def delete_users(self, userIds, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: userIds = split_list_sanitized(userIds) try: for userId in userIds: try: delUser = session.query(User).filter(User.id == userId).one() session.delete(delUser) for flFile in session.query(File).filter(File.owner_id == delUser.id): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by user %s has been deleted as a result of the owner being deleted. " % (flFile.name, flFile.id, delUser.id), "admin")) session.add(AuditLog(user.id, Actions.DELETE_USER, "User with ID: \"%s\" deleted from system" % delUser.id, "admin")) sMessages.append("Successfully deleted user %s" % userId) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("User with ID:%s does not exist" % userId) except Exception, e: fMessages.append("Could not delete user: %s" % str(e)) session.commit() except Exception, e: session.rollback() cherrypy.log.error("[%s] [delete_users] [Could not delete users: %s]" % (user.id, str(e))) fMessages.append("Could not delete users: %s" % str(e))
def login(self, **kwargs): msg, errorMessage, config = ( None, None, cherrypy.request.app.config['filelocker']) authType = session.query(ConfigParameter).filter(ConfigParameter.name=="auth_type").one().value orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) if kwargs.has_key("msg"): msg = kwargs['msg'] if kwargs.has_key("local") and kwargs['local']==str(True): authType = "local" loginPage = config['root_url'] + "/process_login" if msg is not None and str(strip_tags(msg))=="1": errorMessage = "Invalid username or password" elif msg is not None and str(strip_tags(msg))=="2": errorMessage = "You have been logged out of the application" elif msg is not None and str(strip_tags(msg))=="3": errorMessage = "Password cannot be blank" if authType == "ldap" or authType == "local": currentYear = datetime.date.today().year footerText = str(Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(),globals()])) tpl = Template(file=get_template_file('login.tmpl'), searchList=[locals(),globals()]) return str(tpl) elif authType == "cas": raise cherrypy.HTTPRedirect(config['root_url']) else: cherrypy.log.error("[system] [login] [No authentication variable set in config]") raise cherrypy.HTTPError(403, "No authentication mechanism")
def logout(self): config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) authType = session.query(ConfigParameter).filter( ConfigParameter.name == "auth_type").one().value if authType == "cas": from lib.CAS import CAS casUrl = session.query(ConfigParameter).filter( ConfigParameter.name == "cas_url").one().value casConnector = CAS(casUrl) casLogoutUrl = casConnector.logout_url( ) + "?redirectUrl=" + config['root_url'] + "/logout_cas" currentYear = datetime.date.today().year footerText = str( Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(), globals()])) tpl = Template(file=get_template_file('cas_logout.tmpl'), searchList=[locals(), globals()]) cherrypy.session['user'], cherrypy.response.cookie['filelocker'][ 'expires'] = None, 0 return str(tpl) else: cherrypy.session['user'], cherrypy.response.cookie['filelocker'][ 'expires'] = None, 0 raise cherrypy.HTTPRedirect(config['root_url'] + '/login?msg=2')
def upload_request(self, requestId=None, msg=None, **kwargs): user = None messages, uploadRequest, requestId, config = [], None, strip_tags( requestId), cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) if msg is not None and int(msg) == 1: messages.append( "You must supply a valid ID and password to upload files for this request" ) if msg is not None and int(msg) == 2: messages.append("Unable to load upload request") if msg is not None and int(msg) == 3: messages.append("Invalid password") requestId = strip_tags(requestId) if cherrypy.session.has_key("uploadRequest"): raise cherrypy.HTTPRedirect( config['root_url'] + '/upload_request_uploader?requestId=%s' % requestId) elif requestId is not None: try: uploadRequest = session.query(UploadRequest).filter( UploadRequest.id == requestId).one() if (uploadRequest.type == "single" and uploadRequest.password == None): raise cherrypy.HTTPRedirect( config['root_url'] + '/upload_request_uploader?requestId=%s' % requestId) except sqlalchemy.orm.exc.NoResultFound, nrf: messages.append("Invalid upload request ID")
def files(self, **kwargs): user, role, defaultExpiration, uploadRequests, userFiles, userShareableAttributes, attributeFilesDict, sharedFiles = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), None, [], [], [], {}, []) config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) maxDays = int( session.query(ConfigParameter).filter( ConfigParameter.name == 'max_file_life_days').one().value) geoTagging = get_config_dict_from_objects([ session.query(ConfigParameter).filter( ConfigParameter.name == 'geotagging').one() ])['geotagging'] adminEmail = session.query(ConfigParameter).filter( ConfigParameter.name == 'admin_email').one().value defaultExpiration = datetime.date.today() + (datetime.timedelta( days=maxDays)) userFiles = self.file.get_user_file_list(format="list") if role is None: uploadRequests = session.query(UploadRequest).filter( UploadRequest.owner_id == user.id).all() userShareableAttributes = AccountService.get_shareable_attributes_by_user( user) attributeFilesDict = ShareService.get_files_shared_with_user_by_attribute( user) sharedFiles = ShareService.get_files_shared_with_user(user) else: userShareableAttributes = AccountService.get_shareable_attributes_by_role( role) tpl = Template(file=get_template_file('files.tmpl'), searchList=[locals(), globals()]) return str(tpl)
def get_hourly_statistics(self, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) uploadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0} downloadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0} try: thirtyDaysAgo = datetime.date.today() - datetime.timedelta(days=30) thirtyDayDownloadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.DOWNLOAD)).scalar() downloadSums = session\ .query(func.count(AuditLog.id), func.hour(AuditLog.date))\ .group_by(func.hour(AuditLog.date))\ .filter(and_(AuditLog.action==Actions.DOWNLOAD, AuditLog.date > thirtyDaysAgo)).all() for d in downloadSums: downloadAveragesDict[str(d[1])] = 0 if d[0]==0 or thirtyDayDownloadSum==0 else int((float(d[0])/float(thirtyDayDownloadSum))*100) thirtyDayUploadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.UPLOAD)).scalar() uploadSums = session\ .query(func.count(AuditLog.id), func.hour(AuditLog.date))\ .group_by(func.hour(AuditLog.date))\ .filter(and_(AuditLog.action==Actions.UPLOAD, AuditLog.date > thirtyDaysAgo)).all() for u in uploadSums: uploadAveragesDict[str(u[1])] = 0 if u[0]==0 or thirtyDayUploadSum==0 else int((float(u[0])/float(thirtyDayUploadSum))*100) sMessages.append("Success") except Exception, e: fMessages.append("Unable to get statistics: %s" % str(e)) cherrypy.log.error("[%s] [get_hourly_statistics] [%s]" % (user.id, str(e)))
