affected_user_id).get()

        if (team.members.filter(role=TeamRoleChoices.ADMIN).count() == 1
                and membership.role == TeamRoleChoices.ADMIN):
            raise TeamServiceException(
                "This user can't be removed because every team needs at least one admin."
            )

        return cls._delete(membership.id)
Beispiel #9
0
    def create_form_translation(cls, user: AbstractUser, form_id: int,
                                language: str, region: str):
        """create a new translation for the given form
        :param user: the user calling the service
        :param form_id: the form_id the translation is for
        :param language:  the language the strings should be translated to
        :param region:  the region of the language the strings should be translated to
        """
        form = FormService.retrieve_form(form_id)

        if not user.has_perm(CanAddFormTranslationPermission):
            raise PermissionError(
                "You are not allowed to add a translation to this form")

        if f"{language}-{region}" not in [
                a["iso_code"] for a in cls.get_available_languages()
        ]:
            raise FormServiceException(
                f"{language}-{region} is not configured as a supported language"
            )

        translation = cls._create({
            "form": form.id,
            "language": language,
            "region": region
        })
        return translation
    def activate_key(cls, user: AbstractUser, public_key_id: int,
                     keys: Dict[int, str]) -> EncryptionKey:
        """
        activate a submitted public key that is used to share form keys between users
        :param user: the user calling the service
        :param keys: the encrypted keys to access teams
        :param public_key_id: id the of the public key that should be activated
        :return: the activated key object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError(
                "You are not allowed to activate this form key")
        public_key = EncryptionKey.objects.get(id=public_key_id)

        if public_key.active == True:
            raise FormServiceException("This public key is already active.")

        public_key.active = True
        public_key.save()

        for membership_id, key in keys.items():
            TeamMembershipAccessKeyService.add_membership_key(
                membership=membership_id,
                encryption_key=public_key_id,
                key=key)
        return public_key
    def create(cls, user: AbstractUser, name: str, keys: Dict[int,
                                                              str]) -> Team:
        """
        creates a new user and makes them admin
        :param user: user calling the service (needs CanCreateTeamPermission permission)
        :param name: name of the Team
        :param keys: the newly generated public key
        :return: the newly generated team
        """
        if not user.has_perm(CanCreateTeamPermission):
            raise TeamServiceException(
                "You don't have the permission to create a new team")

        TeamMembershipService._validate_keys_provided(user, keys)

        team = cls._create({"name": name})

        TeamMembershipService.add_member(
            user=user,
            team_id=team.id,
            keys=keys,
            invited_user_id=user.pk,
            role=TeamRoleChoices.ADMIN,
        )
        return team
Beispiel #12
0
    def update_form_(cls, user: AbstractUser,
                     form_id: int,
                     name: str = NotPassed,
                     description: str = NotPassed,
                     xml_code: str = NotPassed,
                     js_code: str = NotPassed,
                     active: bool = NotPassed) -> Form:
        """
        update an exsisting form
        :param user: the user calling the service
        :param form_id: id of the form that should be updated
        :param name: name of the form
        :param description: description (legal information, …)
        :param xml_code: xml code for the visual editor
        :param js_code: javascript code to render the form
        :param active: if the form is active or inactive
        :return: the updated form instance
        """

        # TODO: implement updated note
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form.")

        form = cls._update(form_id, {
            'name': name,
            'description': description,
            'xml_code': xml_code,
            'js_code': js_code,
            'active': active,
        })

        form.refresh_from_db()
        return form
Beispiel #13
0
    def force_login(self, user: AbstractUser, base_url: str) -> None:
        """
        Sets selenium to appear as if a user has successfully signed in.

        The user will have its backend attribute set to the value of the
        backend argument (which should be a dotted Python path string),
        or to settings.AUTHENTICATION_BACKENDS[0] if a value isn't
        provided. The authenticate() function called by login() normally
        annotates the user like this.

