def removeUser(self, currentuser, usertoberemovednick):
#permit(self.isSystemUser(currentuser), "Only System User can remove users")
#any logged in user not system user will be failed by this.
authorize(False, self, currentuser, None)
remuser=self.getUserForNick(currentuser, usertoberemovednick)
self.session.delete(remuser)
return OK
def removeUser(self, currentuser, usertoberemovednick):
#permit(self.isSystemUser(currentuser), "Only System User can remove users")
#any logged in user not system user will be failed by this.
authorize(False, self, currentuser, None)
remuser=self.getUserForNick(currentuser, usertoberemovednick)
#CONSIDER: remove user from users collection, but not his name elsewhere.
remuser.delete(safe=True)
return OK
def postableInvitesForUser(self, currentuser, useras, ptypestr=None):
"given a user, find their invitations to postables"
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
allpostables = useras.postablesinvitedto
if ptypestr:
postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables if e["ptype"] == ptypestr]
else:
postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables]
return postables
def ownerOfPostables(self, currentuser, useras, ptypestr=None):
"return the postables the user is an owner of"
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
allpostables = useras.postablesowned
if ptypestr:
postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables if e["ptype"] == ptypestr]
else:
postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables]
return postables
def acceptInviteToApp(self, currentuser, fullyQualifiedAppName, me, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
authorize(False, self, currentuser, me)
permit(self.isInvitedToApp(me, app), "User %s must be invited to app %s" % (me.nick, app.fqin))
try:
me.applicationsin.append(app)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (me.nick, app.fqin))
return me
def acceptInviteToGroup(self, currentuser, fullyQualifiedGroupName, me, authspec):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
authorize(False, self, currentuser, me)
permit(self.isInvitedToGroup(me, grp), "User %s must be invited to group %s" % (me.nick, grp.fqin))
#permit(self.isInvitedToGroup(me, grp) or self.isSystemUser(currentuser), "User %s must be invited to group %s or currentuser must be systemuser" % (me.nick, grp.fqin))
try:
me.groupsin.append(grp)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (me.nick, grp.fqin))
return me
def addApp(self, currentuser, appspec):
authorize(False, self, currentuser, currentuser)
appspec=validatespec(appspec, "app")
appspec['appgroup']=True
try:
newapp=Application(**appspec)
except:
doabort('BAD_REQ', "Failed adding app %s" % appspec['name'])
self.session.add(newapp)
#self.commit()#needed due to full lookup in addUserToApp. fixthis
self.addUserToApp(currentuser, newapp, newapp.creator, None)
return newapp
def addGroup(self, currentuser, groupspec):
authorize(False, self, currentuser, currentuser)
vspec=validatespec(groupspec, "group")
try:
newgroup=Group(**vspec)
except:
doabort('BAD_REQ', "Failed adding group %s" % groupspec['name'])
#Also add user to private default group and public group
self.session.add(newgroup)
#self.commit()#needed as in addUserToGroup you do a full lookup. fix this!
#print newgroup.fqin, newgroup.creator.info(), '<<<<<<'
self.addUserToGroup(currentuser, newgroup, newgroup.creator, None)
return newgroup
def addPostable(self, currentuser, useras, ptypestr, postablespec):
"the useras adds a postable. currently either currentuser=superuser or useras"
# authorize(False, self, currentuser, currentuser)
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
postablespec["creator"] = useras.basic.fqin
postablespec = augmentspec(postablespec, ptypestr)
a = postablespec["basic"].name.find(":")
b = postablespec["basic"].name.find("/")
if a != -1 or b != -1:
doabort("BAD_REQ", "Failed adding postable due to presence of : or / %s" % (postablespec["basic"].name))
ptype = gettype(postablespec["basic"].fqin)
try:
# print "do we exist",postablespec['basic'].fqin
p = ptype.objects.get(basic__fqin=postablespec["basic"].fqin)
# print "postable exists", p.basic.fqin
return useras, p
except:
# print "In addPostable", ptypestr, ptype
try:
newpostable = ptype(**postablespec)
newpostable.save(safe=True)
