def deleteRole(self, params):
role_id = int(params[0])
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.roles.delete'):
role = Role.get_role(role_id)
role.delete()
def get_grantable_roles(cls,user):
"""
Returns the Roles that can be granted to a User
Basically returns all the roles that the sessionUser Owns and the ones that can be made up by the rights of
the sessionUser as associative arrays in this style:
array('name'=>$role->getName(),'id'=>$role->getId(),'granted'=>true)
"""
#HERE BE DRAGONS! Check algorithm
session_user = Session.get_current_session_user()
session_permissions = session_user.get_permissions()
ret = []
roles = Role.get_roles()
for role in roles:
if session_user.has_role(role):
ret.append({"name":role.get_name(),
"id":role.get_id(),
"granted": user.has_role(role)})
continue
role_permissions = role.get_permissions()
for role_permission in role_permissions:
if role_permission not in session_permissions:
break
ret.append({"name":role.get_name(),
"id":role.get_id(),
"granted": user.has_role(role)})
continue
return ret
def getCssPropertySet(self,params):
try:
module_id = int(params[0])
except TypeError:
module_id = None
try:
widget_id = int(params[1])
except TypeError:
widget_id = None
if params[2] is not None:
session = str(params[2])
else:
session = None
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.css.edit'):
css_manager = CSSManager()
if module_id == None and widget_id == None and session == None:
css_propertyset = css_manager.get_csspropertyset()
else:
css_propertyset = css_manager.get_csspropertyset(module_id,widget_id,session)
data = css_propertyset.serialize_set()
return data
def setCssPropertySet(self, params):
data = params[0]
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.css.edit'):
css_propertyset = CSSManager().create_csspropertyset_from_serial(data)
css_propertyset.store()
def assign_to(self,user):
"""
Assigns this role to a user
"""
session_user = Session.get_current_session_user()
db = Database()
#check if sessionuser has role
has_role = session_user.has_role(self)
stmnt = "SELECT COUNT(URI_RIG_ID) AS CNT FROM USERRIGHTS WHERE URI_RIG_ID IN \
(SELECT RRI_RIG_ID FROM ROLERIGHTS WHERE RRI_ROL_ID = ? ) ;"
cur = db.query(stmnt,(self._id,))
res = cur.fetchone()[0]
has_all_permissions_of_role = res == len(self.get_permissions())
if not has_role and not has_all_permissions_of_role:
raise PermissionException(PermissionException.get_msg(7))
for role in user.get_grantable_roles():
if role["name"] == self._name:
stmnt = "UPDATE OR INSERT INTO USERROLES (URO_USR_ID, URO_ROL_ID) \
VALUES (?,?) MATCHING (URO_USR_ID, URO_ROL_ID) ;";
db.query(stmnt, (user.get_id(),self._id),commit=True)
PokeManager.add_activity(ActivityType.USER)
return
raise PermissionException(PermissionException.get_msg(8))
def deleteUser(self, params):
user_id = int(params[0])
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.users.delete'):
user = User.get_user_by_id(user_id)
user.delete()
def createRole(self,params):
data = params[0]
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.roles.create'):
role = Role.create_role(data)
return role.get_id()
def createUser(self,params):
username = unicode(params[0])
password = unicode(params[1])
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.users.create'):
User.create_user(username,password)
return True
def getInstanceId(self, params):
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.manageserverdata'):
config = Configuration()
return config.get_entry('core.instance_id')
else:
return None
def changeRendermode(self,params):
mode = str(params[0])
session_user = Session.get_current_session_user()
if not session_user.check_permission('skarphed.manageserverdata'):
return False
return Core().set_rendermode(mode)
def restartOperationDaemon(self,params):
session_user = Session.get_current_session_user()
if not session_user.check_permission("skarphed.manageserverdata"):
return False
configuration = Configuration()
os.system("python "+configuration.get_entry("core.webpath")+\
"/operation_daemon.py restart "+ configuration.get_entry("core.instance_id"))
def revokeRoleFromUser(self, params):
user_name = params[0] # TODO get user by id instead of name
role_id = params[1]
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.users.grant_revoke'):
role = Role.get_role(role_id)
User.get_user_by_name(user_name).revoke_role(role)
def getRoles(self,params):
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.roles.view'):
ret = []
for role in Permission.get_roles():
ret.append({"id":role.get_id(), "name": role.get_name()})
return ret
return False
def revokeRightFromUser(self,params):
user_id = int(params[0])
permission_name = str(params[1])
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.users.grant_revoke'):
user = User.get_user_by_id(user_id)
user.revoke_permission(permission_name)
return True
def revoke_from(self, user):
"""
Revokes a role from a user
"""
session_user = Session.get_current_session_user()
db = Database()
stmnt = "DELETE FROM USERROLES WHERE URO_USR_ID = ? AND URO_ROL_ID = ? ;";