        The code is based on https://github.com/feffe/django-selenium-login/blob/master/seleniumlogin/__init__.py. 
        """

        # The original code was licensed under:
        #
        #
        # MIT License
        #
        # Copyright (c) 2016 Fredrik Westermark
        #
        # Permission is hereby granted, free of charge, to any person obtaining a copy
        # of this software and associated documentation files (the "Software"), to deal
        # in the Software without restriction, including without limitation the rights
        # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        # copies of the Software, and to permit persons to whom the Software is
        # furnished to do so, subject to the following conditions:
        #
        # The above copyright notice and this permission notice shall be included in all
        # copies or substantial portions of the Software.
        #
        # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        # SOFTWARE.
        #
        from django.conf import settings

        SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
        selenium_login_start_page = getattr(
            settings, "SELENIUM_LOGIN_START_PAGE", "/page_404/"
        )
        self.driver.get("{}{}".format(base_url, selenium_login_start_page))

        session = SessionStore()
        session[SESSION_KEY] = user.id
        session[BACKEND_SESSION_KEY] = settings.AUTHENTICATION_BACKENDS[0]
        session[HASH_SESSION_KEY] = user.get_session_auth_hash()
        session.save()

        cookie = {
            "name": settings.SESSION_COOKIE_NAME,
            "value": session.session_key,
            "path": "/",
        }
        self.driver.add_cookie(cookie)
        self.driver.refresh()
Beispiel #14
0
def get_view_permissions(user: AbstractUser) -> Set[str]:
    """
    Get model names based on a users view/change permissions
    """
    lower_perms = map(lambda x: x.lower(), user.get_all_permissions())
    return {
        x.replace("view_", "")
        for x in lower_perms if "view" in x or "change" in x
    }
Beispiel #15
0
 def add_key(cls, user: AbstractUser, public_key: str) -> EncryptionKey:
     """
     submit a generated key for a user
     :param user: the user calling the service
     :param public_key: their public key
     :return: id/information about key creation
     """
     if not user.has_perm(CanAddEncryptionKeyPermission):
         raise PermissionError("You are not allowed to add a form key")
     return EncryptionKey.objects.create(user=user, public_key=public_key, active=False)
Beispiel #16
0
def get_view_permissions(user: AbstractUser) -> Set[str]:
    """
    Get model names based on a users view/change permissions
    """
    perms = user.get_all_permissions()
    # the perm codenames should always be lower case
    lower_perms = []
    for perm in perms:
        app, perm_codename = perm.split(".")
        lower_perms.append("{app}.{perm_codename}".format(app=app, perm_codename=perm_codename.lower()))
    return {x.replace("view_", "") for x in lower_perms if "view" in x or "change" in x}
Beispiel #17
0
 def test_email_user(self):
     # valid send_mail parameters
     kwargs = {
         "fail_silently": False,
         "auth_user": None,
         "auth_password": None,
         "connection": None,
         "html_message": None,
     }
     abstract_user = AbstractUser(email='*****@*****.**')
     abstract_user.email_user(subject="Subject here",
         message="This is a message", from_email="*****@*****.**", **kwargs)
     # Test that one message has been sent.
     self.assertEqual(len(mail.outbox), 1)
     # Verify that test email contains the correct attributes:
     message = mail.outbox[0]
     self.assertEqual(message.subject, "Subject here")
     self.assertEqual(message.body, "This is a message")
     self.assertEqual(message.from_email, "*****@*****.**")
     self.assertEqual(message.to, [abstract_user.email])
Beispiel #18
0
 def test_email_user(self):
     # valid send_mail parameters
     kwargs = {
         "fail_silently": False,
         "auth_user": None,
         "auth_password": None,
         "connection": None,
         "html_message": None,
     }
     abstract_user = AbstractUser(email='*****@*****.**')
     abstract_user.email_user(subject="Subject here",
                              message="This is a message",
                              from_email="*****@*****.**",
                              **kwargs)
     self.assertEqual(len(mail.outbox), 1)
     message = mail.outbox[0]
     self.assertEqual(message.subject, "Subject here")
     self.assertEqual(message.body, "This is a message")
     self.assertEqual(message.from_email, "*****@*****.**")
     self.assertEqual(message.to, [abstract_user.email])
Beispiel #19
0
 def update(self, instance, validated_data):
     get_user_model()
     if 'email' in validated_data:
         validated_data['email'] = BaseUserManager.normalize_email(validated_data['email'])
     if 'username' in validated_data:
         validated_data['username'] = AbstractUser.normalize_username(validated_data['username'])
     user = super(CreateUpdateUserSerializer, self).update(instance, validated_data)
     if 'password' in validated_data:
         user.set_password(validated_data['password'])
     user.save()
     return user
    def remove_key(cls, user: AbstractUser, public_key_id: int) -> bool:
        """
        remove a submitted public key that is used to share form keys between users
        :param user: the user calling the service
        :param public_key_id: id the of the public key that should be activated
        :return: the activated key object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError(
                "You are not allowed to activate this form key")
        public_key = EncryptionKey.objects.get(id=public_key_id)