# how to save it together?
userq = User.objects(basic__fqin=newpostable.owner)
user = userq.get()
newpe = is_pe_in_mble(newpostable, user.postablesowned)
# memb = is_me_in_pble(memberable, postable.members)
# this would be added a second time but we are protected by this line above!
if newpe == False:
newpe = PostableEmbedded(
ptype=ptypestr,
fqpn=newpostable.basic.fqin,
owner=user.adsid,
pname=newpostable.presentable_name(),
readwrite=True,
description=newpostable.basic.description,
)
res = userq.update(safe_update=True, push__postablesowned=newpe)
##print "result", res, currentuser.groupsowned, currentuser.to_json()
except:
doabort("BAD_REQ", "Failed adding postable %s %s" % (ptype.__name__, postablespec["basic"].fqin))
# BUG changerw must be appropriate here!
self.addMemberableToPostable(
currentuser, useras, newpostable.basic.fqin, newpostable.basic.creator, changerw=False, ownermode=True
)
##print "autoRELOAD?", userq.get().to_json()
newpostable.reload()
return user, newpostable
def addGroup(self, currentuser, groupspec):
authorize(False, self, currentuser, currentuser)
groupspec=augmentspec(groupspec, "group")
#print "GROUPSPEC", groupspec, groupspec['basic'].fqin
try:
newgroup=Group(**groupspec)
newgroup.save(safe=True)
#how to save it together?
userq= User.objects(nick=newgroup.owner)
res=userq.update(safe_update=True, push__groupsowned=newgroup.basic.fqin)
#print "result", res, currentuser.groupsowned, currentuser.to_json()
except:
import sys
print sys.exc_info()
doabort('BAD_REQ', "Failed adding group %s" % groupspec['basic'].name)
self.addUserToGroup(currentuser, newgroup.basic.fqin, newgroup.basic.creator)
return newgroup
def addApp(self, currentuser, appspec):
authorize(False, self, currentuser, currentuser)
appspec=augmentspec(appspec, "app")
print "APPSPEC", appspec
try:
newapp=App(**appspec)
newapp.save(safe=True)
userq= User.objects(nick=newapp.owner)
userq.update(safe_update=True, push__appsowned=newapp.basic.fqin)
except:
import sys
print sys.exc_info()
doabort('BAD_REQ', "Failed adding app %s" % appspec['basic'].name)
#self.commit()#needed due to full lookup in addUserToApp. fixthis
self.addUserToApp(currentuser, newapp.basic.fqin, newapp.basic.creator)
return newapp
def toggleRWForMembership(self, currentuser, useras, fqpn, memberable):
ptype = gettype(fqpn)
memberablefqin = memberable.basic.fqin
mtype = gettype(memberablefqin)
# print "types", fqpn, ptype, memberablefqin,mtype
postableq = ptype.objects(basic__fqin=fqpn)
# memberableq=mtype.objects(basic__fqin=memberablefqin)
# BUG currently restricted admission. Later we will want groups and apps proxying for users.
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
try:
postable = postableq.get()
# memberable=memberableq.get()
except:
doabort(
"BAD_REQ",
"No such unique memberable %s %s postable %s %s"
% (mtype.__name__, memberablefqin, ptype.__name__, fqpn),
)
members = postable.members
postables = memberable.postablesin
# BUG make faster by using a mongo search
# REAL BIG BUG: need to flip on both
if memberablefqin == "adsgut/user:anonymouse":
# you are guaranteed (sort of) that public group is also member.
memberable2 = Group.objects(basic__fqin="adsgut/group:public").get()
memberablefqin = memberable2.basic.fqin
postables = memberable2.postablesin
if memberablefqin == "adsgut/group:public":
memberable2 = memberable
for me in members:
if me.fqmn == memberablefqin:
me.readwrite = not me.readwrite
for p in postables:
if p.fqpn == fqpn:
