def client_issue_list(ctx, req):
cfg = req.registry.settings
if not asbool(cfg.get('netprofile.client.ticket.enabled', True)):
raise HTTPForbidden(detail=_('Issues view is disabled'))
sess = DBSession()
ent = req.user.parent
q = sess.query(Ticket)\
.filter(Ticket.entity == ent, Ticket.show_client == True)\
.order_by(Ticket.creation_time.desc())
tpldef = {'sess': DBSession(), 'tickets': q.all()}
req.run_hook('access.cl.tpldef', tpldef, req)
req.run_hook('access.cl.tpldef.issue.list', tpldef, req)
return tpldef
def _probe_query_hosts(probe_type, ids, cfg, hm, queries): if probe_type == 'hosts': queries.append(DBSession().query(Host)\ .filter(Host.id.in_(ids)) ) elif probe_type == 'entities': queries.append(DBSession().query(Host)\ .filter(Host.entity_id.in_(ids)) ) elif probe_type == 'domains': queries.append(DBSession().query(Host)\ .filter(Host.domain_id.in_(ids)) ) elif probe_type == 'houses': queries.append(DBSession().query(Host)\ .join(with_polymorphic(Entity, Entity))\ .join(Address)\ .filter(Address.house_id.in_(ids)) ) elif probe_type == 'streets': queries.append(DBSession().query(Host)\ .join(with_polymorphic(Entity, Entity))\ .join(Address)\ .join(House)\ .filter(House.street_id.in_(ids)) ) elif probe_type == 'districts': queries.append(DBSession().query(Host)\ .join(with_polymorphic(Entity, Entity))\ .join(Address)\ .join(House)\ .join(Street)\ .filter(Street.district_id.in_(ids)) ) elif probe_type == 'cities': queries.append(DBSession().query(Host)\ .join(with_polymorphic(Entity, Entity))\ .join(Address)\ .join(House)\ .join(Street)\ .filter(Street.city_id.in_(ids)) ) elif probe_type == 'housegroups': queries.append(DBSession().query(Host)\ .join(with_polymorphic(Entity, Entity))\ .join(Address)\ .join(House)\ .join(HouseGroupMapping)\ .filter(HouseGroupMapping.group_id.in_(ids)) ) elif probe_type == 'places': queries.append(DBSession().query(Host)\ .join(NetworkDevice)\ .filter(NetworkDevice.place_id.in_(ids)) )
def dav_children(self): sess = DBSession() for u in sess.query(User): u.__req__ = self.req u.__parent__ = self u.__plugin__ = self yield u
def dav_create(self, req, name, rtype=None, props=None, data=None): # TODO: externalize type resolution user = req.user sess = DBSession() if rtype and (dprops.COLLECTION in rtype): obj = FileFolder( user_id=user.id, group_id=user.group_id, name=name, parent=None, rights=F_DEFAULT_DIRS ) sess.add(obj) else: obj = File( user_id=user.id, group_id=user.group_id, filename=name, name=name, folder=None, rights=F_DEFAULT_FILES ) sess.add(obj) if data is not None: # TODO: detect type of data (fd / buffer) obj.set_from_file(data, user, sess) if props and (dprops.CONTENT_TYPE in props): obj.mime_type = props[dprops.CONTENT_TYPE] if props: if dprops.CREATION_DATE in props: obj.creation_time = props[dprops.CREATION_DATE] if dprops.LAST_MODIFIED in props: obj.modification_time = props[dprops.LAST_MODIFIED] return (obj, False)
def dav_children(self): sess = DBSession() for g in sess.query(Group): g.__req__ = self.req g.__parent__ = self g.__plugin__ = self yield g
def new_entity_validator(ret, values, request):
# FIXME: handle permissions
if 'etypeid' not in values:
return
sess = DBSession()
try:
ent_type = sess.query(EntityType).get(int(values['etypeid']))
except (TypeError, ValueError):
ent_type = None
# FIXME: error out on non-existent types
if ent_type is None:
return
parent_id = values.get('parentid')
if not parent_id and not ent_type.root:
ret['errors']['parent'].append(
request.localizer.translate(_('This entity requires a parent.')))