        public_key.delete()

        return True
Beispiel #21
0
    def create_form_(cls, user: AbstractUser, name: str,
                     description: str) -> Form:
        """
        Create a new form
        :param user: the user calling the service
        :param name: name of the form
        :param description: description (legal information, …)
        :return: the newly created form instance
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form.")

        form = cls._create({"name": name, "description": description})

        return form
Beispiel #22
0
    def create_form_schema(cls, user: AbstractUser, key: str, form_id: int, schema: str) -> FormSchema:
        """
        create a new form section/schema
        :param user: the user calling the service
        :param key: the key this schema uses
        :param form_id: id of the form that uses this schema
        :param schema: the schema object itself
        :return: the newly created schema object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form schema.")

        form = Form.objects.get(pk=form_id)
        cls._validate_json_schema(schema)
        schema = FormSchema.objects.create(key=key, form=form, schema=schema)
        schema.save()
        return schema
Beispiel #23
0
    def update_form_schema(cls, user: AbstractUser, schema_id: int, schema: str) -> FormSchema:
        """
        :param user: the user calling the service
        :param schema_id: id of the schema that should be updated
        :param schema: the schema object itself
        :return: the updated schema object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form schema.")

        cls._validate_json_schema(schema)

        form_schema = FormSchema.objects.get(pk=schema_id)
        form_schema.schema = schema
        form_schema.save()

        return form_schema
Beispiel #24
0
    def activate_key(cls, user: AbstractUser, public_key_id) -> EncryptionKey:
        """
        activate a submitted public key, so that newly generated forms use this key for encryption
        :param user: the user calling the service
        :param public_key_id: id the of the public key that should be activated
        :return: the activated key object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to activate this form key")
        public_key = EncryptionKey.objects.get(id=public_key_id)

        if public_key.active == True:
            raise FormServiceException("This public key is already active.")

        public_key.active = True
        public_key.save()

        return public_key
Beispiel #25
0
    def create_or_update_form_schema(cls, user: AbstractUser, key: str, form_id: int, schema: str) -> FormSchema:
        """
        create or update a form section/schema
        :param user: the user calling the service
        :param key: the key this schema uses
        :param form_id: id of the form that uses this schema
        :param schema: the schema object itself
        :return: the newly created schema object
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form schema.")

        try:
            schemaobj = FormSchema.objects.get(key=key, form__id=form_id)
            schemaobj = cls.update_form_schema(user, schemaobj.pk, schema)
        except FormSchema.DoesNotExist:
            schemaobj = cls.create_form_schema(user, key, form_id, schema)

        return schemaobj
    def add_csr(cls, user: AbstractUser, team_id: int, csr: str,
                public_key: str):
        """
        add the signed certificate to the team
        :param user: user calling the service
        :param team_id: id of the team
        :param csr: the certificate request
        :param public_key: the public_key
        :return: team object
        """
        if not user.has_perm(CanCreateTeamPermission):
            raise TeamServiceException(
                "You don't have the permission to create a new team")

        team = cls.retrieve(user, team_id)
        TeamCertificateService.create_certificate(team, csr, public_key,
                                                  user.email)