p.readwrite = not p.readwrite
# CHECK: does this make the change we want, or do we need explicit update?
# postableq.update(safe_update=True)
# memberableq.update(safe_update=True)
postable.save(safe=True)
memberable.save(safe=True)
if memberablefqin == "adsgut/group:public":
memberable2.save(safe=True)
return memberable, postable
def acceptInviteToApp(self, currentuser, fqan, menick):
appq=Group.objects(basic__fqin=fqan)
userq= User.objects(nick=menick)
try:
me=userq.get()
except:
doabort('BAD_REQ', "No such user %s" % menick)
try:
app=appq.get()
except:
doabort('BAD_REQ', "No such app %s" % fqan)
authorize(False, self, currentuser, me)
permit(self.isInvitedToApp(me, app.basic.fqin), "User %s must be invited to app %s" % (menick, fqan))
try:
userq.update(safe_update=True, push__appsin=fqan, pull__appsinvitedto=fqan)
appq.update(safe_update=True, push__members=menick)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (menick, fqan))
return menick
def acceptInviteToGroup(self, currentuser, fqgn, menick):
grpq=Group.objects(basic__fqin=fqgn)
userq= User.objects(nick=menick)
try:
me=userq.get()
except:
doabort('BAD_REQ', "No such user %s" % menick)
try:
grp=grpq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqgn)
authorize(False, self, currentuser, me)
print "JJJJJ", me.groupsinvitedto
permit(self.isInvitedToGroup(me, grp.basic.fqin), "User %s must be invited to group %s" % (menick, fqgn))
try:
userq.update(safe_update=True, push__groupsin=fqgn, pull__groupsinvitedto=fqgn)
grpq.update(safe_update=True, push__members=menick)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (menick, fqgn))
return menick
def acceptInviteToPostable(self, currentuser, fqpn, me):
"do i accept the invite?"
ptype = gettype(fqpn)
postableq = ptype.objects(basic__fqin=fqpn)
# userq= User.objects(basic__fqin=mefqin)
# try:
# me=userq.get()
# except:
# doabort('BAD_REQ', "No such user %s" % mefqin)
mefqin = me.basic.fqin
try:
postable = postableq.get()
except:
doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn))
authorize(False, self, currentuser, me)
permit(
self.isInvitedToPostable(currentuser, me, postable),
"User %s must be invited to postable %s %s" % (mefqin, ptype.__name__, fqpn),
)
try:
inviteds = postable.inviteds
memb = None
for inv in inviteds:
if inv.fqmn == mefqin:
memb = inv
pe = None
for uinv in me.postablesinvitedto:
if uinv.fqpn == fqpn:
pe = uinv
if memb == None or pe == None:
doabort("BAD_REQ", "User %s was never invited to postable %s %s" % (mefqin, ptype.__name__, fqpn))
me.update(safe_update=True, push__postablesin=pe, pull__postablesinvitedto__fqpn=pe.fqpn)
postableq.update(safe_update=True, push__members=memb, pull__inviteds__fqmn=memb.fqmn)
except:
doabort("BAD_REQ", "Failed in user %s accepting invite to gpostable %s %s" % (mefqin, ptype.__name__, fqpn))
me.reload()
return me, postableq.get()
def appInvitationsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
#permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick)
apps=useras.applicationsinvitedto
return [e.info() for e in apps]
def getUserInfo(self, currentuser, useras):
authorize(False, self, currentuser, useras)
return useras.info()
def ownerOfApps(self, currentuser, useras):
authorize(False, self, currentuser, useras)
#permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick)
applications=useras.appsowned
return [e.info() for e in applications]
def groupsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
#permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick)
groups=useras.groupsin
return [e.info() for e in groups]
def allApps(self, currentuser):
authorize(False, self, currentuser, None)
apps=self.session.query(Application).filter_by(appgroup=True).all()
return [e.info() for e in apps]
def ownerOfGroups(self, currentuser, useras):