def secure_delete(config, fileName): import errno vault = config['filelocker']['vault'] deleteConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('delete_%')).all()) deleteCommand = deleteConfig['delete_command'] deleteArguments = deleteConfig['delete_arguments'] deleteList = [deleteCommand] for argument in deleteArguments.split(" "): deleteList.append(argument) deleteList.append(os.path.join(vault,fileName)) try: p = subprocess.Popen(deleteList, stdout=subprocess.PIPE) output = p.communicate()[0] if(p.returncode != 0): cherrypy.log.error("[%s] [secure_delete] [The command to delete the file returned a failure code of %s: %s]" % ("admin", p.returncode, output)) else: deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar() if deletedFile is not None: session.delete(deletedFile) session.commit() except OSError, oe: if oe.errno == errno.ENOENT: cherrypy.log.error("[admin] [secure_delete] [Couldn't delete because the file was not found (dequeing): %s]" % str(oe)) deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar() if deletedFile is not None: session.delete(deletedFile) session.commit() else: cherrypy.log.error("[admin] [secure_delete] [Generic system error while deleting file: %s" % str(oe))
def get_role_permissions(self, roleId, format="json", **kwargs): user, sMessages, fMessages, permissionData = ( cherrypy.session.get("user"), [], [], []) try: roleId = strip_tags(roleId) role = session.query(Role).filter(Role.id == roleId).one() permissions = session.query(Permission).all() for permission in permissions: if permission in role.permissions: permissionData.append({ 'permissionId': permission.id, 'permissionName': permission.name, 'inheritedFrom': "role" }) else: permissionData.append({ 'permissionId': permission.id, 'permissionName': permission.name, 'inheritedFrom': "" }) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("The role ID: %s does not exist" % str(roleId)) except Exception, e: cherrypy.log.error( "[%s] [get_role_permissions] [Couldn't get permissions for role %s: %s]" % (user.id, roleId, str(e))) fMessages.append("Could not get permissions: %s" % str(e))
def help(self, **kwargs): defaultQuota = int(session.query(ConfigParameter).filter(ConfigParameter.name=='default_quota').one().value) maxDays = int(session.query(ConfigParameter).filter(ConfigParameter.name=='max_file_life_days').one().value) cliEnabled = session.query(ConfigParameter).filter(ConfigParameter.name=="cli_feature").one().value geoTagging = get_config_dict_from_objects([session.query(ConfigParameter).filter(ConfigParameter.name=='geotagging').one()])['geotagging'] tpl = Template(file=get_template_file('halp.tmpl'), searchList=[locals(),globals()]) return str(tpl)
def public_download(self, shareId, **kwargs): user = None message, publicShare, config = None, None, cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) cherrypy.response.timeout = 36000 shareId = strip_tags(shareId) try: publicShare = session.query(PublicShare).filter(PublicShare.id==shareId).one() if cherrypy.session.has_key("public_share_id") == False or cherrypy.session.get("public_share_id") != publicShare.id: password = kwargs['password'] if kwargs.has_key("password") else None if publicShare.password == None or (password is not None and Encryption.compare_password_hash(password, publicShare.password)): cherrypy.session['public_share_id'] = publicShare.id elif password == None: message = "This file share is password protected." publicShare = None elif password is not None and Encryption.compare_password_hash(password, publicShare.password) == False: message = "Invalid password" publicShare = None else: publicShare = None except sqlalchemy.orm.exc.NoResultFound: message = "Invalid Share ID" shareId = None except Exception, e: message = "Unable to access download page: %s " % str(e)
def bulk_create_user(self, quota, password, permissions, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"),[], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: permissions = split_list_sanitized(permissions) line = cherrypy.request.body.readline() count = 0 while line != "": (userId, userFirstName, userLastName, userEmailAddress) = split_list_sanitized(line) if session.query(User).filter(User.id==userId).scalar() is None: newUser = User(first_name=userFirstName, last_name=userLastName, email=userEmailAddress.replace("\n",""), quota=quota, id=userId) newUser.set_password(password) session.add(newUser) for permissionId in permissions: permission = session.query(Permission).filter(Permission.id==permissionId).one() newUser.permissions.append(permission) session.commit() count += 1 else: fMessages.append("User %s already exists." % userId) line = cherrypy.request.body.readline() if len(fMessages) == 0: sMessages.append("Created %s users" % count) except ValueError, ve: fMessages.append("CSV file not parsed correctly, possibly in wrong format.") except Exception, e: cherrypy.log.error("[%s] [bulk_create_user] [Problem creating users in bulk: %s]" % (user.id, str(e))) fMessages.append("Problem creating users in bulk: %s" % str(e))
def delete_user_shares(self, fileIds, userId, format="json"): user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: flFile = session.query(File).filter(File.id == fileId).one() if ( role is not None and flFile.role_owner_id == role.id ) or flFile.owner_id == user.id or AccountService.user_has_permission( user, "admin"): ps = session.query(UserShare).filter( and_(UserShare.user_id == userId, UserShare.file_id == flFile.id)).scalar() if ps is not None: session.delete(ps) session.add( AuditLog( user.id, Actions.DELETE_USER_SHARE, "You stopped sharing file %s with %s" % (flFile.name, userId), None, role.id if role is not None else None)) session.commit() sMessages.append("Share has been successfully deleted") else: fMessages.append("This share does not exist") else: fMessages.append( "You do not have permission to modify shares for file with ID: %s" % str(flFile.id)) except Exception, e: session.rollback() fMessages.append("Problem deleting share for file: %s" % str(e))
def revoke_role_permission(self, roleId, permissionId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: roleId = strip_tags(roleId) permission = session.query(Permission).filter( Permission.id == permissionId).one() try: role = session.query(Role).filter(Role.id == roleId).one() role.permissions.remove(permission) session.commit() sMessages.append("Role %s no longer has permission %s" % (roleId, permissionId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Role with ID: %s does not exist" % str(roleId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Permission with ID: %s does not exist" % str(permissionId)) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [revoke_role_permission] [Problem revoking a role permission: %s]" % (user.id, str(e))) fMessages.append("Problem revoking a role permission: %s" % str(e))
