def setup_DB():
"""
Called when the DB is to be initialized. Should only be called once.
"""
event_log = EventLog()
sc = _SiteConfig()
userDB = UserDB()
roleDB = RoleDB()
mainDB.create_all()
event_log.add('db_setup', -1, True)
default_group = userDB.add_group(mainApp.config['DEFAULT_GROUP'],
mainApp.config['DEFAULT_GROUP_DESC'])
default_acts = get_activity_dict(False)
default_acts.update(mainApp.config['DEFAULT_ROLE_ACTIVITIES'])
dummy = roleDB.add_role(
mainApp.config['DEFAULT_ROLE_NAME'],
mainApp.config['DEFAULT_ROLE_DESC'],
default_acts)
user = userDB.add(mainApp.config['ADMIN_USER'],
mainApp.config["ADMIN_PASSWD"], mainApp.config['ADMIN_FULLNAME'])
admin_group = userDB.add_group(mainApp.config['ADMIN_GROUP'],
mainApp.config['ADMIN_GROUP_DESC'], user.id)
if not userDB.update_primary(user, admin_group):
raise SetupError(
'Could not assign the admin user "{0}" primary group to the ' \
'admin group "{1}"!'.format(user, admin_group))
# By default, the admin is part of the top level group as well as default
dummy = userDB.add_group(mainApp.config['TOP_LEVEL_GROUP'],
mainApp.config['TOP_LEVEL_GROUP_DESC'], user.id)
userDB.add_to_group(user, default_group)
admin_role = get_activity_dict(True)
role = roleDB.add_role(
mainApp.config['ADMIN_ROLE_NAME'],
mainApp.config['ADMIN_ROLE_DESC'],
admin_role)
roleDB.assign_role(user, mainApp.config['ADMIN_GROUP'], role)
roleDB.assign_role(user, mainApp.config['TOP_LEVEL_GROUP'], role)
roleDB.assign_role(user, mainApp.config['DEFAULT_GROUP'], role)
sc.add(mainApp.noink_version, mainApp.config['SITE_NAME'],
mainApp.config['SITE_ADMIN_EMAIL'])
event_log.add('db_finish', -1, True)
def add_role(self, name, description, activities=None):
"""
Add a new role to the DB.
@param name: Short, descriptive name of the role. Must be unique.
@param description: Longer description of the role.
@param activities: An activity dict defining the role's activities.
If parameter is omitted, then a default dict is used.
"""
try:
exists = self.find_role_by_name(name)
except:
exists = False
if exists:
raise DuplicateRole("{0} already exists as a role with id " "'{1}'".format(name, str(exists)))
if activities is None:
activities = get_activity_dict(False)
now = datetime.datetime.now()
pact = pickle(activities)
role = Role(name, description, pact, now)
mainDB.session.add(role)
mainDB.session.commit()
blob = pickle({"id": role.id})
