Beispiel #1
0
 def xhr_create_rolemember(self):
     log = pysite.lib.JsonResp()
     principal_ids = [int(x) for x in self.request.POST.getall(
         'principal_ids[]') if int(x) != 0]
     if not principal_ids:
         log.error('No principals selected')
         return log.resp
     role_ids = [int(x) for x in self.request.POST.getall(
         'role_ids[]') if int(x) != 0]
     if not role_ids:
         log.error('No roles selected')
         return log.resp
     sess = DbSession()
     try:
         for rid in role_ids:
             for pid in principal_ids:
                 # XXX This is not atomic!
                 if not sess.query(RoleMember.id).filter(
                         sa.and_(RoleMember.principal_id == pid,
                             RoleMember.role_id == rid)).all():
                     manager.create_rolemember(dict(
                         owner=self.request.user.uid,
                         principal_id=pid,
                         role_id=rid
                     ))
     except (StatementError) as exc:
         log.fatal(str(exc))
         return log.resp
     else:
         log.ok("{0} principals added to {1} roles"
             .format(len(principal_ids), len(role_ids)))
         return log.resp
Beispiel #2
0
 def xhr_create(self):
     sch = pysite.dd.build_schema(colander.MappingSchema, self.DD,
         fieldlist=self.EDIT_FIELDLIST)
     try:
         data = pysite.dd.deserialize(sch, self.request.POST)
     except colander.Invalid as exc:
         return {'status': False, 'msg': 'Errors', 'errors': exc.asdict()}
     try:
         vv = {}
         for k, v in data.items():
             vv[k[self.PREFIXLEN:]] = v
         vv['owner'] = self.request.user.uid
         vv['ctime'] = datetime.datetime.now()
         manager.create_rolemember(vv)
         return {'status': True, 'msg': 'Ok'}
     except (StatementError, NoResultFound, PySiteError) as exc:
         return {'status': False, 'msg': str(exc), 'errors': {}}
Beispiel #3
0
 def _create_role_and_principal():
     import pysite.authmgr.manager as usrmanager
     sess = pysite.models.DbSession()
     try:
         role = sess.query(Role).filter(Role.name == rolename).one()
         msgs.append("Use existing role '{0}' ({1})".format(
             role.name, role.id))
     except NoResultFound:
         role_data = dict(
             name=rolename,
             owner=owner,
             notes="Manager role for site '{0}'".format(data['sitename'])
         )
         role = usrmanager.create_role(role_data)
         msgs.append("Created role '{0}' ({1})".format(role.name, role.id))
     if isinstance(data['principal'], dict):
         data['principal']['owner'] = owner
         principal = usrmanager.create_principal(data['principal'])
         msgs.append("Created principal '{0}' ({1})".format(
             principal.principal, principal.id))
     else:
         try:
             principal = sess.query(Principal).filter(
                 Principal.principal == data['principal']).one()
             msgs.append("Use existing principal '{0}' ({1})".format(
                 principal.principal, principal.id))
         except NoResultFound:
             errors.append("Principal '{0}' not found".format(
                 data['principal']))
             return info
     try:
         # Save these here. If create_rolemember fails, the session is
         # aborted and we cannot access the attributes of the entities
         # in the except handler.
         princ = principal.principal
         rol = role.name
         usrmanager.create_rolemember(dict(principal_id=principal.id,
             role_id=role.id, owner=owner))
         msgs.append("Set principal '{0}' as member of role '{1}'".format(
             principal.principal, role.name))
     except IntegrityError:
         msgs.append("Principal '{0}' is already member of role '{1}'".format(
             princ, rol))
Beispiel #4
0
    def _setup_users(self):
        sess = pysite.models.DbSession()
        # 1// Create principal system
        p_system = usrmgr.create_principal(dict(
            id=SYSTEM_UID,
            principal='system',
            email='system@localhost',
            first_name='system',
            display_name='System',
            owner=SYSTEM_UID,
            # Roles do not exist yet. Do not auto-create them
            roles=False
        ))

        # 2// Create roles
        # This role should not have members.
        # Not-authenticated users are automatically member of 'everyone'
        usrmgr.create_role(dict(
            id=EVERYONE_RID,
            name='everyone',
            notes='Everyone (incl. unauthenticated users)',
            owner=SYSTEM_UID,
        ))
        usrmgr.create_role(dict(
            id=SYSTEM_RID,
            name='system',
            owner=SYSTEM_UID
        ))
        r_wheel = usrmgr.create_role(dict(
            id=WHEEL_RID,
            name='wheel',
            notes='Site Admins',
            owner=SYSTEM_UID
        ))
        r_users = usrmgr.create_role(dict(
            id=USERS_RID,
            name='users',
            notes='Authenticated Users',
            owner=SYSTEM_UID
        ))
        r_unit_testers = usrmgr.create_role(dict(
            id=UNIT_TESTERS_RID,
            name='unit testers',
            notes='Unit Testers',
            owner=SYSTEM_UID
        ))

        # 3// Put 'system' into its roles
        usrmgr.create_rolemember(dict(
            role_id=r_users.id,
            principal_id=p_system.id,
            owner=SYSTEM_UID
        ))
        usrmgr.create_rolemember(dict(
            role_id=r_wheel.id,
            principal_id=p_system.id,
            owner=SYSTEM_UID
        ))

        # 4// Create principals
        usrmgr.create_principal(dict(
            id=ROOT_UID,
            principal='root',
            email='root@localhost',
            first_name='root',
            display_name='Root',
            pwd=self._rc.g('auth.user_root.pwd'),
            is_enabled=True,
            owner=SYSTEM_UID,
            roles=[r_wheel.name, r_users.name]
        ))
        usrmgr.create_principal(dict(
            id=NOBODY_UID,
            principal='nobody',
            email='nobody@localhost',
            first_name='Nobody',
            display_name='Nobody',
            is_enabled=False,
            owner=SYSTEM_UID,
            # This principal is not member of any role
            # Not-authenticated users are automatically 'nobody'
            roles=False
        ))
        usrmgr.create_principal(dict(
            id=SAMPLE_DATA_UID,
            principal='sample_data',
            email='sample_data@localhost',
            first_name='Sample Data',
            display_name='Sample Data',
            is_enabled=False,
            owner=SYSTEM_UID,
            # This principal is not member of any role
            roles=False
        ))
        usrmgr.create_principal(dict(
            id=UNIT_TESTER_UID,
            principal='unit_tester',
            email='unit_tester@localhost',
            first_name='Unit-Tester',
            display_name='Unit-Tester',
            is_enabled=False,
            owner=SYSTEM_UID,
            roles=[r_unit_testers.name]
        ))
        
        # 5// Set sequence counter for user-created things
        # XXX PostgreSQL only
        # Regular users have ID > 100
        sess.execute('ALTER SEQUENCE principal_id_seq RESTART WITH 101')
        # Regular roles have ID > 100
        sess.execute('ALTER SEQUENCE role_id_seq RESTART WITH 101')
        sess.flush()
Beispiel #5
0
 def create_rolemember(self):
     data = self._parse(self._args.data)
     data['owner'] = pysite.authmgr.const.ROOT_UID
     rs = usrmanager.create_rolemember(data)
     self._print(self._db_data_to_list([rs])[0])