def get_hourly_statistics(self, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) uploadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0} downloadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0} try: thirtyDaysAgo = datetime.date.today() - datetime.timedelta(days=30) thirtyDayDownloadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.DOWNLOAD)).scalar() downloadSums = session\ .query(func.count(AuditLog.id), func.hour(AuditLog.date))\ .group_by(func.hour(AuditLog.date))\ .filter(and_(AuditLog.action==Actions.DOWNLOAD, AuditLog.date > thirtyDaysAgo)).all() for d in downloadSums: downloadAveragesDict[str(d[1])] = 0 if d[0]==0 or thirtyDayDownloadSum==0 else int((float(d[0])/float(thirtyDayDownloadSum))*100) thirtyDayUploadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.UPLOAD)).scalar() uploadSums = session\ .query(func.count(AuditLog.id), func.hour(AuditLog.date))\ .group_by(func.hour(AuditLog.date))\ .filter(and_(AuditLog.action==Actions.UPLOAD, AuditLog.date > thirtyDaysAgo)).all() for u in uploadSums: uploadAveragesDict[str(u[1])] = 0 if u[0]==0 or thirtyDayUploadSum==0 else int((float(u[0])/float(thirtyDayUploadSum))*100) sMessages.append("Success") except Exception, e: fMessages.append("Unable to get statistics: %s" % str(e)) cherrypy.log.error("[%s] [get_hourly_statistics] [%s]" % (user.id, str(e)))
def grant_user_permission(self, userId, permissionId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: userId = strip_tags(userId) permission = session.query(Permission).filter( Permission.id == permissionId).one() try: flUser = session.query(User).filter(User.id == userId).one() flUser.permissions.append(permission) session.commit() sMessages.append("User %s granted permission %s" % (userId, permissionId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("User with ID: %s does not exist" % str(userId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Permission with ID: %s does not exist" % str(permissionId)) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [grant_user_permission] [Problem granting user a permission: %s]" % (user.id, str(e))) fMessages.append("Problem granting a user permission: %s" % str(e))
def revoke_user_permission(self, userId, permissionId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: permission = session.query(Permission).filter( Permission.id == permissionId).one() try: flUser = session.query(User).filter(User.id == userId).one() if flUser.id == user.id and permission.id == "admin": fMessages.append( "You cannot remove admin permissions from your own account" ) else: flUser.permissions.remove(permission) session.commit() sMessages.append("User %s no longer has permission %s" % (userId, permissionId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("User with ID: %s does not exist" % str(userId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Permission with ID: %s does not exist" % str(permissionId)) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [revoke_user_permission] [Problem revoking a user permission: %s]" % (user.id, str(e))) fMessages.append("Problem revoking a user permission: %s" % str(e))
def delete_roles(self, roleIds, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: roleIds = split_list_sanitized(roleIds) for roleId in roleIds: try: role = session.query(Role).filter(Role.id == roleId).one() session.delete(role) for flFile in session.query(File).filter( File.role_owner_id == role.id): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add( AuditLog( user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted as a result of the role owner being deleted. " % (flFile.name, flFile.id, role.id), "admin")) session.add( AuditLog( user.id, Actions.DELETE_ROLE, "%s deleted role \"%s\"(%s) from the system" % (user.id, role.name, role.id), None)) sMessages.append("Successfully deleted roles%s." % str(roleId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("The role ID: %s does not exist" % str(roleId)) session.commit() except Exception, e: session.rollback() cherrypy.log.error( "[%s] [delete_roles] [Problem deleting roles: %s]" % (user.id, str(e))) fMessages.append("Problem deleting roles: %s" % str(e))
def get_messages(self, format="json", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] messagesList, recvMessagesList, sentMessagesList = [], [], [] try: recvMessages = session.query(MessageShare).filter(MessageShare.recipient_id == user.id).all() sentMessages = session.query(Message).filter(Message.owner_id == user.id).all() for rMessage in recvMessages: messageDict = rMessage.message.get_dict() messageDict["viewedDatetime"] = ( rMessage.date_viewed.strftime("%m/%d/%Y") if rMessage.date_viewed is not None else None ) messageBody = strip_tags(cgi.escape(decrypt_message(rMessage.message)), True) messageDict["body"] = ( str(Template("$messageBody", searchList=[locals()], filter=WebSafe)) if messageBody is not None else "" ) recvMessagesList.append(messageDict) for message in sentMessages: messageDict = message.get_dict() messageBody = strip_tags(cgi.escape(decrypt_message(message)), True) messageDict["body"] = ( str(Template("$messageBody", searchList=[locals()], filter=WebSafe)) if messageBody is not None else "" ) sentMessagesList.append(messageDict) messagesList.append(recvMessagesList) messagesList.append(sentMessagesList) except Exception, e: fMessages.append("Error while retrieving messages: %s" % str(e))
def sign_tos(self, **kwargs): config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) if cherrypy.session.has_key("user") and cherrypy.session.get( "user") is not None: user = cherrypy.session.get("user") if kwargs.has_key('action') and kwargs['action'] == "sign": attachedUser = session.query(User).filter( User.id == user.id).one() attachedUser.date_tos_accept = datetime.datetime.now() cherrypy.session['user'] = attachedUser.get_copy() session.commit() raise cherrypy.HTTPRedirect(config['root_url']) else: currentYear = datetime.date.today().year footerText = str( Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(), globals()])) return str( Template(file=get_template_file('tos.tmpl'), searchList=[locals(), globals()])) else: raise cherrypy.HTTPRedirect(config['root_url'])
def login(self, **kwargs): msg, errorMessage, config = (None, None, cherrypy.request.app.config['filelocker']) authType = session.query(ConfigParameter).filter( ConfigParameter.name == "auth_type").one().value orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) if kwargs.has_key("msg"): msg = kwargs['msg'] if kwargs.has_key("local") and kwargs['local'] == str(True): authType = "local" loginPage = config['root_url'] + "/process_login" if msg is not None and str(strip_tags(msg)) == "1": errorMessage = "Invalid username or password" elif msg is not None and str(strip_tags(msg)) == "2": errorMessage = "You have been logged out of the application" elif msg is not None and str(strip_tags(msg)) == "3": errorMessage = "Password cannot be blank" if authType == "ldap" or authType == "local": currentYear = datetime.date.today().year footerText = str( Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(), globals()])) tpl = Template(file=get_template_file('login.tmpl'), searchList=[locals(), globals()]) return str(tpl) elif authType == "cas": raise cherrypy.HTTPRedirect(config['root_url']) else: cherrypy.log.error( "[system] [login] [No authentication variable set in config]") raise cherrypy.HTTPError(403, "No authentication mechanism")
