def create_role_user(session, actor, name, description, canjoin):
# type (Session, User, str, str, str) -> None
"""DEPRECATED: Do not use in production code
Creates a service account with the given name, description, and canjoin status
Args:
session: the database session
actor: the user creating the service account
name: the name of the service account
description: description of the service account
canjoin: the canjoin status for management of the service account
Throws:
IntegrityError: if a user or group with the given name already exists
"""
user = User(username=name, role_user=True)
group = Group(groupname=name, description=description, canjoin=canjoin)
user.add(session)
group.add(session)
group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner")
group.add_member(actor, user, "Service Account", "actioned", None, "member")
session.commit()
AuditLog.log(
session,
actor.id,
"create_role_user",
"Created new service account.",
on_group_id=group.id,
on_user_id=user.id,
)
def create_role_user(session, actor, name, description, canjoin):
# type (Session, User, str, str, str) -> None
"""DEPRECATED: Do not use in production code
Creates a service account with the given name, description, and canjoin status
Args:
session: the database session
actor: the user creating the service account
name: the name of the service account
description: description of the service account
canjoin: the canjoin status for management of the service account
Throws:
IntegrityError: if a user or group with the given name already exists
"""
user = User(username=name, role_user=True)
group = Group(groupname=name, description=description, canjoin=canjoin)
user.add(session)
group.add(session)
group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner")
group.add_member(actor, user, "Service Account", "actioned", None, "member")
session.commit()
AuditLog.log(
session,
actor.id,
"create_role_user",
"Created new service account.",
on_group_id=group.id,
on_user_id=user.id,
)
def create_group(self, name, description, join_policy, email):
# type: (str, str, GroupJoinPolicy, Optional[str]) -> None
group = SQLGroup(groupname=name,
description=description,
canjoin=join_policy.value,
email_address=email)
group.add(self.session)
def create_group(self, name):
# type: (str) -> None
"""Create a group, does nothing if it already exists."""
if Group.get(self.session, name=name):
return
group = Group(groupname=name)
group.add(self.session)
def post(self, *args: Any, **kwargs: Any) -> None:
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
if "@" in form.data["groupname"]:
form.groupname.errors.append("Group names cannot contain @")
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
require_clickthru_tojoin=form.data["require_clickthru_tojoin"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append("{} already exists".format(form.data["groupname"]))
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group.add_member(
self.current_user,
self.current_user,
"Group Creator",
"actioned",
None,
form.data["creatorrole"],
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_group",
"Created new group.",
on_group_id=group.id,
)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported
# here:
from grouper.models.perf_profile import PerfProfile # noqa
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = Permission.get(session, name)
if test:
continue
permission = Permission(name=name, description=description)
try:
permission.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create permission: %s' % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create group: grouper-administrators')
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = Permission.get(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
require_clickthru_tojoin=form.data["require_clickthru_tojoin"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append("{} already exists".format(form.data["groupname"]))
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group.add_member(
self.current_user,
self.current_user,
"Group Creator",
"actioned",
None,
form.data["creatorrole"],
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_group",
"Created new group.",
on_group_id=group.id,
)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def post(self):
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
user = self.get_current_user()
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append(
"{} already exists".format(form.data["groupname"])
)
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
group.add_member(user, user, "Group Creator", "actioned", None, form.data["creatorrole"])
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'create_group',
'Created new group.', on_group_id=group.id)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def create_group(self, name, description, join_policy):
# type: (str, str, GroupJoinPolicy) -> None
group = SQLGroup(groupname=name,
description=description,
canjoin=join_policy.value)
group.add(self.session)
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported here
from grouper.models.perf_profile import PerfProfile # noqa: F401
from grouper.models.user_token import UserToken # noqa: F401
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = get_permission(session, name)
if test:
continue
try:
create_permission(session, name, description)
session.flush()
except IntegrityError:
session.rollback()
raise Exception("Failed to create permission: %s" % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception("Failed to create group: grouper-administrators")
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = get_permission(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()
auditors_group_name = get_auditors_group_name(settings)
auditors_group = Group.get(session, name=auditors_group_name)
if not auditors_group:
auditors_group = Group(
groupname=auditors_group_name,
description=
"Group for auditors, who can be owners of audited groups.",
canjoin="canjoin",
)
try:
auditors_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception(
"Failed to create group: {}".format(auditors_group_name))
permission = get_permission(session, PERMISSION_AUDITOR)
assert permission, "Permission should have been created earlier!"
grant_permission(session, auditors_group.id, permission.id)
session.commit()