db.query(stmnt,(user.get_id(),self._id),commit=True)
PokeManager.add_activity(ActivityType.USER)
def changeMaintenanceMode(self, params):
state = bool(params[0])
session_user = Session.get_current_session_user()
if not session_user.check_permission('skarphed.manageserverdata'):
return False
if state:
Core().activate_maintenance_mode()
else:
Core().deactivate_maintenance_mode()
return True
def remove_permission(self, permission):
"""
removes a given permission from this role
"""
session_user = Session.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = Database()
stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); "
db.query(stmnt,(self._id,permission),commit=True)
PokeManager.add_activity(ActivityType.ROLE)
def alterPassword(self, params):
user_id = int(params[0])
new_password = unicode(params[1])
old_password = unicode(params[2])
session_user = Session.get_current_session_user()
if user_id == session_user.get_id():
session_user.alter_password(new_password,old_password)
else:
if session_user.check_permission("skarphed.users.alter_password"):
user = User.get_user_by_id(user_id)
user.alter_password(new_password,"",True)
return True
def add_permission(self, permission):
"""
adds a given permission to this role
"""
session_user = Session.get_current_session_user()
if not session_user.check_permission(permission):
raise PermissionException(PermissionException.get_msg(3))
db = Database()
stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \
VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \
MATCHING (RRI_ROL_ID, RRI_RIG_ID);";
db.query(stmnt,(self._id, permission),commit=True)
PokeManager.add_activity(ActivityType.ROLE)
def store(self):
"""
Stores this binary into the database
"""
db = Database()
data_io = base64.b64encode(self._data)
md5 = md5hash(self._data).hexdigest()
sha256 = sha256hash(self._data).hexdigest()
if self._id is None:
self.set_id(db.get_seq_next("BIN_GEN"))
user_id = Session.get_current_session_user().get_id()
stmnt = "UPDATE OR INSERT INTO BINARIES (BIN_ID, BIN_FILENAME, BIN_MIME, BIN_USR_OWNER, \
BIN_USR_LASTCHANGE, \
BIN_DATE_LASTCHANGE, BIN_SHA256, BIN_MD5, BIN_DATA) \
VALUES (?, ?, ?, ?, ?, CURRENT_TIMESTAMP, ?, ?, ? ) MATCHING (BIN_ID) ;"
db.query(stmnt, (self._id, self._filename, self._mime, user_id, user_id, sha256, md5, data_io),commit=True)
def revoke_permission(self,permission, ignore_check=False):
"""
revokes a permission from the user
"""
db = Database()
session_user = None
if self.get_id() == ROOT_USER_ID and self.get_name() == "root":
raise UserException(UserException.get_msg(16))
if not ignore_check:
session_user = Session.get_current_session_user()
permission_id = Permission.get_id_for_permission(permission)
if permission_id is None:
raise UserException(UserException.get_msg(5, permission))
if not ignore_check and not session_user.check_permission(permission):
raise UserException(UserException.get_msg(8))
stmnt = "DELETE FROM USERRIGHTS WHERE URI_USR_ID = ? AND URI_RIG_ID = ? ;"
db.query(stmnt,(self._id,permission_id),commit=True)
PokeManager().add_activity(ActivityType.USER)
def get_grantable_permissions(cls,obj):
"""
Gets the rights that are assignable to either a User or a Role
The function basically delivers all rights that are assigned to the sessionUser and whether
the user to be edited has them granted or not.
The return values are associative arrays that look like this:
array('right'=>$sessionRight,'granted'=>true)
"""
db = Database()
session_user = Session.get_current_session_user()
session_permissions = Permission.get_permissions_for_user(session_user)
result = []
result_permissions = []
skip_permissions = []
res2 = None
if obj.__class__.__name__ == "User":
stmnt1 = "SELECT RIG_NAME FROM RIGHTS INNER JOIN USERRIGHTS ON (RIG_ID = URI_RIG_ID) WHERE URI_USR_ID = ? ;"
stmnt2 = "SELECT RIG_NAME FROM RIGHTS INNER JOIN ROLERIGHTS ON (RIG_ID = RRI_RIG_ID) INNER JOIN USERROLES ON (URO_ROL_ID = RRI_ROL_ID) WHERE URO_USR_ID = ? ;"
cur = db.query(stmnt1,(obj.get_id(),))
res1 = list(set(cur.fetchallmap()))
cur = db.query(stmnt2,(obj.get_id(),))
res2 = list(set(cur.fetchallmap()))
elif obj.__class__.__name__ == "Role":
stmnt = "SELECT RIG_NAME FROM RIGHTS INNER JOIN ROLERIGHTS ON (RIG_ID = RRI_RIG_ID) WHERE RRI_ROL_ID = ? ;"
cur = db.query(stmnt,(obj.get_id(),))
res1 = list(set(cur.fetchallmap()))
result_permissions = [row['RIG_NAME'] for row in res1]
if res2 is not None:
skip_permissions = [row['RIG_NAME'] for row in res2]
for permission in session_permissions:
if permission in skip_permissions:
continue
result.append({'right':permission,'granted':permission in result_permissions})
return result
def tortilla(*args,**kwargs):
current_user = Session.get_current_session_user()
if not cls.check_permission(permission, current_user):
raise PermissionException(PermissionException.get_msg(15, info=permission))
func(*args, **kwargs)
def getUsers(self,params):
session_user = Session.get_current_session_user()
if session_user.check_permission('skarphed.users.view'):
users = User.get_users_for_admin_interface()
return users
return False