def get_messages(self, format="json", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] messagesList, recvMessagesList, sentMessagesList = [], [], [] try: recvMessages = session.query(MessageShare).filter( MessageShare.recipient_id == user.id).all() sentMessages = session.query(Message).filter( Message.owner_id == user.id).all() for rMessage in recvMessages: messageDict = rMessage.message.get_dict() messageDict['viewedDatetime'] = rMessage.date_viewed.strftime( "%m/%d/%Y") if rMessage.date_viewed is not None else None messageBody = strip_tags( cgi.escape(decrypt_message(rMessage.message)), True) messageDict['body'] = str( Template( "$messageBody", searchList=[locals()], filter=WebSafe)) if messageBody is not None else "" recvMessagesList.append(messageDict) for message in sentMessages: messageDict = message.get_dict() messageBody = strip_tags(cgi.escape(decrypt_message(message)), True) messageDict['body'] = str( Template( "$messageBody", searchList=[locals()], filter=WebSafe)) if messageBody is not None else "" sentMessagesList.append(messageDict) messagesList.append(recvMessagesList) messagesList.append(sentMessagesList) except Exception, e: fMessages.append("Error while retrieving messages: %s" % str(e))
def get_search_widget(self, context, **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) groups = session.query(User).filter(User.id==user.id).one().groups directoryType = session.query(ConfigParameter).filter(ConfigParameter.name=="directory_type").one().value userShareableAttributes = AccountService.get_shareable_attributes_by_user(user) tpl = Template(file=get_template_file('search_widget.tmpl'), searchList=[locals(),globals()]) return str(tpl)
def upload_request_uploader(self, requestId=None, password=None, **kwargs): user = None format = "content_only" if kwargs.has_key( "format") and kwargs["format"] == "content_only" else "html" requestOwner, uploadRequest, tpl, messages, config = ( None, None, None, [], cherrypy.request.app.config['filelocker']) orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) maxDays = int( session.query(ConfigParameter).filter( ConfigParameter.name == 'max_file_life_days').one().value) defaultExpiration = datetime.date.today() + (datetime.timedelta( days=maxDays)) requestFiles = [] requestId = strip_tags(requestId) cherrypy.session['request-origin'] = str( os.urandom(32).encode('hex'))[0:32] if requestId is not None: if cherrypy.session.has_key("uploadRequest"): if cherrypy.session.get("uploadRequest").id != requestId: #TODO session check deletion del (cherrypy.session['uploadRequest']) if cherrypy.session.has_key( "uploadRequest" ): #Their requestId and the session uploadTicket's ID matched, let them keep the session uploadRequestId = cherrypy.session.get("uploadRequest").id uploadRequest = session.query(UploadRequest).filter( UploadRequest.id == uploadRequestId).scalar() if uploadRequest is None: #Expired request, but they still have a valid session to view file uploadRequest = cherrypy.session.get("uploadRequest") uploadRequest.expired = True elif password is None or password == "": #If they come in with a ticket - fill it in and prompt for password try: uploadRequest = session.query(UploadRequest).filter( UploadRequest.id == requestId).one() if uploadRequest.password == None and uploadRequest.type == "single": cherrypy.session[ 'uploadRequest'] = uploadRequest.get_copy() else: messages.append( "This upload request requires a password before you can upload files" ) uploadRequest = None raise cherrypy.HTTPError( 500, "Invalid password" ) if format == "content_only" else cherrypy.HTTPRedirect( config['root_url'] + '/upload_request?requestId=%s&msg=3' % requestId) requestOwner = session.query(User).filter( User.id == uploadRequest.owner_id).one() except cherrypy.HTTPError, httpe: raise httpe except cherrypy.HTTPRedirect, httpr: raise httpr except Exception, e: messages.append(str(e))
def unhide_all_shares(self, format="json"): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: session.query(HiddenShare).filter( HiddenShare.owner_id == user.id).delete() session.commit() sMessages.append("Successfully unhid shares") except Exception, e: fMessages.append(str(e))
def manage_groups(self, **kwargs): user, config = cherrypy.session.get( "user"), cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects( session.query(ConfigParameter).filter( ConfigParameter.name.like('org_%')).all()) groups = session.query(Group).filter(Group.owner_id == user.id).all() tpl = Template(file=get_template_file('manage_groups.tmpl'), searchList=[locals(), globals()]) return str(tpl)
def unhide_all_shares(self, format="json", requestOrigin=""): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete() session.commit() sMessages.append("Successfully unhid shares") except Exception, e: fMessages.append(str(e))
def create_group_shares(self, fileIds, groupId, notify="false", cc="false", format="json", requestOrigin=""): user, role, sMessages, fMessages, config = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [], cherrypy.request.app.config['filelocker']) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) fileIds = split_list_sanitized(fileIds) groupId = strip_tags(groupId) if groupId is not None and groupId != "" else None notify = True if notify.lower() == "true" else False cc = True if cc.lower() == "true" else False try: if groupId is not None: sharedFiles = [] group = session.query(Group).filter(Group.id==groupId).one() if (role is not None and group.role_owner_id == role.id) or group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): for fileId in fileIds: flFile = session.query(File).filter(File.id == fileId).one() existingShare = session.query(GroupShare).filter(and_(GroupShare.group_id==group.id, GroupShare.file_id==fileId)).scalar() if existingShare is not None: fMessages.append("File %s is already shared with group %s" % (flFile.name, group.name)) elif (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): flFile.group_shares.append(GroupShare(group_id=groupId, file_id=fileId)) sharedFiles.append(flFile) else: fMessages.append("You do not have permission to share file with ID: %s" % fileId) sMessages.append("Shared file(s) successfully") if role is not None: session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "Role %s shared %s files with group %s(%s)" % (role.id, len(fileIds), group.name, group.id), None, role.id)) else: session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "%s shared %s files with group %s(%s)" % (user.id, len(fileIds), group.name, group.id), None)) else: fMessages.append("You do not have permission to share with this group") session.commit() if notify: cherrypy.session.release_lock() for groupMember in group.members: try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':groupMember.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s has been notified via email that you have shared a file with him or her." % (groupMember.email), None, role.id if role is not None else None)) session.commit() except Exception, e: session.rollback() fMessages.append("Problem sending email notification to %s: %s" % (groupMember.display_name, str(e))) if cc: if (user.email is not None and user.email != ""): try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':user.email if role is None else role.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "You have been carbon copied via email on the notification that was sent out as a result of your file share.")) session.commit() except Exception, e: session.rollback() fMessages.append("Problem carbon copying email notification: %s" % (str(e))) else: fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.")