if parent_id:
try:
parent = sess.query(Entity).get(int(parent_id))
if parent and parent.type.leaf:
ret['errors']['parent'].append(
request.localizer.translate(
_('This entity can\'t have children.')))
except (TypeError, ValueError):
pass
mod = request.registry.getUtility(IModuleManager).get_module_browser()[
ent_type.module.name]
em = mod[ent_type.model]
xret = em.validate_fields(values, request)
if 'errors' in xret:
ret['errors'].update(xret['errors'])
def _wizcb_submit_hdl(wiz, em, step, act, val, req):
xcls = cls
if isinstance(xcls, str):
xcls = _name_to_class(xcls)
sess = DBSession()
fieldIDs = json.loads(val['field_id'])
templateName = val['template']
templId = val['templ_id']
for fid in fieldIDs:
resvalue = {
'templ_id':
templId,
'field_id':
fid,
'template':
templateName,
'field':
sess.query(PDNSFieldType).filter(
PDNSFieldType.id == fid).first()
}
em = ExtModel(xcls)
obj = xcls()
em.set_values(obj, resvalue, req, True)
sess.add(obj)
sess.flush()
print("TROLOLO")
return {'do': 'close', 'reload': True}
def find_princs_digest(param, request):
sess = DBSession()
try:
user = sess.query(User).filter(User.state == UserState.active,
User.enabled == True,
User.login == param['username']).one()
except NoResultFound:
return None
if not user.a1_hash:
return None
req_path = unquote(request.path.lower())
uri_path = unquote(param['uri'].lower())
if req_path != uri_path:
return None
ha2 = hashlib.md5(
('%s:%s' % (request.method, param['uri'])).encode()).hexdigest()
data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'],
'auth', ha2)
resp = hashlib.md5(('%s:%s' % (user.a1_hash, data)).encode()).hexdigest()
if resp == param['response']:
groups = ['g:%s' % user.group.name]
for sgr in user.secondary_groups:
if sgr == user.group:
continue
groups.append('g:%s' % sgr.name)
return groups
return None
def get_settings(request):
# FIXME: implement settings cache invalidation
if 'auth.settings' in request.session:
return request.session['auth.settings']
mmgr = request.registry.getUtility(IModuleManager)
all_settings = mmgr.get_settings('user')
user = request.user
if user is None:
ret = {}
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
if setting.default is None:
continue
ret['%s.%s.%s' %
(moddef, sname, setting_name)] = setting.default
else:
sess = DBSession()
ret = dict(
(s.name, s.value)
for s in sess.query(UserSetting).filter(UserSetting.user == user))
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting.name)
if fullname in ret:
ret[fullname] = setting.parse_param(ret[fullname])
elif setting.default is not None:
ret[fullname] = setting.default
request.session['auth.settings'] = ret
return ret
def xop_request(ctx, request):
# TODO: add optional redirect-to-site?
if not ctx.can_access(request):
raise HTTPForbidden('Access Denied')
gw = ctx.get_gateway()
if (not gw) or (not hasattr(gw, 'process_request')):
raise HTTPForbidden('Access Denied')
if not callable(gw.process_request):
raise HTTPForbidden('Access Denied')
try:
sess = DBSession()
xoplist = gw.process_request(request, sess)
except Exception as e:
