Ejemplo n.º 1
0
 def create(self, request, role_guids=None):
     """
     Creates a Client
     :param request: Raw request
     :type request: Request
     :param role_guids: The GUIDs of the roles where the client should get access to
     :type role_guids: str
     """
     if 'role_guids' in request.DATA:
         del request.DATA['role_guids']
     serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
     client = serializer.deserialize()
     if client.user is not None:
         if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
             client.grant_type = 'CLIENT_CREDENTIALS'
             client.client_secret = OAuth2Toolbox.create_hash(64)
             client.save()
             if not role_guids:
                 roles = [junction.role for junction in client.user.group.roles]
             else:
                 possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
                 roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
             for role in roles:
                 roleclient = RoleClient()
                 roleclient.client = client
                 roleclient.role = role
                 roleclient.save()
             return client
     raise HttpNotAcceptableException(error_description='A client must have a user',
                                      error='invalid_data')
Ejemplo n.º 2
0
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     :param request: Raw request
     :type request: Request
     :param userguid: User guid to filter the clients
     :type userguid: str
     :param ovs_type: Filter on the Client's ovs_type
     :type ovs_type: str
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type == ovs_type
             ]
         else:
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type != 'INTERNAL'
             ]
     if userguid is not None:
         return [
             client for client in client_list
             if client.user_guid == userguid
         ]
     return client_list
Ejemplo n.º 3
0
 def list(self, request):
     """
     Lists all available Users where the logged in user has access to
     :param request: The raw request
     :type request: Request
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         return UserList.get_users()
     else:
         return [request.client.user]
Ejemplo n.º 4
0
 def list(self, request):
     """
     Lists all available Users where the logged in user has access to
     :param request: The raw request
     :type request: Request
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         return UserList.get_users()
     else:
         return [request.client.user]
Ejemplo n.º 5
0
 def validate_access(self, albabackend, request):
     """
     :param albabackend: The AlbaBackend to validate
     :param request: The raw request
     """
     _ = self
     if not Toolbox.access_granted(request.client,
                                   user_rights=albabackend.backend.user_rights,
                                   client_rights=albabackend.backend.client_rights):
         raise HttpForbiddenException(error_description='The requesting client has no access to this AlbaBackend',
                                      error='no_ownership')
Ejemplo n.º 6
0
 def retrieve(self, request, user):
     """
     Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to load
     :type user: User
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         return user
     raise HttpForbiddenException(error_description='Fetching user information not allowed',
                                  error='no_ownership')
Ejemplo n.º 7
0
 def validate_access(self, backend, request):
     """
     :param backend: The Backend to validate
     :type backend: Backend
     :param request: The raw request
     :type request: Request
     """
     _ = self
     if not Toolbox.access_granted(request.client,
                                   user_rights=backend.user_rights,
                                   client_rights=backend.client_rights):
         raise HttpForbiddenException(error_description='The requesting client has no access to this Backend',
                                      error='no_ownership')
Ejemplo n.º 8
0
 def retrieve(self, request, user):
     """
     Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to load
     :type user: User
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         return user
     raise HttpForbiddenException(
         error_description='Fetching user information not allowed',
         error='no_ownership')
Ejemplo n.º 9
0
 def list(self, request):
     """
     Lists all available ALBA Backends:
     :param request: The raw request
     :type request: Request
     """
     backends = AlbaBackendList.get_albabackends()
     allowed_backends = []
     for alba_backend in backends:
         if Toolbox.access_granted(request.client,
                                   user_rights=alba_backend.backend.user_rights,
                                   client_rights=alba_backend.backend.client_rights):
             allowed_backends.append(alba_backend)
     return allowed_backends
Ejemplo n.º 10
0
 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     :param request: Raw request
     :type request: Request
     :param client: Client to return
     :type client: Client
     """
     _ = format
     if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']):
         return client
     raise HttpForbiddenException(error_description='Fetching client information not allowed',
                                  error='no_ownership')
Ejemplo n.º 11
0
 def new_function(*args, **kw):
     """
     Wrapped function
     """
     request = _find_request(args)
     if not hasattr(request, 'user') or not hasattr(request, 'client'):
         raise HttpUnauthorizedException(error_description='Not authenticated',
                                         error='not_authenticated')
     user = UserList.get_user_by_username(request.user.username)
     if user is None:
         raise HttpUnauthorizedException(error_description='Not authenticated',
                                         error='not_authenticated')
     if not Toolbox.is_token_in_roles(request.token, roles):
         raise HttpForbiddenException(error_description='This call requires roles: {0}'.format(', '.join(roles)),
                                      error='invalid_roles')
     return f(*args, **kw)