def generate_id(self): import random shareId = md5(str(random.random())).hexdigest() tryCount = 0 existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar() while existing is not None and tryCount < 5: tryCount += 1 shareId = md5(str(random.random())).hexdigest() existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar() if existing is not None: raise Exception("Could not create a unique share ID") self.id = shareId
def unhide_shares(self, format="json", requestOrigin="",**kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete(synchronize_session=False) session.commit() sMessages.append("All shares have been unhidden") except Exception, e: fMessages.append("Could not unhide shares: %s" % str(e)) cherrypy.log.error("[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def generate_id(self): import random shareId = md5(str(random.random())).hexdigest() tryCount = 0 existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar() while existing is not None and tryCount < 5: tryCount += 1 shareId = md5(str(random.random())).hexdigest() existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar() if existing is not None: raise Exception("Could not create a unique share ID") self.id = shareId
def unhide_shares(self, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: session.query(HiddenShare).filter( HiddenShare.owner_id == user.id).delete( synchronize_session=False) session.commit() sMessages.append("All shares have been unhidden") except Exception, e: fMessages.append("Could not unhide shares: %s" % str(e)) cherrypy.log.error( "[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def download(self, fileId, **kwargs): serveFile, publicShareId, requestedFile = False, None, None if cherrypy.session.has_key("public_share_id"): publicShareId = cherrypy.session.get("public_share_id") try: publicShare = session.query(PublicShare).filter(PublicShare.id == publicShareId).one() requestedFile = session.query(File).filter(File.id == fileId).one() if requestedFile in publicShare.files: serveFile = True else: raise cherrypy.HTTPError(401) except sqlalchemy.orm.exc.NoResultFound, nrf: raise cherrypy.HTTPError(404, "Could not find share or file")
def cluster_elections(config): try: currentNodeId = int(config["filelocker"]["cluster_member_id"]) currentNode = session.query(ClusterNode).filter(ClusterNode.member_id == currentNodeId).scalar() if currentNode is None: # This node isn't in the DB yet, check in import socket currentNode = ClusterNode( member_id=currentNodeId, hostname=socket.gethostname(), is_master=False, last_seen_timestamp=datetime.datetime.now(), ) session.add(currentNode) session.commit() else: # In the DB, update last seen to avoid purging currentNode.last_seen_timestamp = datetime.datetime.now() session.commit() currentMaster = session.query(ClusterNode).filter(ClusterNode.is_master == True).scalar() # If this is default master node and another node has assumed master, reset and force election if currentNodeId == 0 and currentNode.is_master == False and currentMaster is not None: for node in session.query(ClusterNode).all(): node.is_master = False session.commit() # This isn't the default master, there is one, but it's expired elif currentMaster is not None and currentMaster.last_seen_timestamp < datetime.datetime.now() - datetime.timedelta( minutes=5 ): # master is expired session.delete(currentMaster) session.commit() # No master, hold election elif currentMaster is None: # No master nodes found, become master if eligible purge_expired_nodes() highestPriority = currentNode.member_id for node in session.query(ClusterNode).all(): if node.member_id < highestPriority: highestPriority = node.member_id break if ( highestPriority == currentNode.member_id ): # Current node has lowest node id, thus highest priority, assume master currentNode.is_master = True session.commit() return True except sqlalchemy.orm.exc.ConcurrentModificationError, cme: cherrypy.log.error( "[system] [cluster_elections] [Concurrency error during elections. This can occur if locks on the DB inhibit normal cluster elections. If this error occurs infrequently, it can usually be disregarded. Full Error: %s]" % str(cme) ) session.rollback() return False
def help(self, **kwargs): defaultQuota = int( session.query(ConfigParameter).filter( ConfigParameter.name == 'default_quota').one().value) maxDays = int( session.query(ConfigParameter).filter( ConfigParameter.name == 'max_file_life_days').one().value) geoTagging = get_config_dict_from_objects([ session.query(ConfigParameter).filter( ConfigParameter.name == 'geotagging').one() ])['geotagging'] tpl = Template(file=get_template_file('halp.tmpl'), searchList=[locals(), globals()]) return str(tpl)
def create_admin_user(dburi, password): engine = create_engine(dburi, echo=False) Session = sessionmaker(bind=engine) session = Session() adminUser = session.query(User).filter(User.id=="admin").scalar() if adminUser is None: adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now()) session.add(adminUser) session.commit() adminUser.set_password(password) adminPermission = session.query(Permission).filter(Permission.id == "admin").one() if adminPermission not in adminUser.permissions: adminUser.permissions.append(adminPermission) session.commit()
def create_admin_user(dburi, password): engine = create_engine(dburi, echo=False) Session = sessionmaker(bind=engine) session = Session() adminUser = session.query(User).filter(User.id=="admin").scalar() if adminUser is None: adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now()) session.add(adminUser) session.commit() adminUser.set_password(password) adminPermission = session.query(Permission).filter(Permission.id == "admin").one() if adminPermission not in adminUser.permissions: adminUser.permissions.append(adminPermission) session.commit()