# TODO: cancel and log?
raise HTTPForbidden('Access Denied')
for xop in xoplist:
ctx.check_operation(xop)
sess.add(xop)
if hasattr(gw, 'generate_response') and callable(gw.generate_response):
return gw.generate_response(request, xoplist)
resp = Response(body='OK', content_type='text/plain', charset='UTF-8')
return resp
def dav_children(self): sess = DBSession() for u in sess.query(User): ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self yield ab
def client_chrate(ctx, request):
loc = request.localizer
csrf = request.POST.get('csrf', '')
rate_id = int(request.POST.get('rateid'), 0)
aent_id = int(request.POST.get('entityid'))
ent = request.user.parent
err = True
if csrf == request.get_csrf():
sess = DBSession()
aent = sess.query(AccessEntity).get(aent_id)
if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities):
err = False
if 'clear' in request.POST:
rate_id = None
aent.next_rate_id = None
elif rate_id > 0:
aent.next_rate_id = rate_id
if err:
request.session.flash({
'text' : loc.translate(_('Error scheduling rate change')),
'class' : 'danger'
})
elif rate_id:
request.session.flash({
'text' : loc.translate(_('Rate change successfully scheduled'))
})
else:
request.session.flash({
'text' : loc.translate(_('Rate change successfully cancelled'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def _ent_hist_tickets(hist, ent, req, begin, end, max_num):
sess = DBSession()
# TODO: check permissions
qc = sess.query(TicketChange).options(joinedload(
TicketChange.user)).join(Ticket).filter(Ticket.entity == ent)
qt = sess.query(Ticket).options(joinedload(
Ticket.created_by)).filter(Ticket.entity == ent)
if begin is not None:
qc = qc.filter(TicketChange.timestamp >= begin)
qt = qt.filter(Ticket.creation_time >= begin)
if end is not None:
qc = qc.filter(TicketChange.timestamp <= end)
qt = qt.filter(Ticket.creation_time <= end)
if max_num:
qc = qc.limit(max_num)
qt = qt.limit(max_num)
for tc in qc:
eh = tc.get_entity_history(req)
if eh:
hist.append(eh)
for tkt in qt:
eh = tkt.get_entity_history(req)
if eh:
hist.append(eh)
def client_upload(request):
csrf = request.POST.get('csrf', '')
mode = request.POST.get('mode', '')
if not mode:
raise HTTPForbidden('Invalid upload use')
if csrf != request.get_csrf():
raise HTTPForbidden('Error uploading file')
sess = DBSession()
# FIXME: add folder cfg
tpldef = []
for fo in request.POST.getall('files'):
obj = File()
if fo.filename:
obj.name = obj.filename = fo.filename
sess.add(obj)
obj.set_from_file(fo.file, None, sess)
signal = request.run_hook('access.cl.upload', obj, mode, request, sess, tpldef)
if True not in signal:
tpldef.append({
'name' : obj.filename,
'size' : obj.size,
'error' : _('Error uploading file')
})
sess.delete(obj)
tpldef = { 'files' : tpldef }
request.run_hook('access.cl.tpldef.upload', tpldef, request)
return tpldef
def _cal_events_update(params, req):
if 'EventId' not in params:
return
evtype, evid = params['EventId'].split('-')
if evtype != 'ticket':
return
evid = int(evid)
if not req.has_permission('TICKETS_UPDATE'):
return
# TODO: fancy permissions/ACLs
sess = DBSession()
tkt = sess.query(Ticket).get(evid)
if tkt is None:
return
sess.execute(SetVariable('ticketid', tkt.id))
if 'StartDate' in params:
new_ts = dparse(params['StartDate']).replace(tzinfo=None,
microsecond=0)
if new_ts:
tkt.assigned_time = new_ts
if ('EndDate' in params) and tkt.assigned_time:
new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
