Ejemplo n.º 1
0
def role_update(user, data, roleid, params):
    role = get_by_roleid_or_404(user, roleid)

    # ToDo: Implement forceupdate after rolegrant for role_update
    # ToDo: Accept update for device-role

    if role.name == 'device' or data.get('name', '') == 'device':
        # Dont allow chaning device-role
        raise ApiExp.RoleUpdateNotAllowed

    if 'attributePermissions' in data:
        devicetype = role.devicetype
        per_dict = generate_role_dict(devicetype, data['attributePermissions'],
                                      False)

        role.permissions = per_dict

    if 'description' in data:
        role.description = data['description']

    if 'name' in data:
        new_name = data['name']
        if new_name != role.name:
            check_unique_role_name(user, new_name, role.devicetype)
            role.name = new_name

    db.session.commit()

    return get_ok_response_body(data=dict(id=role.roleid))
Ejemplo n.º 2
0
def role_add(user, data, params):

    devicetype = get_by_devicetypeid_or_404(user, data['deviceTypeId'])

    name = data['name']

    check_unique_role_name(user, name, devicetype)

    is_device_role = (name == 'device')

    per_dict = generate_role_dict(devicetype, data['attributePermissions'],
                                  is_device_role)

    new_role = Role(name=name,
                    owner=user,
                    devicetype=devicetype,
                    description=data.get('description', ''))

    new_role.permissions = per_dict

    new_role_id = new_role.roleid

    db.session.add(new_role)
    db.session.commit()

    return get_ok_response_body(data=dict(id=new_role_id))
Ejemplo n.º 3
0
def write_send_common_validate(user, data, deviceid, params, is_write):
    # Check if any device is assigned to this user:
    device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True)

    devicetype = device.devicetype

    user_data_dict = convert_attribute_list_to_dict(data['attributes'])

    # Validate user request body based on device-type
    devicedata_validator(devicetype.attributes, user_data_dict)

    data_fileds, metadata_fields = app.devicetype.get_devicefields_metadata(
        devicetype)

    # Validate if user is writing to meta-data and sending data to the metadata
    validate_data_metadatafileds(metadata_fields if is_write else data_fileds,
                                 user_data_dict)

    # Check if user (based on roles) has access to the requested fields
    check_user_write_field_access(user, device, user_data_dict.keys())

    dds = app.get_dds()

    if is_write:
        # Only store data in meta fields
        dds.store_data(user_data_dict, device.deviceid)
    else:
        # This is send-to-device operation
        # As mongo adds '_id' to the dict new copy required
        user_data_dict = convert_attribute_list_to_dict(data['attributes'])
        msg = create_msg_for_device(device, user_data_dict)
        dds.send_to_device(msg, device.deviceid)

    return get_ok_response_body(data={})
Ejemplo n.º 4
0
def device_add(user, payload, params):
    devicetype_id = payload['deviceTypeId']
    name = payload['name']

    devicetype = get_by_devicetypeid_or_404(user, devicetype_id)

    check_unique_name(user, name)

    # Make sure device-role is defined
    if not devicetype.roles.filter_by(name='device').first():
        raise ApiExp.DeviceRoleNotDefined

    # ToDo: Implement attributeValues for setting initial of meta-data

    new_device = Device(
        name=name,
        serial_number=payload.get('serialNumber', ''),
        label=payload.get('label', ''),
        push_url=payload.get('pushURL', ''),
        owner=user,
        devicetype=devicetype
    )

    db.session.add(new_device)
    db.session.commit()

    return get_ok_response_body(
        data=dict(
            id=new_device.deviceid,
            encryptionKey=new_device.enc_key,
            deviceToken=new_device.device_token,
        )
    )
Ejemplo n.º 5
0
def device_list(user, params):

    condition = [(Device.owner == user),
                 (Device.grantroles.any(RoleGrant.granted_user == user))]

    if 'isOwned' in params:
        if params['isOwned']:
            condition = [(Device.owner == user)]
        else:
            condition = [(Device.grantroles.any(
                RoleGrant.granted_user == user))]