def index(self, **kwargs): config = cherrypy.request.app.config['filelocker'] authType = session.query(ConfigParameter).filter(ConfigParameter.name=="auth_type").one().value cliEnabled = session.query(ConfigParameter).filter(ConfigParameter.name=="cli_feature").one().value orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) user, originalUser = (cherrypy.session.get("user"), cherrypy.session.get("original_user")) maxDays = int(session.query(ConfigParameter).filter(ConfigParameter.name=='max_file_life_days').one().value) roles = session.query(User).filter(User.id == user.id).one().roles currentYear = datetime.date.today().year startDateFormatted, endDateFormatted = None, None today = datetime.datetime.now().replace(hour=0, minute=0, second=0, microsecond=0) sevenDays = datetime.timedelta(days=7) sevenDaysAgo = today - sevenDays sevenDaysAgo = sevenDaysAgo.replace(hour=0, minute=0, second=0, microsecond=0) defaultExpiration = datetime.date.today() + (datetime.timedelta(days=maxDays)) startDateFormatted = sevenDaysAgo endDateFormatted = today messageSearchWidget = self.account.get_search_widget("messages") geoTagging = get_config_dict_from_objects([session.query(ConfigParameter).filter(ConfigParameter.name=='geotagging').one()])['geotagging'] banner = session.query(ConfigParameter).filter(ConfigParameter.name=='banner').one().value defaultQuota = int(session.query(ConfigParameter).filter(ConfigParameter.name=='default_quota').one().value) header = Template(file=get_template_file('header.tmpl'), searchList=[locals(),globals()]) lightboxen = str(Template(file=get_template_file('lightboxen.tmpl'), searchList=[locals(),globals()])) footerText = str(Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(),globals()])) footer = Template(file=get_template_file('footer.tmpl'), searchList=[locals(),globals()]) filesSection = self.files() indexHTML = str(header) + str(filesSection) + str(footer) self.saw_banner() return str(indexHTML)
def get_user(userId, login=False): import warnings authType = session.query(ConfigParameter).filter( ConfigParameter.name == "auth_type").one().value warnings.simplefilter("ignore") user = session.query(User).filter(User.id == userId).scalar() if user is None and authType != "local": #This would be silly if we are using local auth, there's no other source of user info directory = ExternalDirectory() user = directory.lookup_user(userId) if user is not None: if user.quota is None: user.quota = int( session.query(ConfigParameter).filter( ConfigParameter.name == "default_quota").one().value) session.add(user) session.commit() if user is not None: attributeList = [] for permission in user.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) for group in user.groups: for permission in group.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) if login: for flPlugin in getPlugins(FilelockerPlugin, plugins): attributeList.extend( flPlugin.get_user_attributes(user.id) ) #Send user object off to plugin to get the list populated if not flPlugin.is_authorized( user.userId ): #Checks if any plugin is going to explicitly deny this user access to Filelocker user.authorized = False uniqueAttributeList = [] for attributeId in attributeList: if attributeId not in uniqueAttributeList: attr = session.query(Attribute).filter( Attribute.id == attributeId).scalar() if attr is not None: user.attributes.append(attr) uniqueAttributeList.append(attributeId) user.date_last_login = datetime.datetime.now() session.commit() setup_session(user.get_copy()) if user.quota is None: #Catch for users that got added with nil quotas user.quota = 0 session.commit() return user
def create_user_shares(self, fileIds, userId=None, notify="no", cc="false", format="json", requestOrigin="", **kwargs): config = cherrypy.request.app.config['filelocker'] orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) userId = strip_tags(userId) if userId is not None and userId != "" else None notify = True if notify.lower() == "true" else False cc = True if cc.lower() == "true" else False sharedFiles, recipients = [], [] try: if userId is not None: shareUser = AccountService.get_user(userId) if (shareUser.email is not None and shareUser.email != ""): recipients.append(shareUser) for fileId in fileIds: flFile = session.query(File).filter(File.id==fileId).one() if (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): existingShare = session.query(UserShare).filter(and_(UserShare.file_id==fileId, UserShare.user_id==userId)).scalar() if existingShare is None: flFile.user_shares.append(UserShare(user_id=userId, file_id=fileId)) session.commit() sharedFiles.append(flFile) if role is not None: session.add(AuditLog(user.id, Actions.CREATE_USER_SHARE, "Role %s shared file %s(%s) with %s" % (role.id, flFile.name, flFile.id, shareUser.id), shareUser.id, role.id)) else: session.add(AuditLog(user.id, "Create User Share", "%s shared file %s(%s) with %s" % (user.id, flFile.name, flFile.id, shareUser.id), shareUser.id)) session.commit() else: fMessages.append("You do not have permission to share file with ID: %s" % str(flFile.id)) if notify: cherrypy.session.release_lock() if cc: if (user is not None and user != ""): recipients.append(user) else: fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.") for recipient in recipients: try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':recipient.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name'], 'personalMessage': ""}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s(%s) has been notified via email that you have shared a file with him or her." % (recipient.display_name, recipient.id), None, role.id if role is not None else None)) except Exception, e: session.rollback() fMessages.append("Problem sending email notification to %s: %s" % (recipient.display_name, str(e))) session.commit() sMessages.append("Shared file(s) successfully") else: fMessages.append("You did not specify a user to share the file with")
def get_files_shared_with_user(user): sharedFiles = [] attachedUser = session.query(User).filter(User.id == user.id).one() hiddenFileIds = [] hiddenShares = session.query(HiddenShare).filter(HiddenShare.owner_id == user.id).all() for hiddenShare in hiddenShares: hiddenFileIds.append(hiddenShare.file_id) for share in attachedUser.user_shares: if share.flFile.id not in hiddenFileIds: sharedFiles.append(share.flFile) for group in attachedUser.groups: for share in group.group_shares: if share.flFile.id not in hiddenFileIds: sharedFiles.append(share.flFile) return sharedFiles
def download(self, fileId, **kwargs): serveFile, publicShareId, requestedFile = False, None, None if cherrypy.session.has_key("public_share_id"): publicShareId = cherrypy.session.get("public_share_id") try: publicShare = session.query(PublicShare).filter( PublicShare.id == publicShareId).one() requestedFile = session.query(File).filter( File.id == fileId).one() if requestedFile in publicShare.files: serveFile = True else: raise cherrypy.HTTPError(401) except sqlalchemy.orm.exc.NoResultFound, nrf: raise cherrypy.HTTPError(404, "Could not find share or file")
