Ejemplo n.º 1
0
    def put(self):
        if not self.json_request.get('organization') and \
                not Organization.valid_id(self.json_request.get('organization')):
            raise HttpErrorException.bad_request('invalid organization id')

        org = Organization.get_by_id(self.json_request.get('organization'))
        if not org:
            raise HttpErrorException.bad_request('invalid organization id')

        name = self.json_request.get('name', None)
        hidden = self.json_request.get('hidden', False)
        description = self.json_request.get('description', '')

        if not name or name == 'super_admin' or name == 'admin':
            raise HttpErrorException.bad_request('invalid group name')

        if type(hidden) != bool:
            raise HttpErrorException.bad_request('invalid hidden type must be boolean')

        if Group.query(ndb.AND(Group.organization == org.key, Group.name == name)).count() > 0:
            raise HttpErrorException.bad_request('group name taken')
        group = Group(key=Group.create_key(), name=name, description=description, organization=org.key, active=True)
        if hidden:
            org.hidden_groups.append(group.key)
        else:
            org.groups.append(group.key)

        ndb.put_multi([group, org])
        if self.json_request.get('return', '') == 'group_dict':
            self.write_json_response(group.to_dict())
Ejemplo n.º 2
0
    def post(self, org_id=None):
        if not org_id:
            raise HttpErrorException.bad_request('no org_id given')

        org = Organization.get_by_id(org_id)
        if not org:
            raise HttpErrorException.bad_request('invalid org_id given')

        org.edit(self.request, self.json_request, self.user)
Ejemplo n.º 3
0
 def get(self, organization=None):
     if organization:
         self.organization = Organization.get_by_id(organization)
         if not self.organization:
             raise HttpErrorException.bad_request('invalid organization id')
     if (not self.user.is_super_admin
             or (self.organization and not self.user.is_org_admin
                 and self.organization.key != self.user.organization)):
         raise HttpErrorException.forbidden()
     temp_data = {}
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/thinktank/analytics.html')
     self.response.write(template_index.render(temp_data))
Ejemplo n.º 4
0
    def post(self, organization):
        if not organization and not Organization.valid_id(organization):
            raise HttpErrorException.bad_request('invalid organization id')

        organization = Organization.get_by_id(organization)
        if organization is None:
            raise HttpErrorException.bad_request('invalid organization id')

        user = user_user.User.get_by_id(self.json_request.get('username'))
        if user is None:
            raise HttpErrorException.bad_request('bad username')

        if not self.user.is_admin:
            lr = tt_logging.construct_log(
                msg_short='Non-Admin User Tried Adding Org Admin',
                msg='A Non-Admin user try setting another user as admin',
                log_type=tt_logging.SECURITY, request_user=self.user,
                affected_user=user, request=self.request,
                artifact=organization
            )
            log.warning(lr['dict_msg']['msg'], extra=lr)
            raise HttpErrorException.forbidden()

        is_admin = self.json_request.get('is_admin')
        if is_admin is None and not type(is_admin) == bool:
            raise HttpErrorException.bad_request('invalid admin settings')

        if is_admin:
            if user.key not in organization.admins:
                organization.admins.append(user.key)
                organization.put()
                lr = tt_logging.construct_log(
                    msg_short='User was made organization admin',
                    log_type=tt_logging.USER, request_user=self.user, affected_user=user,
                    artifact=organization, request=self.request
                )
                log.info(lr['dict_msg']['msg'], extra=lr)
        else:
            if user.key in organization.admins:
                organization.admins.remove(user.key)
                organization.put()
                lr = tt_logging.construct_log(
                    msg_short='User was removed as organization admin',
                    log_type=tt_logging.USER, request_user=self.user, affected_user=user,
                    artifact=organization, request=self.request
                )
                log.info(lr['dict_msg']['msg'], extra=lr)
Ejemplo n.º 5
0
    def get(self):
        if self.request.get('organization_groups') is not '':
            if self.request.get('organization_groups') == 'all':
                organization = Organization.get_by_id(self.request.get('organization'))
                if organization.is_user(self.user) or self.user.is_super_admin:
                    hidden = False
                    if self.request.get('hidden') is not '':
                        hidden = self.request.get('hidden')

