def set_active_account(cls, user, account):
row = maybe_one(cls.all().filter('user ='******'active_account')
def anonymous_permission(self):
access = maybe_one(AccessControl.all().filter('dataset =', self))
if access:
return access
else:
self.log.warning('No anonymous AccessControl configured for %s' % (self,))
return AccessControl.new(None, self)
def update_color(cls, user, name, red, green, blue, alpha=0.0):
row = maybe_one(cls.all().filter('user ='******'name =', name))
if row:
row.red, row.green, row.blue, row.alpha = red, green, blue, alpha
else:
row = cls(owner=user, name=name, red=red, green=green, blue=blue, alpha=alpha)
row.put()
def post(self):
hostname = self.form_required('hostname')
dataset_name = self.form_required('dataset')
aggregate = self.form_required('aggregate')
group_name = self.form_required('group')
ds_interval = int(self.form_required('ds_interval', uri='/dashboard', message='You must provide an initial data series interval.'))
ds_maxage = int(self.form_required('ds_maxage', uri='/dashboard', message='You must provide an initial data series maxage.'))
tags = self.form_required('tags')
group = maybe_one(model.AccessGroup.all().filter('account =', self.account).filter('name =', group_name))
if group is None:
self.session['error_message'] = 'No such group %r existed' % (group_name,)
self.redirect('/dashboard')
if self.user.user_id() not in group.users:
self.session['error_message'] = "You're not a member of that group"
self.redirect('/dashboard')
description = self.request.get('description') or None
tags = [t.strip() for t in tags.split(',')]
# create the dataset
ds = model.DataSet(name=dataset_name, hostname=hostname, aggregate=aggregate, account=self.account, description=description, tags=tags)
ds.put()
self.log.debug('created new dataset %s' % (ds.encode(),))
# add an access control for it
access = model.AccessControl.new(group, ds, read=True, write=True, delete=True)
access.put()
self.log.debug('created new access control id %s' % (access.encode(),))
# create an initial data series
model.DataSeries(dataset=ds, interval=ds_interval, max_age=ds_maxage).put()
self.redirect('/dashboard')
def parse_form(self):
self.name = self.form_required('name')
dataset = self.form_required('dataset')
self.dataset = maybe_one(model.DataSet.all().filter('name =', dataset).filter('account =', self.account))
assert self.dataset
assert self.dataset.is_allowed(write=True)
def merge_access(group):
if not group:
return access
other = maybe_one(AccessControl.all().filter('access_group =', group).filter('dataset =', self))
if not other:
return access
return {'read': access['read'] or other['read'],
'write': access['write'] or other['write'],
'delete': access['delete'] or other['delete']}
def post(self):
# XXX: no security here!
name = self.form_required('account')
account = maybe_one(model.Account.all().filter('name =', name))
if account:
model.ActiveAccount.set_active_account(self.user, account)
self.redirect('/dashboard')
else:
self.session['error_message'] = 'invalid choice'
self.redirect('/choose/account')
def get(self):
a, b, group_name = self.uri.lstrip('/').split('/')
validate_name(group_name)
group = maybe_one(model.AccessGroup.all()
.filter('name =', group_name)
.filter('account =', self.account))
if not group:
self.log.warning('No group seen with name = %s, account = %s' % (group_name, self.account))
self.not_found()
self.env['group'] = group
self.env['users'] = sorted((users.get_by_id(x) for x in group.users), key=lambda x: x.nickname())
self.log.info('env = %s' % (env,))
self.render_template('edit_group.html')
def create(cls, display_name, owner):
# ensure that the name is unique
name = display_name.lower()
existing = maybe_one(cls.all().filter('name =', name))
if existing:
raise ValueError('Account with name %r already exists: %s' % (name, existing))
obj = cls(name=name, display_name=display_name, owner=owner)
obj.put()
# now, create an access group
group = AccessGroup.new('admin', obj, users=[owner])
group.put()
return obj
def get_active_account(cls, user):
user_id = user.user_id()
account_id = memcache.get(user_id, namespace='active_account')
account = None
if account_id:
account = Account.get_by_id(account_id)
else:
row = maybe_one(cls.all().filter('user ='******'active_account')
account = row.account
if account:
now = datetime.datetime.now()
if now - account.last_login >= LAST_LOGIN_UPDATE_FREQUENCY:
account.last_login = now
account.put()
return account
else:
return None
def from_string(cls, account, string, user=None, api_key=None, read=True, write=False, delete=False):
"""Make a best effort attempt to try to turn a string into a valid
dataset for a user. We don't know if the string represents an encoded
key, or if it's the name of a dataset.
"""
if not (user or api_key):
raise TypeError("Must specify a user or api_key")
if len(string) == 22:
ds = cls.from_encoded(string, user=user, api_key=api_key, read=read, write=write, delete=delete)
if ds:
return ds
def check_row(row):
if row.is_allowed(user=user, api_key=api_key, read=read, write=write, delete=delete):
return row
else:
return None
if ':' in name:
hostname, name = name.split(':', 1)
row = maybe_one(cls.all().filter('account =', account).filter('hostname =', hostname).filter('name =', name))
if row:
return check_row(row)
rows = cls.all().filter('account =', account).filter('name =', name).fetch(2)
if not rows:
return None
if len(rows) == 1:
return check_row(rows[0])
else:
# there are multiple rows. the name is allowed *only* if exactly one row has the correct permissions
allowed = []
for row in rows:
row = check_row(row)
if row:
allowed.append(row)
if len(allowed) == 1:
return allowed[0]
else:
return None
def post(self):
dataset_name = self.form_required('dataset')
interval = int(self.form_required('interval'))
max_age = self.request.get('max_age') or None
if max_age:
max_age = int(max_age)
dataset = maybe_one(model.DataSet.all().filter('name =', dataset_name).filter('account =', self.account))
if not dataset:
self.log.warning('no such dataset')
self.render_json({'code': 1})
return
if not dataset.is_allowed(user=self.user, write=True):
self.log.warning('not allowed to write to this dataset')
self.render_json({'code': 2})
return
ds = model.DataSeries(dataset=dataset, interval=interval, max_age=max_age)
ds.put()
self.log.info('successfully created dataseries with id %s' % (ds.key().id(),))
self.env['ds'] = ds
self.render_ajax('ajax/dataset.html')
def query(self, key, many=False):
q = SessionStorage.all().filter('user_id =', self.user_id).filter('item_name =', key)
if many:
return list(q)
else:
return maybe_one(q)
def group_for_api_key(cls, api_token):
return maybe_one(cls.all().filter('api_token =', api_token))
def new(cls, access_group, dataset, read=False, write=False, delete=False):
# check the uniqueness constraint
existing = maybe_one(cls.all().filter('access_group =', access_group).filter('dataset =', dataset))
if existing:
raise ValueError('An AccessControl already exists for (%s, %s)' % (access_group, dataset))
return cls(access_group=access_group, dataset=dataset, readable=read, writable=write, deletable=delete)
def get_preference(cls, user_id, pref_name):
row = maybe_one(cls.pref_query(user_id, pref_name))
if row:
return simplejson.loads(row.value)
else:
return cls.all_prefs[pref_name]