authorize(False, self, currentuser, useras)
#permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick)
groups=useras.groupsowned
#print "GROUPS", groups
return [e.info() for e in groups]
def allUsers(self, currentuser):
authorize(False, self, currentuser, None)
users=self.session.query(User).filter_by(systemuser=False).all()
return [e.info() for e in users]
def allGroups(self, currentuser):
authorize(False, self, currentuser, None)
groups=self.session.query(Group).filter_by(appgroup=False, personalgroup=False).all()
return [e.info() for e in groups]
def groupsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
groups=useras.groupsin
return groups
def getUserInfo(self, currentuser, nick):
user=self.getUserForNick(currentuser, nick)
authorize(False, self, currentuser, user)
# permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
# permit(self.isMemberOfGroup(usertobenewowner, grp) or self.isSystemUser(usertobenewowner), " User %s must be member of grp %s or systemuser" % (currentuser.nick, grp.fqin))
return user
def groupInvitationsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
groups=useras.groupsinvitedto
return groups
def appsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
apps=useras.appsin
return apps
def appInvitationsForUser(self, currentuser, useras):
authorize(False, self, currentuser, useras)
apps=useras.appsinvitedto
return apps
def getUserInfoFromAdsid(self, currentuser, adsid):
"gets user for nick only if you are superuser or that user"
user = self.getUserForAdsid(currentuser, adsid)
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, user)
return user
def addMemberableToPostable(self, currentuser, useras, fqpn, memberablefqin, changerw=False, ownermode=False):
"add a user, group, or app to a postable=group, app, or library"
ptype = gettype(fqpn)
mtype = gettype(memberablefqin)
# print "types in AMTP", fqpn, ptype, memberablefqin,mtype
postableq = ptype.objects(basic__fqin=fqpn)
memberableq = mtype.objects(basic__fqin=memberablefqin)
# BUG currently restricted admission. Later we will want groups and apps proxying for users.
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
try:
postable = postableq.get()
except:
doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn))
try:
memberable = memberableq.get()
except:
doabort("BAD_REQ", "No such memberable %s %s" % (mtype.__name__, memberablefqin))
if fqpn != "adsgut/group:public":
# print "Adding to POSTABLE ", memberable.basic.fqin, postable.basic.fqin, currentuser.basic.fqin, useras.basic.fqin
# special case so any user can add themselves to public group
# permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_postable_owner(False, self, currentuser, useras, postable)
try:
if ownermode:
rw = True
else:
if not changerw:
rw = RWDEFMAP[ptype]
else:
rw = not RWDEFMAP[ptype]
# BUG: weneed to check here that this is unique
pe = is_pe_in_mble(postable, memberable.postablesin)
# memb = is_me_in_pble(memberable, postable.members)
# this would be added a second time but we are protected by this line above!
if pe == False:
pe = PostableEmbedded(
ptype=ptype.classname,
fqpn=postable.basic.fqin,
owner=useras.adsid,
pname=postable.presentable_name(),
readwrite=rw,
description=postable.basic.description,
)
memberableq.update(safe_update=True, push__postablesin=pe)
memb = is_me_in_pble(memberable, postable.members)
if memb == False:
memb = MembableEmbedded(
mtype=mtype.classname, fqmn=memberablefqin, readwrite=rw, pname=memberable.presentable_name()
)
# if we are already there this happened and do nothing.clearly we need to be careful
postableq.update(safe_update=True, push__members=memb)
except:
doabort(
"BAD_REQ",
"Failed adding memberable %s %s to postable %s %s"
% (mtype.__name__, memberablefqin, ptype.__name__, fqpn),
)
memberable.reload()
return memberable, postableq.get()