                    group_array = organization.get_all_groups()
                    if hidden and self.user.is_admin:
                        hidden_group_array = organization.get_all_hidden_groups()
                        group_array = group_array + hidden_group_array
                    elif self.user.is_admin:
                        hidden_group_array = organization.get_all_hidden_groups()
                        group_array = group_array + hidden_group_array
                    else:
                        user_hidden_groups = organization.get_user_hidden_groups(self.user)
                        for group in user_hidden_groups:
                            group_array.append(group.to_dict())

                    self.write_json_response(group_array)
                else:
                    lr = tt_logging.construct_log(
                        msg_short='User Tried Access Organization Groups',
                        msg='User (%s) tried to access groups that belongs to organization '
                            '(%s) and they are not in this organization' %
                            (self.user.key.id(), organization.key.id()),
                        log_type=tt_logging.SECURITY, request_user=self.user,
                        artifact=organization, request=self.request
                    )
                    log.warning(lr['dict_msg']['msg'], extra=lr)
                    raise HttpErrorException.forbidden()

            elif self.request.get('organization_groups') == 'mine':
                user_groups = self.user.get_groups()
                user_groups = ndb.get_multi(user_groups)
                user_groups_dict_list = []

                for group in user_groups:
                    user_groups_dict_list.append(group.to_dict())

                self.write_json_response(user_groups_dict_list)

        else:
            self._serve_user_groups()
Ejemplo n.º 6
0
    def put(self, user_id=None):
        if not self.user.is_admin:
            lr = tt_logging.construct_log(
                msg_short='Non-Admin User Try Create New User',
                msg='User (%s) attemped to create a new user' % (self.user.key.id()),
                log_type=tt_logging.SECURITY, request_user=self.user,
                request=self.request
            )
            log.warning(lr['dict_msg']['msg'], extra=lr)
            raise HttpErrorException.forbidden()

        if self.json_request.get('username'):
            org = None
            if self.json_request.get('organization'):
                org = Organization.get_by_id(self.json_request.get('organization'))

            User.new(self.json_request, verify_email=False, request=self.request,
                     worldshare_group=Group.get_worldshare_key(), organization=org)
Ejemplo n.º 7
0
 def get(self, organization=None):
     if organization:
         self.organization = Organization.get_by_id(organization)
         if not self.organization:
             raise HttpErrorException.bad_request('invalid organization id')
     if (not self.user.is_super_admin
             or (self.organization and not self.user.is_org_admin
                 and self.organization.key != self.user.organization)):
         raise HttpErrorException.forbidden()
     start_time = self.request.get('start_time', None)
     try:
         start_time = AnalyticsDailyStat.get_start_time(
             datetime.fromtimestamp(int(start_time) / 1000))
     except ValueError:
         raise HttpErrorException.bad_request(
             'start_time must be javascript timestamps')
     end_time = AnalyticsDailyStat.get_end_time(start_time)
     self.write_json_response(
         self._get_analyticstats_json(AnalyticsHourlyStat,
                                      OrgAnalyticsHourlyStat, start_time,
                                      end_time))
Ejemplo n.º 8
0
    def get(self):
        term = self.request.get('term', '')
        if term == '':
            raise HttpErrorException.bad_request('no search term given')

        limit = 10
        if self.request.get('limit', '') != '':
            try:
                limit = int(self.request.get('limit'))
            except ValueError:
                raise HttpErrorException.bad_request('limit must be integer')

        if self.user.is_super_admin and self.request.get('organization', '') != '':
            org = Organization.get_by_id(self.request.get('organization'))
            if not org:
                raise HttpErrorException.bad_request('invalid org id')
        else:
            if not self.user.organization:
                raise HttpErrorException.bad_request('user has not organization')
            org = self.user.organization.get()

        groups = org.get_all_group_objects()
        if self.user.is_admin:
            groups += org.get_all_hidden_group_objects()
        else:
            groups += org.get_user_hidden_groups(self.user)

        matched_groups = []
        for group in groups:
            if len(matched_groups) == limit:
                break
            if term.lower() in group.name.lower():
                matched_groups.append(group.to_dict())

        if self.request.get('callback', '') != '':
            self.response.write(self.request.get('callback') + '(%s)' % json.dumps(matched_groups))
        else:
            self.write_json_response(matched_groups)
Ejemplo n.º 9
0
    def get(self, user_id=None):
        # TODO: This handler needs broken down into smaller methods. No point cleaning
        # this up until that is complete.
        if self.request.get('user_info') is not '':
            if self.request.get('user_info') == self.user.username or self.user.is_admin:
                user = User.get_by_id(self.request.get('user_info'))
                if not user:
                    raise HttpErrorException.bad_request('invalid user id')
                self.write_json_response(user.to_dict(user=self.user))