def get_files_shared_with_user_by_attribute(user): """Builds a dictionary keyed by attribute id with values that are lists of files shared by this attribute""" attributeShareDictionary = {} for attributeId in user.attributes: attribute = ( session.query(Attribute).filter(Attribute.id == attributeId).scalar() ) # Do this to ensure this attribute is even recognized by the system if attribute is not None: for attributeShare in ( session.query(AttributeShare).filter(AttributeShare.attribute_id == attribute.id).all() ): if not attributeShareDictionary.has_key(attributeShare.attribute_id): attributeShareDictionary[attributeShare.attribute_id] = [] attributeShareDictionary[attributeShare.attribute_id].append(attributeShare.flFile) return attributeShareDictionary
def routine_maintenance(config): from lib import AccountService expiredFiles = session.query(File).filter(File.date_expires < datetime.datetime.now()) for flFile in expiredFiles: try: for share in flFile.user_shares: session.delete(share) for share in flFile.group_shares: session.delete(share) for share in flFile.public_shares: session.delete(share) for share in flFile.attribute_shares: session.delete(share) FileService.queue_for_deletion(flFile.id) session.add( AuditLog( "admin", Actions.DELETE_FILE, "File %s (ID:%s) has expired and has been purged by the system." % (flFile.name, flFile.id), flFile.owner_id, ) ) session.delete(flFile) session.commit() except Exception, e: session.rollback() cherrypy.log.error("[system] [routine_maintenance] [Error while deleting expired file: %s]" % str(e))
def take_file(self, fileId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: config = cherrypy.request.app.config['filelocker'] try: flFile = session.query(File).filter(File.id==fileId).one() if flFile.owner_id == user.id: fMessages.append("You cannot take your own file") elif flFile.shared_with(user) or AccountService.user_has_permission(user, "admin"): if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota*1024*1024): cherrypy.log.error("[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name)) raise Exception("You may not copy this file because doing so would exceed your quota") takenFile = flFile.get_copy() takenFile.owner_id = user.id takenFile.date_uploaded = datetime.datetime.now() takenFile.notify_on_download = False session.add(takenFile) session.commit() shutil.copy(os.path.join(config['vault'],str(flFile.id)), os.path.join(config['vault'],str(takenFile.id))) sMessages.append("Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name) else: fMessages.append("You do not have permission to take this file") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId)) except Exception, e: session.rollback() fMessages.append(str(e))
def delete_files(self, fileIds, format="json", requestOrigin="", **kwargs): user, role, sMessages, fMessages = (cherrypy.session.get("user"),cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: fileId = int(fileId) flFile = session.query(File).filter(File.id == fileId).one() if flFile.role_owner_id is not None and role is not None and flFile.role_owner_id == role.id: FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted by user %s. " % (flFile.name, flFile.id, role.name, user.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) has been deleted" % (flFile.name, flFile.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) else: fMessages.append("You do not have permission to delete file %s" % flFile.name) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId)) except Exception, e: session.rollback() cherrypy.log.error("[%s] [delete_files] [Could not delete file: %s]" % (user.id, str(e))) fMessages.append("File not deleted: %s" % str(e))
def update_server_config(self, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: for key in kwargs: if key.startswith("config_name_"): parameterName = key[12:] # Parameter description should not be updated by client #description = kwargs['config_desc_%s' % parameterName] value = None if parameterName.endswith("pass"): #Don't strip characters from passwords value = kwargs[key] else: value = strip_tags(kwargs[key]) parameter = session.query(ConfigParameter).filter(ConfigParameter.name == parameterName).one() # Parameter description should not be updated by client #parameter.description = description parameter.value = value session.commit() #TODO: Make sure this if phased out properly #Filelocker.update_config(cherrypy.request.app.config) except Exception, e: session.rollback() cherrypy.log.error("[%s] [update_server_config] [Could not update server config: %s]" % (user.id, str(e))) fMessages.append("Unable to update config: %s" % str(e))
def update_server_config(self, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: for key in kwargs: if key.startswith("config_name_"): parameterName = key[12:] # Parameter description should not be updated by client #description = kwargs['config_desc_%s' % parameterName] value = None if parameterName.endswith( "pass" ): #Don't strip characters from passwords value = kwargs[key] else: value = strip_tags(kwargs[key]) parameter = session.query(ConfigParameter).filter( ConfigParameter.name == parameterName).one() # Parameter description should not be updated by client #parameter.description = description parameter.value = value session.commit() #TODO: Make sure this if phased out properly #Filelocker.update_config(cherrypy.request.app.config) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [update_server_config] [Could not update server config: %s]" % (user.id, str(e))) fMessages.append("Unable to update config: %s" % str(e))
def take_file(self, fileId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) config = cherrypy.request.app.config['filelocker'] try: flFile = session.query(File).filter(File.id == fileId).one() if flFile.owner_id == user.id: fMessages.append("You cannot take your own file") elif flFile.shared_with( user) or AccountService.user_has_permission(user, "admin"): if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota * 1024 * 1024): cherrypy.log.error( "[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name)) raise Exception( "You may not copy this file because doing so would exceed your quota" ) takenFile = flFile.get_copy() takenFile.owner_id = user.id takenFile.date_uploaded = datetime.datetime.now() takenFile.notify_on_download = False session.add(takenFile) session.commit() shutil.copy(os.path.join(config['vault'], str(flFile.id)), os.path.join(config['vault'], str(takenFile.id))) sMessages.append( "Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name) else: fMessages.append( "You do not have permission to take this file") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId))