    q = Device.query.filter(or_(*condition))

    q = contains_string_query(q, params, 'name', Device.name)

    ret = paginate(q, params, dict(
        id=Device.deviceid,
        name=Device.name
    ))

    dev_list = [
        dict(
            id=x.deviceid,
            name=x.name,
            isOwned=(user == x.owner)
        ) for x in ret.items
    ]

    return get_ok_response_body(
        data=dict(devices=dev_list),
        pageCnt=ret.pages,
    )
Ejemplo n.º 6
0
def role_show(user, roleid, params):
    role = get_by_roleid_or_404(user, roleid)

    per_list = generate_role_response_list(role)

    return get_ok_response_body(data=dict(name=role.name,
                                          description=role.description,
                                          deviceTypeId=role.devicetype.typeid,
                                          attributePermissions=per_list))
Ejemplo n.º 7
0
def device_delete(user, deviceid):
    device = get_by_deviceid_or_404(user, deviceid)

    db.session.delete(device)
    db.session.commit()

    return get_ok_response_body(
        data=dict(id=deviceid)
    )
Ejemplo n.º 8
0
def devicetype_show(user, devicetypeid, params):

    dt = get_by_devicetypeid_or_404(user, devicetypeid)

    return get_ok_response_body(
        name=dt.name,
        encrypted=dt.enc,
        id=dt.typeid,
        description=dt.description,
        attributeTypes=convert_dict_to_attribute_list(dt.attributes),
    )
Ejemplo n.º 9
0
def devicedata_read(user, deviceid, params):
    # Check if any device is assigned to this user:
    device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True)

    read_fields = get_device_fields_with_read_permission(user, device)

    dds = app.get_dds()
    x = dds.read_data(read_fields, device.deviceid)

    attributes = convert_field_dict_to_list(x)

    return get_ok_response_body(data=dict(attributes=attributes))
Ejemplo n.º 10
0
def role_delete(user, roleid, params):
    role = get_by_roleid_or_404(user, roleid)

    # ToDo: Implement "forceDelete" after rolegrant for role-delete

    if role.name == 'device':
        # Dont allow deleting device role
        raise ApiExp.RoleUpdateNotAllowed

    db.session.delete(role)
    db.session.commit()

    return get_ok_response_body(data=dict(id=role.roleid))
Ejemplo n.º 11
0
def devicetype_delete(user, devicetypeid, params):

    dt = get_by_devicetypeid_or_404(user, devicetypeid)

    # Check if this devicetype is used by any device
    if dt.devices.count() != 0:
        raise ApiExp.DeviceInUse

    db.session.delete(dt)
    db.session.commit()

    return get_ok_response_body(
        data=dict(id=devicetypeid)
    )
Ejemplo n.º 12
0
def role_take(user, data, params):
    grant_user = get_by_username_or_404(data['username'])
    role = get_by_roleid_or_404(user, data['roleId'])
    device = get_by_deviceid_or_404(user, data['deviceId'])

    # Don't allow using device-role
    if role.name == 'device':
        raise ApiExp.RoleUpdateNotAllowed

    rg = get_rolegrant_or_404(user, grant_user, role, device)

    db.session.delete(rg)
    db.session.commit()

    return get_ok_response_body()
Ejemplo n.º 13
0
def devicetype_add(user, payload, params):
    name = payload['name']
    enc = payload['encryptionEnabled']
    description = payload.get('description', '')

    check_unique_name(user, name)

    dt = DeviceType(name=name, owner=user, enc=enc, description=description)

    dt.attributes = convert_attribute_list_to_dict(payload['attributeTypes'])

    new_devtype_id = dt.typeid

    db.session.add(dt)
    db.session.commit()

    return get_ok_response_body(data={"id": new_devtype_id})
Ejemplo n.º 14
0
def device_show(user, deviceid, params):
    device = get_by_deviceid_or_404(user, deviceid)

    ret_data = dict(
        id=device.deviceid,
        name=device.name,
        deviceTypeId=device.devicetype.typeid,
        deviceTypeName=device.devicetype.name,
        serialNumber=device.serial_number,
        encryptionKey=device.enc_key,
        deviceToken=device.device_token,
        pushURL=device.push_url
    )

    return get_ok_response_body(
        data=ret_data
    )
Ejemplo n.º 15
0
def device_edit(user, data, deviceid, params):
    device = get_by_deviceid_or_404(user, deviceid)

