def get_requests_by_owner(session, owner, status, limit, offset):
"""Load pending requests for a particular owner.
Args:
session(sqlalchemy.orm.session.Session): database session
owner(models.User): model of user in question
status(models.base.constants.REQUEST_STATUS_CHOICES): if not None,
filter by particular status
limit(int): how many results to return
offset(int): the offset into the result set that should be applied
Returns:
2-tuple of (Requests, total) where total is total result size and
Requests is the namedtuple with requests and associated
comments/changes.
"""
# get owners groups
group_ids = {g.id for g, _ in get_groups_by_user(session, owner)}
# get all requests
all_requests = session.query(PermissionRequest)
if status:
all_requests = all_requests.filter(PermissionRequest.status == status)
all_requests = all_requests.order_by(PermissionRequest.requested_at.desc()).all()
owners_by_arg_by_perm = get_owners_by_grantable_permission(session)
requests = []
for request in all_requests:
owner_arg_list = get_owner_arg_list(session, request.permission, request.argument,
owners_by_arg_by_perm)
if group_ids.intersection([o.id for o, arg in owner_arg_list]):
requests.append(request)
total = len(requests)
requests = requests[offset:limit]
status_change_by_request_id = defaultdict(list)
if not requests:
comment_by_status_change_id = {}
else:
status_changes = session.query(PermissionRequestStatusChange).filter(
PermissionRequestStatusChange.request_id.in_([r.id for r in requests]),
).all()
for sc in status_changes:
status_change_by_request_id[sc.request_id].append(sc)
comments = session.query(Comment).filter(
Comment.obj_type == OBJ_TYPES_IDX.index("PermissionRequestStatusChange"),
Comment.obj_pk.in_([s.id for s in status_changes]),
).all()
comment_by_status_change_id = {c.obj_pk: c for c in comments}
return Requests(requests, status_change_by_request_id, comment_by_status_change_id), total
def get(self, user_id=None, name=None):
self.handle_refresh()
user = User.get(self.session, user_id, name)
if user_id is not None:
user = self.session.query(User).filter_by(id=user_id).scalar()
else:
user = self.session.query(User).filter_by(username=name).scalar()
if not user:
return self.notfound()
can_control = user.name == self.current_user.name or self.current_user.user_admin
can_disable = UserDisable.check_access(self.current_user, user)
can_enable = UserEnable.check_access(self.current_user, user)
if user.id == self.current_user.id:
num_pending_group_requests = self.current_user.my_requests_aggregate().count()
_, num_pending_perm_requests = get_requests_by_owner(self.session, self.current_user,
status='pending', limit=1, offset=0)
else:
num_pending_group_requests = None
num_pending_perm_requests = None
try:
user_md = self.graph.get_user_details(user.name)
except NoSuchUser:
# Either user is probably very new, so they have no metadata yet, or
# they're disabled, so we've excluded them from the in-memory graph.
user_md = {}
open_audits = user.my_open_audits()
group_edge_list = group_biz.get_groups_by_user(self.session, user) if user.enabled else []
groups = [{'name': g.name, 'type': 'Group', 'role': ge._role} for g, ge in group_edge_list]
public_keys = user.my_public_keys()
permissions = user_md.get('permissions', [])
log_entries = user.my_log_entries()
self.render("user.html",
user=user,
groups=groups,
public_keys=public_keys,
can_control=can_control,
permissions=permissions,
can_disable=can_disable,
can_enable=can_enable,
user_tokens=user.tokens,
log_entries=log_entries,
num_pending_group_requests=num_pending_group_requests,
num_pending_perm_requests=num_pending_perm_requests,
open_audits=open_audits,
)
def enable(self, requester, preserve_membership):
"""Enable a disabled user.
Args:
preserve_membership(bool): whether to remove user from any groups it may be a member of
Returns:
None
"""
# avoid circular dependency
from grouper.group import get_groups_by_user
if not preserve_membership:
for group, group_edge in get_groups_by_user(self.session, self):
group_obj = self.session.query(Group).filter_by(
groupname=group.name
).scalar()
if group_obj:
group_obj.revoke_member(
requester, self, "group membership stripped as part of re-enabling account."
)
self.enabled = True
Counter.incr(self.session, "updates")
def _get_choices(self, group):
choices = []
members = group.my_members()
if ("User", self.current_user.name) not in members:
choices.append(
("User: {}".format(self.current_user.name), ) * 2
)
for _group, group_edge in group_biz.get_groups_by_user(self.session, self.current_user):
if group.name == _group.name: # Don't add self.
continue
if group_edge._role not in APPROVER_ROLE_INDICIES: # manager, owner, and np-owner only.
continue
if ("Group", _group.name) in members:
continue
choices.append(
("Group: {}".format(_group.name), ) * 2
)
return choices
