def post(self, group_id):
params = self._get_validated_object_parameters(request.form)
group = data_engine.get_group(group_id=group_id, load_users=True)
if group is None:
raise DoesNotExistError(str(group_id))
# Check permissions! The current user must have user admin to be here.
# But if they don't also have permissions admin or superuser then we
# must block the change if the new group would grant one of the same.
if group.permissions.admin_permissions or group.permissions.admin_all:
if not permissions_engine.is_permitted(
SystemPermissions.PERMIT_ADMIN_PERMISSIONS,
get_session_user()):
raise SecurityError(
'You cannot add users to a group that ' +
'grants permissions administration, because you do not ' +
'have permissions administration access yourself.')
user = data_engine.get_user(user_id=params['user_id'])
if user is not None:
if user not in group.users:
group.users.append(user)
data_engine.save_object(group)
reset_user_sessions(user)
permissions_engine.reset()
return make_api_success_response()
def delete(self, user_id):
user = data_engine.get_user(user_id=user_id)
if user is None:
raise DoesNotExistError(str(user_id))
if user.id == 1:
raise ParameterError('The \'admin\' user cannot be deleted')
data_engine.delete_user(user)
# If this is the current user, log out
if get_session_user_id() == user_id:
log_out()
# Reset session caches
reset_user_sessions(user)
return make_api_success_response(object_to_dict(user))
def delete(self, group_id):
# Check permissions! The current user must have permissions admin to delete groups.
permissions_engine.ensure_permitted(
SystemPermissions.PERMIT_ADMIN_PERMISSIONS, get_session_user())
group = data_engine.get_group(group_id=group_id, load_users=True)
if group is None:
raise DoesNotExistError(str(group_id))
try:
data_engine.delete_group(group)
except ValueError as e:
raise ParameterError(str(e))
# Reset permissions and session caches
reset_user_sessions(group.users)
permissions_engine.reset()
return make_api_success_response()
def delete(self, group_id, user_id):
group = data_engine.get_group(group_id=group_id, load_users=True)
if group is None:
raise DoesNotExistError(str(group_id))
# Back up the object in case we need to restore it
backup_group = copy.deepcopy(group)
# Update group membership
for idx, member in enumerate(group.users):
if member.id == user_id:
del group.users[idx]
data_engine.save_object(group)
reset_user_sessions(member)
permissions_engine.reset()
_check_for_user_lockout(backup_group)
break
return make_api_success_response()
def put(self, group_id):
params = self._get_validated_object_parameters(request.form)
group = data_engine.get_group(group_id=group_id, load_users=True)
if group is None:
raise DoesNotExistError(str(group_id))
# Back up the object in case we need to restore it
backup_group = copy.deepcopy(group)
# Update group
group.description = params['description']
if group.group_type != Group.GROUP_TYPE_SYSTEM:
group.group_type = params['group_type']
if group.group_type == Group.GROUP_TYPE_LOCAL:
group.name = params['name']
permissions_changed = self._set_permissions(group, params)
data_engine.save_object(group)
# Reset permissions and session caches
if permissions_changed:
reset_user_sessions(group.users)
permissions_engine.reset()
_check_for_user_lockout(backup_group)
return make_api_success_response(object_to_dict(group))
def put(self, user_id):
params = self._get_validated_object_parameters(request.form, False)
user = data_engine.get_user(user_id=user_id)
if user is None:
raise DoesNotExistError(str(user_id))
user.first_name = params['first_name']
user.last_name = params['last_name']
user.email = params['email']
user.auth_type = params['auth_type']
user.allow_api = params['allow_api']
# Don't update the status field with this method
# Update username only if non-LDAP
if user.auth_type != User.AUTH_TYPE_LDAP:
user.username = params['username']
# Update password only if non-LDAP and a new one was passed in
if user.auth_type != User.AUTH_TYPE_LDAP and params['password']:
user.set_password(params['password'])
data_engine.save_object(user)
# Reset session caches
reset_user_sessions(user)
return make_api_success_response(object_to_dict(user))