# XXX - Do we want to use the user ID of the person adding this role?
self.eventLog.add("add_role", -1, True, blob, role.name)
return role
def test_AssignRole(self):
user_db = UserDB()
role_db = RoleDB()
u = user_db.add("jontest", "pass", "Jon Q. Testuser")
g = user_db.add_group('test_group')
user_db.add_to_group(u, g)
r = role_db.add_role('test_role', 'test role', get_activity_dict(True))
role_db.assign_role(u, g, r)
all_roles = set(rm.role for rm in role_db.get_roles(u))
self.assertTrue(r in all_roles)
def test_AssignRole(self):
user_db = UserDB()
role_db = RoleDB()
u = user_db.add("jontest", "pass", "Jon Q. Testuser")
g = user_db.add_group('test_group')
user_db.add_to_group(u, g)
r = role_db.add_role('test_role', 'test role', get_activity_dict(True))
role_db.assign_role(u, g, r)
all_roles_1st = set(rm.role for rm in role_db.get_roles(u))
was_in_before = r in all_roles_1st
role_db.revoke_role(u, g, r)
all_roles_2nd = set(rm.role for rm in role_db.get_roles(u))
not_in_after = r not in all_roles_2nd
self.assertTrue(was_in_before and not_in_after)
def admin_new_role():
"""
Renders the new role page
"""
role_db = RoleDB()
if current_user.is_authenticated() and current_user.is_active():
all_activities = set()
for m in role_db.get_roles(current_user):
acts = role_db.get_activities(m.role_id)
for act in acts:
if acts[act]:
all_activities.add(act)
if 'new_role' in all_activities:
role = role_db.create_temp_empty_role()
if 'cancel' in request.form:
return redirect(url_for('admin_role.admin_role_page'))
elif 'submit' in request.form:
rname = request.form.get('role_name', None)
role.name = rname
role.description = request.form.get('description', None)
updated_acts = request.form.getlist('activities')
ract = get_activity_dict(False)
for a in updated_acts:
ract[a] = True
role = role_db.update_temp_role_activities(role, ract)
if rname is not None and rname != '':
r = role_db.get_role(rname)
if r is None:
try:
role = role_db.add_role(role.name,
role.description, ract)
flash(_('Role "{0}" added.'.format(rname)))
return redirect(url_for(
'admin_role.admin_role_page'))
except DuplicateRole:
flash(_('Role name "{0}" is already in use!'.format(
rname)), 'error')
return render_template('admin_role.html', role=role,
state=get_state(), title=_('Edit Role'),
cancel_button=_('Cancel'), submit_button=_('Submit'),
can_edit_roles=True, activities=activities)
else:
return _not_auth()
else:
return _not_auth()
def create_temp_empty_role(self):
"""
Returns a temporary, empty role object.
"""
pact = pickle(get_activity_dict(False))
return Role(None, None, pact, None)
def admin_role_page(rid):
"""
Renders the role admin page
"""
user_db = UserDB()
role_db = RoleDB()
if current_user.is_authenticated() and current_user.is_active():
is_admin = user_db.in_group(current_user, mainApp.config['ADMIN_GROUP'])
all_activities = set()
for m in role_db.get_roles(current_user):
acts = role_db.get_activities(m.role_id)
for act in acts:
if acts[act]:
all_activities.add(act)
can_view_roles = 'view_roles' in all_activities
can_edit_roles = 'edit_roles' in all_activities
if is_admin or can_view_roles:
if rid is None:
if request.method == 'POST':
if 'delete' in request.form:
rids = request.form.getlist('select')
for rid in rids:
try:
role_db.delete_role(int(rid))
flash(_('Role with ID "{0}" deleted'.format(
rid)))
except RoleNotFound:
flash(_('"{0}" role id not found!'.format(
rid)), 'error')
elif 'new' in request.form:
return redirect(url_for('admin_role.admin_new_role'))
roles = role_db.get_all_roles()
return render_template('list_roles.html', roles=roles,
state=get_state(), can_view_roles=can_view_roles,
can_edit_roles=can_edit_roles, title=_('All Roles'),
delete_button=_('Delete'), new_button=_('New'),
cancel_button=_('Cancel'), activities=activities,
del_title=_('Delete Roles(s)'),
del_warn=_('Deleting roles is a permanent action. '\
'Are you sure?'))
else:
if request.method == "POST":
if 'cancel' in request.form:
return redirect(url_for('admin_role.admin_role_page'))
elif 'submit' in request.form:
role = role_db.get_role(rid)
if role is not None:
role.name = request.form.get('role_name',
role.name)
role.description = request.form.get('description',
role.description)
updated_acts = request.form.getlist('activities')
ract = get_activity_dict(False)
for a in updated_acts:
ract[a] = True
role = role_db.update_temp_role_activities(
role, ract)
role_db.update_role(role)
return redirect(url_for(
'admin_role.admin_role_page'))
role = role_db.get_role(rid)
if role is not None:
return render_template('admin_role.html', role=role,
state=get_state(), title=_('Edit Role'),
cancel_button=_('Cancel'), submit_button=_('Submit'),
can_edit_roles=True, activities=activities)
else:
return _not_auth()
else:
return _not_auth()
def test_AddRole(self):
role_db = RoleDB()
r1 = role_db.add_role("test_role", "A test role", get_activity_dict(True))
r2 = role_db.get_role("test_role")
self.assertEqual(r1.id, r2.id)