delta = new_ts - tkt.assigned_time
tkt.duration = delta.seconds
def _dyn_prep_tpl(params, req):
objid = params.get('objid')
objtype = params.get('objtype')
if (not objid) or (not objtype):
raise ValueError('No object specified')
docid = params.get('docid')
if not docid:
raise ValueError('No document specified')
sess = DBSession()
docid = int(docid)
doc = sess.query(Document).get(docid)
if not doc:
raise KeyError('No such document')
config = {
'docid': docid,
'code': doc.code,
'name': doc.name,
'type': doc.type,
'vars': doc.variables,
'body': doc.body
}
tpl_vars = {}
form_fields = []
req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req)
req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req)
return {
'success': True,
'doc': config,
'vars': tpl_vars,
'form': form_fields
}
def task_generate(srv_ids=(), station_ids=()):
cfg = app.settings
factory = ConfigGeneratorFactory(cfg, app.mmgr)
ret = []
sess = DBSession()
loc = sys_localizer(app.mmgr.cfg.registry)
q = sess.query(Server)
if len(srv_ids) > 0:
q = q.filter(Server.id.in_(srv_ids))
if len(station_ids) > 0:
q = q.filter(Server.host_id.in_(station_ids))
for srv in q:
gen = factory.get(srv.type.generator_name)
logger.info('Generating config of type %s for host %s', srv.type.generator_name, str(srv.host))
gen.generate(srv)
ret.append(loc.translate(_('Successfully generated %s configuration for host %s.')) % (
srv.type.name,
str(srv.host)
))
hosts = factory.deploy()
ret.append(loc.translate(_('Successfully deployed configuration for hosts: %s.')) % (', '.join(hosts),))
factory.restore_umask()
transaction.commit()
return ret
def client_issue_append(ctx, req):
loc = req.localizer
cfg = req.registry.settings
if not asbool(cfg.get('netprofile.client.ticket.enabled', True)):
raise HTTPForbidden(detail=_('Issues view is disabled'))
errors = {}
if ctx.archived:
req.session.flash({
'class':
'danger',
'text':
loc.translate(
_('This ticket is archived. You can\'t append to it.'))
})
return HTTPSeeOther(location=req.route_url('tickets.cl.issues',
traverse=(ctx.id, 'view')))
if 'submit' in req.POST:
csrf = req.POST.get('csrf', '')
comments = req.POST.get('comments', '')
if csrf != req.get_csrf():
errors['csrf'] = _a('Error submitting form')
elif not comments:
errors['comments'] = _a('Invalid field length')
if len(errors) == 0:
sess = DBSession()
ch = TicketChange()
ch.ticket = ctx
ch.from_client = True
ch.show_client = True
ch.comments = comments
sess.add(ch)
req.session.flash({
'text':
loc.translate(
_('Your comment was successfully appended to the issue'))
})
return HTTPSeeOther(location=req.route_url(
'tickets.cl.issues', traverse=(ctx.id, 'view')))
tpldef = {
'crumbs': [{
'text': loc.translate(_('My Issues')),
'url': req.route_url('tickets.cl.issues', traverse=())
}, {
'text':
loc.translate(_('View Issue #%d')) % ctx.id,
'url':
req.route_url('tickets.cl.issues', traverse=(ctx.id, 'view'))
}, {
'text':
loc.translate(_('Append Comment to Issue #%d')) % ctx.id
}],
'ticket':
ctx,
'errors': {err: loc.translate(errors[err])
for err in errors}
}
req.run_hook('access.cl.tpldef', tpldef, req)
req.run_hook('access.cl.tpldef.issue.append', tpldef, req)
return tpldef
def _filter_hgroup(cls, query, value): if not isinstance(value, list): value = [value] return query.filter(Place.house_id.in_( DBSession().query(HouseGroupMapping.house_id)\ .filter(HouseGroupMapping.group_id.in_(value)) ))
def disable(self, moddef):
"""
Remove a module from the list of enabled modules.