        return team
    def add_key(cls,
                user: AbstractUser,
                public_key: str,
                key_name: str = NotPassed) -> EncryptionKey:
        """
        submit a generated key for a user
        :param key_name: name/description of the encryption key
        :param user: the user calling the service
        :param public_key: their public key
        :return: id/information about key creation
        """
        if not user.has_perm(CanAddEncryptionKeyPermission):
            raise PermissionError("You are not allowed to add a form key")

        return cls._create({
            "user": user.pk,
            "public_key": public_key,
            "key_name": key_name,
        })
Beispiel #28
0
    def update_form_translation(
        cls,
        user: AbstractUser,
        translation_id: int,
        language: str = NotPassed,
        region: str = NotPassed,
        active: bool = NotPassed,
    ):
        """updates a translation for the given form
        :param language:  the language the strings should be translated to
        :param region:  the region of the language the strings should be translated to
        :param translation_id: id of the translation object
        :param active: is the translation active?
        :param user: the user calling the service

        """
        translation = FormTranslation.objects.get(pk=translation_id)

        # if a language was configured when it was still available we should still support updating
        if (f"{language}-{region}"
                not in [a["iso_code"] for a in cls.get_available_languages()]
                and language != translation.language):
            raise FormServiceException(
                f"{language}-{region} is not configured as a supported language"
            )

        if not user.has_perm(CanAddFormTranslationPermission):
            raise PermissionError(
                "You are not allowed to change a translation for this form")

        translation = cls._update(
            translation.id,
            {
                "language": language,
                "region": region,
                "active": active,
            },
        )
        return translation
Beispiel #29
0
    def save(self,
             force_insert=False,
             force_update=False,
             using=None,
             update_fields=None):
        '''
        Overwritten predefined save method to assign permission after save.
        '''
        if not self.username:
            self.set_random_username(length=10)

        response = AbstractUser.save(self,
                                     force_insert=force_insert,
                                     force_update=force_update,
                                     using=using,
                                     update_fields=update_fields)

        if not self.has_usable_password():
            self.save_password()
            self.save()

        return response
Beispiel #30
0
    def update_form_groups(cls, user: AbstractUser, form_id: int, groups: List[int]) -> Form:
        """
        update the user-groups that receive the form submissions
        :param user: the user calling the service
        :param form_id: the id of the form affected
        :param groups: a list of groups that should be able to receive submissions
        :return: the updated form instance
        """
        if not user.has_perm(CanActivateEncryptionKeyPermission):
            raise PermissionError("You are not allowed to create this form.")

        form = FormService.retrieve_form(form_id)

        form.teams.clear()

        for grp in groups:
            #TODO check team type
            form.teams.add(Group.objects.get(pk=grp))

        form.save()

        return form
    def add_member(
        cls,
        user: AbstractUser,
        team_id: int,
        keys: Dict[int, str],
        invited_user_id: int,
        role: TeamRoleChoices = TeamRoleChoices.MEMBER,
    ) -> TeamMembership:
        """
        creates a new user and makes them admin
        :param invited_user_id: the user that sould be added
        :param role: the role the newly created Member should have (Admin or Member)
        :param team_id: the id of the team the user should be added to
        :param user: user calling the services (needs CanCreateTeamPermission permission)
        :param keys: the encrypted keys for this member
        :return: the newly generated team
        """

        team = TeamService.retrieve(user, team_id)

        if (not (user.has_perm(CanCreateTeamPermission)
                 and team.members.count() == 0 and invited_user_id == user.pk)
                and not team.members.filter(
                    user=user, role=TeamRoleChoices.ADMIN).exists()):
            raise TeamServiceException(
                "You don't have the permission to add a new team member")

        invited_user = User.objects.filter(pk=invited_user_id).get()
        TeamMembershipService._validate_keys_provided(invited_user, keys)
        team_membership = cls._create({
            "team": team_id,
            "user": invited_user_id,
            "role": role,
        })
        TeamMembershipService._add_keys_to_membership(invited_user,
                                                      team_membership, keys)

        return team_membership
Beispiel #32
0
    def email_user(self, subject, message, from_email=None, ignore_confirmed=False):
        if not (ignore_confirmed or self.email_confirmed):
            return False

        AbstractUser.email_user(self, subject, message, from_email)
        return True