Ejemplo n.º 12
0
 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     :param request: Raw request
     :type request: Request
     :param client: Client to return
     :type client: Client
     """
     _ = format
     if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         return client
     raise HttpForbiddenException(
         error_description='Fetching client information not allowed',
         error='no_ownership')
Ejemplo n.º 13
0
 def list(self, request, backend_type=None):
     """
     Overview of all backends (from a certain type, if given) on the local node (or a remote one)
     :param request: The raw request
     :type request: Request
     :param backend_type: Optional BackendType code to filter
     :type backend_type: str
     """
     if backend_type is None:
         possible_backends = BackendList.get_backends()
     else:
         possible_backends = BackendTypeList.get_backend_type_by_code(backend_type).backends
     backends = []
     for backend in possible_backends:
         if Toolbox.access_granted(request.client,
                                   user_rights=backend.user_rights,
                                   client_rights=backend.client_rights):
             backends.append(backend)
     return backends
Ejemplo n.º 14
0
 def create(self, request, role_guids=None):
     """
     Creates a Client
     :param request: Raw request
     :type request: Request
     :param role_guids: The GUIDs of the roles where the client should get access to
     :type role_guids: str
     """
     if 'role_guids' in request.DATA:
         del request.DATA['role_guids']
     serializer = FullSerializer(Client,
                                 instance=Client(),
                                 data=request.DATA)
     client = serializer.deserialize()
     if client.user is not None:
         if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
                 request.client, ['manage']):
             client.grant_type = 'CLIENT_CREDENTIALS'
             client.client_secret = OAuth2Toolbox.create_hash(64)
             client.save()
             if not role_guids:
                 roles = [
                     junction.role for junction in client.user.group.roles
                 ]
             else:
                 possible_role_guids = [
                     junction.role_guid
                     for junction in client.user.group.roles
                 ]
                 roles = [
                     Role(guid) for guid in role_guids
                     if guid in possible_role_guids
                 ]
             for role in roles:
                 roleclient = RoleClient()
                 roleclient.client = client
                 roleclient.role = role
                 roleclient.save()
             return client
     raise HttpNotAcceptableException(
         error_description='A client must have a user',
         error='invalid_data')
Ejemplo n.º 15
0
 def set_password(self, request, user):
     """
     Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to update the password from
     :type user: User
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         serializer = PasswordSerializer(data=request.DATA)
         user.password = hashlib.sha256(str(serializer.data['new_password'])).hexdigest()
         user.save()
         for client in user.clients:
             for token in client.tokens:
                 for junction in token.roles:
                     junction.delete()
                 token.delete()
         return user
     raise HttpForbiddenException(error_description='Updating password not allowed',
                                  error='impossible_request')
Ejemplo n.º 16
0
 def new_function(*args, **kw):
     """
     Wrapped function
     """
     request = _find_request(args)
     if not hasattr(request, 'user') or not hasattr(request, 'client'):
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     user = UserList.get_user_by_username(request.user.username)
     if user is None:
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     if not Toolbox.is_token_in_roles(request.token, roles):
         raise HttpForbiddenException(
             error_description='This call requires roles: {0}'.format(
                 ', '.join(roles)),
             error='invalid_roles')
     return f(*args, **kw)
Ejemplo n.º 17
0
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     :param request: Raw request
     :type request: Request
     :param userguid: User guid to filter the clients
     :type userguid: str
     :param ovs_type: Filter on the Client's ovs_type
     :type ovs_type: str
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list
Ejemplo n.º 18
0
 def destroy(self, request, client):
     """
     Deletes a user
     :param request: Raw request
     :type request: Request
     :param client: The Client to be deleted
     :type client: Client
     :return: None
     :rtype: None
     """
     if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
     else:
         return HttpForbiddenException(error_description='Deleting this client is now allowed',
                                       error='no_ownership')
Ejemplo n.º 19
0
 def set_password(self, request, user):
     """
     Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to update the password from
     :type user: User
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         serializer = PasswordSerializer(data=request.DATA)
         user.password = hashlib.sha256(str(
             serializer.data['new_password'])).hexdigest()
         user.save()
         for client in user.clients:
             for token in client.tokens:
                 for junction in token.roles:
                     junction.delete()
                 token.delete()
         return user
     raise HttpForbiddenException(
         error_description='Updating password not allowed',
         error='impossible_request')
Ejemplo n.º 20
0
 def destroy(self, request, client):
     """
     Deletes a user
     :param request: Raw request
     :type request: Request
     :param client: The Client to be deleted
     :type client: Client
     :return: None
     :rtype: None
     """
     if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
     else:
         return HttpForbiddenException(
             error_description='Deleting this client is now allowed',
             error='no_ownership')