def download_user_data(self, **kwargs): user = cherrypy.session.get("user") try: userList = session.query(User).all() mycsv = "" for flUser in userList: mycsv = mycsv + str(flUser.id) + ", " + str( flUser.first_name) + ", " + str( flUser.last_name) + ", " + str(flUser.email) + "\n" response = cherrypy.response response.headers['Cache-Control'] = "no-cache" response.headers['Content-Disposition'] = '%s; filename="%s"' % ( "attachment", "FilelockerUsers.csv") response.headers['Content-Type'] = "application/x-download" response.headers['Pragma'] = "no-cache" response.body = mycsv response.headers['Content-Length'] = len(response.body[0]) response.stream = True return response.body except Exception, e: cherrypy.log.error( "[%s] [download_user_data] [Unable to serve user data CSV: %s]" % (user.id, str(e))) raise cherrypy.HTTPError( 500, "Unable to serve user data CSV: %s" % str(e))
def get_public_shares_by_file_ids(self, fileIds, format="json", **kwargs): user, role, sMessages, fMessages, publicShares = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [], []) fileIds = split_list_sanitized(fileIds) try: publicShareIds = [] for fileId in fileIds: try: flFile = session.query(File).filter(File.id==fileId).one() if role is not None: if flFile.role_owner_id == role.id: for publicShare in flFile.public_shares: if publicShare.id not in publicShareIds: publicShareIds.append(publicShare.id) publicShares.append(publicShare) else: fMessages.append("This role does not have permission to access public shares on file with ID: %s" % fileId) elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): for publicShare in flFile.public_shares: if publicShare.id not in publicShareIds: publicShareIds.append(publicShare.id) publicShares.append(publicShare) else: fMessages.append("You do not have permission to access public shares on file with ID:%s" % fileId) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("File with ID:%s not found" % fileId) except Exception, e: fMessages.append(str(e))
def delete_public_shares_by_file_ids(self, fileIds, format="json", requestOrigin="", **kwargs): user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) try: for fileId in fileIds: try: flFile = session.query(File).filter(File.id==fileId).one() if role is not None: if flFile.role_owner_id == role.id: for publicShare in flFile.public_shares: publicShare.files.remove(flFile) else: fMessages.append("This role does not have permissions to modify public shares on file with ID: %s" % fileId) else: if flFile.owner_id == user.id: for publicShare in flFile.public_shares: publicShare.files.remove(flFile) else: fMessages.append("You do not have permission to modify public shares on file with ID: %s" % fileId) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("File with ID:%s not found" % fileId) except Exception,e: fMessages.append("Could delete public shares by file ids: %s" % str(e)) cherrypy.log.error("[%s] [delete_public_shares_by_file_ids] [Could delete public shares by file ids: %s]" % (user.id, str(e)))
def CLI_login(self, CLIkey, userId, format="cli", **kwargs): rootURL, local, sMessages, fMessages = cherrypy.request.app.config['filelocker']['root_url'], False, [], [] if session.query(ConfigParameter).filter(ConfigParameter.name == "cli_feature").one().value == 'Yes': userId = strip_tags(userId) CLIkey = strip_tags(CLIkey) hostIP = Filelocker.get_client_address() if(self.validIPv4.match(hostIP)): hostIPv4 = hostIP hostIPv6 = "" elif(self.validIPv6.match(hostIP)): hostIPv4 = "" hostIPv6 = hostIP self.directory = CLIDirectory.CLIDirectory() if self.directory.authenticate(userId, CLIkey, hostIPv4, hostIPv6): currentUser = AccountService.get_user(userId, True) cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32] if currentUser is not None: session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() sMessages.append(cherrypy.session['request-origin']) else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: CLI not supported by server!") return fl_response(sMessages, fMessages, format)
def purge_expired_nodes(): # Clean node table, check for master, if none run election expirationTime = datetime.datetime.now() - datetime.timedelta(minutes=5) expiredNodes = session.query(ClusterNode).filter(ClusterNode.last_seen_timestamp < expirationTime).all() for node in expiredNodes: session.delete(node) session.commit()
def create_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: if self.validIPv4.match(hostIPv4): hostIPv6 = '' elif self.validIPv6.match(hostIPv6): hostIPv4 = '' else: fMessages.append("No IP address specified.") return fl_response(sMessages, fMessages, format) CLIkeyGen = str(os.urandom(32).encode('hex'))[0:32] try: existingKey = session.query(CLIKey).filter(CLIKey.user_id==user.id).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one() existingKey.value=CLIkeyGen session.add(AuditLog(user.id, Actions.UPDATE_CLIKEY, "%s updated CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6))) session.commit() sMessages.append("Successfully updated key for host: %s%s." % (str(hostIPv4),str(hostIPv6))) except sqlalchemy.orm.exc.NoResultFound, nrf: newKey = CLIKey(user_id=strip_tags(user.id), host_ipv4=strip_tags(hostIPv4), host_ipv6=strip_tags(hostIPv6), value=CLIkeyGen) session.add(newKey) session.add(AuditLog(user.id, Actions.CREATE_CLIKEY, "%s created CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6))) session.commit() sMessages.append("Successfully added key for host: %s%s." % (str(hostIPv4),str(hostIPv6))) except Exception, e: session.rollback() cherrypy.log.error("[%s] [create_clikey] [Problem creating key: %s]" % (user.id, str(e))) fMessages.append("Problem creating key: %s" % str(e))
def check_in_file(tempFileName, flFile): config = cherrypy.request.app.config['filelocker'] filePath = os.path.join(config['vault'], tempFileName) #Virus scanning if requested avCommand = session.query(ConfigParameter).filter(ConfigParameter.name=="antivirus_command").one().value if(avCommand): avCommandList = avCommand.split(" ") avCommandList.append(filePath) scanFile = True else: scanFile = False try: if(scanFile): p = subprocess.Popen(avCommandList, stdout=subprocess.PIPE) output = p.communicate()[0] if(p.returncode != 0): cherrypy.log.error("[%s] [check_in_file] [File %s did not pass requested virus scan, return code: %s, output: %s]" % (flFile.owner_id, flFile.name, p.returncode, output)) queue_for_deletion(tempFileName) flFile.passed_avscan = False raise Exception('Virus found during scan!') else: flFile.passed_avscan = True else: flFile.passed_avscan = False session.add(flFile) session.commit() except OSError, oe: cherrypy.log.error("[%s] [check_in_file] [AVSCAN execution failed: %s]" % (flFile.owner_id, str(oe))) flFile.passed_avscan = False raise Exception('Virus scan failed!')