    # If new name is provided check for a device with same name
    if 'name' in data:
        new_name = data['name']
        if new_name != device.name:
            check_unique_name(user, new_name)
            device.name = new_name

    if 'serialNumber' in data:
        device.serial_number = data['serialNumber']

    db.session.commit()

    return get_ok_response_body(
        data=dict(id=device.deviceid)
    )
Ejemplo n.º 16
0
def devicetype_list(user, params):
    q = DeviceType.query.filter_by(owner=user)

    q = contains_string_query(q, params, 'name', DeviceType.name)

    ret = paginate(q, params, dict(
        id=DeviceType.typeid,
        name=DeviceType.name
    ))

    devt_list = [dict(
        id=x.typeid,
        name=x.name
    ) for x in ret.items]

    return get_ok_response_body(
        data=dict(deviceTypes=devt_list),
        pageCnt=ret.pages
    )
Ejemplo n.º 17
0
def role_list(user, params):
    q = Role.query.join(Role.devicetype).filter_by(owner=user)

    q = contains_string_query(q, params, 'name', Role.name)

    q = field_equal_query(q, params, 'deviceTypeId', Role.devicetype, 'typeid')

    ret = paginate(
        q, params,
        dict(id=Role.roleid,
             name=Role.name,
             deviceTypeName=DeviceType.name,
             deviceTypeId=DeviceType.typeid))

    role_list = [
        dict(id=x.roleid,
             name=x.name,
             deviceTypeName=x.devicetype.name,
             deviceTypeId=x.devicetype.typeid) for x in ret.items
    ]

    return get_ok_response_body(data=dict(roles=role_list), pageCnt=ret.pages)
Ejemplo n.º 18
0
def role_grant_list(user, params):

    q = RoleGrant.query.filter_by(owner=user)

    q = q.join(RoleGrant.role, RoleGrant.granted_user, RoleGrant.device,
               Device.devicetype)

    q = field_equal_query(q, params, 'deviceId', RoleGrant.device, 'deviceid')

    q = field_equal_query(q, params, 'username', RoleGrant.granted_user,
                          'username')

    q = field_equal_query(q, params, 'roleId', RoleGrant.role, 'roleid')

    ret = paginate(
        q, params,
        dict(
            deviceTypeName=DeviceType.name,
            deviceName=Device.name,
            roleName=Role.name,
            username=User.username,
        ))
    # ToDo: Implement pagination for rolegrant_list plus sortby

    rolegrants = [
        dict(
            deviceTypeName=rg.device.devicetype.name,
            deviceTypeId=rg.device.devicetype.typeid,
            deviceName=rg.device.name,
            deviceId=rg.device.deviceid,
            roleName=rg.role.name,
            roleId=rg.role.roleid,
            username=rg.granted_user.username,
            userid=rg.granted_user.username,
        ) for rg in ret.items
    ]

    return get_ok_response_body(data=dict(roles=rolegrants), pageCnt=ret.pages)
Ejemplo n.º 19
0
def role_grant(user, data, params):

    grant_user = get_by_username_or_404(data['username'])
    role = get_by_roleid_or_404(user, data['roleId'])
    device = get_by_deviceid_or_404(user, data['deviceId'])

    # Don't allow using device-role
    if role.name == 'device':
        raise ApiExp.RoleUpdateNotAllowed

    check_unique_rolegrant(user, grant_user, role, device)

    # Check if role is defined for decicetype
    check_role_defined_for_devicetype(role, device)

    rg = RoleGrant(owner=user,
                   granted_user=grant_user,
                   role=role,
                   device=device)

    db.session.add(rg)
    db.session.commit()

    return get_ok_response_body()