"""
from netprofile_core.models import NPModule
if moddef not in self.modules:
logger.error(
'Can\'t find module \'%s\'. Verify installation and try again.',
moddef)
return False
if moddef in self.loaded:
if not self.unload(moddef): # pragma: no cover
logger.error('Can\'t unload module \'%s\'.', moddef)
return False
sess = DBSession()
try:
mod = sess.query(NPModule).filter(NPModule.name == moddef).one()
except NoResultFound:
return False
if mod.enabled == False:
return True
mod.enabled = False
transaction.commit()
return True
def _auth_to_db(event):
request = event.request
if not request.matched_route:
return
rname = request.matched_route.name
if rname[0] == '_':
return
if request.method == 'OPTIONS':
return
sess = DBSession()
user = request.user
if user:
try:
sess.execute(
SetVariables(accessuid=user.id,
accessgid=user.group_id,
accesslogin=user.login))
except NotImplementedError:
sess.execute(SetVariable('accessuid', user.id))
sess.execute(SetVariable('accessgid', user.group_id))
sess.execute(SetVariable('accesslogin', user.login))
else:
try:
sess.execute(
SetVariables(accessuid=0, accessgid=0, accesslogin='******'))
except NotImplementedError:
sess.execute(SetVariable('accessuid', 0))
sess.execute(SetVariable('accessgid', 0))
sess.execute(SetVariable('accesslogin', '[GUEST]'))
def client_activate(request):
if authenticated_userid(request):
return HTTPSeeOther(location=request.route_url('access.cl.home'))
did_fail = True
cur_locale = locale_neg(request)
cfg = request.registry.settings
comb_js = asbool(cfg.get('netprofile.client.combine_js', False))
can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False))
must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True))
link_id = int(cfg.get('netprofile.client.registration.link_id', 1))
rand_len = int(cfg.get('netprofile.client.registration.code_length', 20))
if (not can_reg) or (not must_verify):
return HTTPSeeOther(location=request.route_url('access.cl.login'))
code = request.GET.get('code', '').strip().upper()
login = request.GET.get('for', '')
if code and login and (len(code) == rand_len):
sess = DBSession()
for link in sess.query(AccessEntityLink)\
.options(joinedload(AccessEntityLink.entity))\
.filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code):
# TODO: implement code timeouts
ent = link.entity
if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login):
ent.access_state = AccessState.ok.value
sess.delete(link)
did_fail = False
break
tpldef = {
'failed' : did_fail,
'comb_js' : comb_js,
'cur_loc' : cur_locale
}
request.run_hook('access.cl.tpldef.activate', tpldef, request)
return tpldef
def delete(self, req, ctx, recurse=True, _flush=True):
sess = DBSession()
if recurse:
for ch in self.children(ctx):
self.delete(req, ch, recurse, False)
sess.delete(ctx)
if _flush:
sess.flush()
def dav_children(self): sess = DBSession() for ab in sess.query(AddressBook)\ .filter(AddressBook.user == self.user): ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self yield ab
def db_session(self):
def _after_begin(sess, trans, conn):
sess.execute(SetVariable('accessuid', 0))
sess.execute(SetVariable('accessgid', 0))
sess.execute(SetVariable('accesslogin', '[NPCTL]'))
sess = DBSession()
event.listen(sess, 'after_begin', _after_begin)
return sess
def _wizcb_future_submit(wiz, em, step, act, val, req):
sess = DBSession()
obj = FuturePayment()
em.set_values(obj, val, req, True)
sess.add(obj)
return {
'do' : 'close',
'reload' : True
}
def clone(self, req, ctx, recurse=True, _flush=True):
sess = DBSession()
obj = ctx.dav_clone(req)
sess.add(obj)
if recurse:
for ch in self.children(ctx):
newch = self.clone(req, ch, recurse, False)
obj.dav_append(req, newch, ch.__name__)
return obj
def dav_group(self):
user = self.req.user
root = None
if user:
root = user.group.effective_root_folder
if root:
return root.group
else:
return DBSession().query(Group).get(global_setting('core.vfs.root_gid'))
def _doc_gen_obj(tpl_vars, objid, objtype, req):
if objtype != 'entity':
return
obj = DBSession().query(Entity).get(objid)
if not obj:
return
v = obj.template_vars(req)
if v:
tpl_vars.update({'entity': v})
def domain_srv_rr(self, domain): from netprofile_hosts.models import ( Host, Service ) return DBSession().query(Service).join(Host).filter(or_( Service.domain_id == domain.id, and_(Service.domain_id == None, Host.domain_id == domain.id) ))
