def create(self, request, role_guids=None):
"""
Creates a Client
:param request: Raw request
:type request: Request
:param role_guids: The GUIDs of the roles where the client should get access to
:type role_guids: str
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
client = serializer.deserialize()
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
client.save()
if not role_guids:
roles = [junction.role for junction in client.user.group.roles]
else:
possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return client
raise HttpNotAcceptableException(error_description='A client must have a user',
error='invalid_data')
def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
:param request: Raw request
:type request: Request
:param userguid: User guid to filter the clients
:type userguid: str
:param ovs_type: Filter on the Client's ovs_type
:type ovs_type: str
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [
client for client in request.client.user.clients
if client.ovs_type == ovs_type
]
else:
client_list = [
client for client in request.client.user.clients
if client.ovs_type != 'INTERNAL'
]
if userguid is not None:
return [
client for client in client_list
if client.user_guid == userguid
]
return client_list
def list(self, request):
"""
Lists all available Users where the logged in user has access to
:param request: The raw request
:type request: Request
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
return UserList.get_users()
else:
return [request.client.user]
def list(self, request):
"""
Lists all available Users where the logged in user has access to
:param request: The raw request
:type request: Request
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
return UserList.get_users()
else:
return [request.client.user]
def retrieve(self, request, user):
"""
Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to load
:type user: User
"""
if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
return user
raise HttpForbiddenException(error_description='Fetching user information not allowed',
error='no_ownership')
def retrieve(self, request, user):
"""
Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to load
:type user: User
"""
if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
return user
raise HttpForbiddenException(
error_description='Fetching user information not allowed',
error='no_ownership')
def retrieve(self, request, client):
"""
Load information about a given Client
Only the currently logged in User's Clients are accessible, or all if the logged in User has a
system role
:param request: Raw request
:type request: Request
:param client: Client to return
:type client: Client
"""
_ = format
if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']):
return client
raise HttpForbiddenException(error_description='Fetching client information not allowed',
error='no_ownership')
def retrieve(self, request, client):
"""
Load information about a given Client
Only the currently logged in User's Clients are accessible, or all if the logged in User has a
system role
:param request: Raw request
:type request: Request
:param client: Client to return
:type client: Client
"""
_ = format
if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(
request.client, ['manage']):
return client
raise HttpForbiddenException(
error_description='Fetching client information not allowed',
error='no_ownership')
def create(self, request, role_guids=None):
"""
Creates a Client
:param request: Raw request
:type request: Request
:param role_guids: The GUIDs of the roles where the client should get access to
:type role_guids: str
"""
if 'role_guids' in request.DATA:
del request.DATA['role_guids']
serializer = FullSerializer(Client,
instance=Client(),
data=request.DATA)
client = serializer.deserialize()
if client.user is not None:
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
client.grant_type = 'CLIENT_CREDENTIALS'
client.client_secret = OAuth2Toolbox.create_hash(64)
client.save()
if not role_guids:
roles = [
junction.role for junction in client.user.group.roles
]
else:
possible_role_guids = [
junction.role_guid
for junction in client.user.group.roles
]
roles = [
Role(guid) for guid in role_guids
if guid in possible_role_guids
]
for role in roles:
roleclient = RoleClient()
roleclient.client = client
roleclient.role = role
roleclient.save()
return client
raise HttpNotAcceptableException(
error_description='A client must have a user',
error='invalid_data')
def set_password(self, request, user):
"""
Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to update the password from
:type user: User
"""
if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
serializer = PasswordSerializer(data=request.DATA)
user.password = hashlib.sha256(str(serializer.data['new_password'])).hexdigest()
user.save()
for client in user.clients:
for token in client.tokens:
for junction in token.roles:
junction.delete()
token.delete()
return user
raise HttpForbiddenException(error_description='Updating password not allowed',
error='impossible_request')
def list(self, request, userguid=None, ovs_type=None):
"""
Lists all available Clients where the logged in user has access to
:param request: Raw request
:type request: Request
:param userguid: User guid to filter the clients
:type userguid: str
:param ovs_type: Filter on the Client's ovs_type
:type ovs_type: str
"""
if Toolbox.is_client_in_roles(request.client, ['manage']):
client_list = ClientList.get_clients()
else:
if ovs_type is not None and ovs_type != 'INTERNAL':
client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
else:
client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
if userguid is not None:
return [client for client in client_list if client.user_guid == userguid]
return client_list
def destroy(self, request, client):
"""
Deletes a user
:param request: Raw request
:type request: Request
:param client: The Client to be deleted
:type client: Client
:return: None
:rtype: None
"""
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
for token in client.tokens:
for junction in token.roles.itersafe():
junction.delete()
token.delete()
for junction in client.roles.itersafe():
junction.delete()
client.delete()
else:
return HttpForbiddenException(error_description='Deleting this client is now allowed',
error='no_ownership')
def destroy(self, request, client):
"""
Deletes a user
:param request: Raw request
:type request: Request
:param client: The Client to be deleted
:type client: Client
:return: None
:rtype: None
"""
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
for token in client.tokens:
for junction in token.roles.itersafe():
junction.delete()
token.delete()
for junction in client.roles.itersafe():
junction.delete()
client.delete()
else:
return HttpForbiddenException(
error_description='Deleting this client is now allowed',
error='no_ownership')
def set_password(self, request, user):
"""
Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to update the password from
:type user: User
"""
if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
serializer = PasswordSerializer(data=request.DATA)
user.password = hashlib.sha256(str(
serializer.data['new_password'])).hexdigest()
user.save()
for client in user.clients:
for token in client.tokens:
for junction in token.roles:
junction.delete()
token.delete()
return user
raise HttpForbiddenException(
error_description='Updating password not allowed',
error='impossible_request')