        elif self.request.get('user_perms') is not '':
            user = User.get_by_id(self.request.get('user_perms'))
            if not user:
                raise HttpErrorException.bad_request('invalid username')
            if not user.is_admin and not self.user == user:
                lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Another User',
                                              msg='User (%s) attemped to access user\'s (%s) data ' %
                                                  (self.user.key.id(), user.key.id()),
                                              log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user,
                                              request=self.request)
                log.warning(lr['dict_msg']['msg'], extra=lr)
                raise HttpErrorException.forbidden()
            user_perms_dict = {}
            for group_key in user.groups:
                group = group_key.get()
                if group is None:
                    user.groups.remove(group_key)
                    user.put()
                    lr = tt_logging.construct_log(msg_short='Broken Group Key in User Group List',
                                                  msg='Found a broken group key (%s) in the user\'s group list\n'
                                                      'Key has been removed' %
                                                      str(group_key),
                                                  log_type=tt_logging.USER, request_user=self.user, affected_user=user,
                                                  request=self.request)
                    log.error(lr['dict_msg']['msg'], extra=lr)
                elif (group.has_permission(self.user, 'set_user_perms') or
                          group.has_permission(self.user, 'remove_user_perms') or
                              user.key == self.user.key):
                    perms = user.get_group_perms_dict(group)
                    if perms is not None:
                        user_perms_dict[group.key.id()] = perms
            self.write_json_response(user_perms_dict)
        elif self.request.get('organization_users') is not '':
            if self.request.get('organization_users') == 'all':
                organization = Organization.get_by_id(self.request.get('organization_id'))
                if organization.is_admin(self.user) or Group.get_by_id('super_admin').key in self.user.groups:
                    user_array = User.get_all_users(organization, request_user=self.user)
                    self.write_json_response(user_array)
                else:
                    lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
                                                  msg='User (%s) attemped to access all Organization\'s users' %
                                                      (self.user.key.id()),
                                                  log_type=tt_logging.SECURITY, request_user=self.user,
                                                  request=self.request, artifact=organization)
                    log.warning(lr['dict_msg']['msg'], extra=lr)
                    raise HttpErrorException.forbidden()
        elif self.request.get('non_org') is not '':
            if not self.user.is_super_admin:
                lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
                                              msg='User (%s) attemped to access all Organization\'s users' %
                                                  (self.user.key.id()),
                                              log_type=tt_logging.SECURITY, request_user=self.user,
                                              request=self.request)
                log.warning(lr['dict_msg']['msg'], extra=lr)
                raise HttpErrorException.forbidden()
            else:
                users = User.query(User.organization == None).fetch()
                users_dicts = []
                for user in users:
                    users_dicts.append(user.to_dict())
                self.write_json_response(users_dicts)
Ejemplo n.º 10
0
 def get(self, organization=None):
     if organization:
         self.organization = Organization.get_by_id(organization)
         if not self.organization:
             raise HttpErrorException.bad_request('invalid organization id')
     if (not self.user.is_super_admin
             or (self.organization and not self.user.is_org_admin
                 and self.organization.key != self.user.organization)):
         raise HttpErrorException.forbidden()
     start_time = self.request.get('start_time', None)
     limit = self.request.get('limit', 10)
     ana_type = self.request.get('type', 'concept')
     if ana_type not in ['concept', 'user']:
         raise HttpErrorException.bad_request('invalid type')
     if ana_type == 'user':
         ana_type = UserAnalyticsMonthlyStat
     else:
         ana_type = ConceptAnalyticsMonthlyStat
     try:
         limit = int(limit)
     except ValueError:
         raise HttpErrorException.bad_request('limit must be int')
     if limit > 100:
         limit = 100
     if not start_time:
         raise HttpErrorException.bad_request('no start_time given')
     try:
         start_time = ana_type.get_start_time(
             datetime.fromtimestamp(int(start_time) / 1000))
     except ValueError:
         raise HttpErrorException.bad_request(
             'start_time must be javascript timestamps')
     log.debug('start_time: %s', start_time)
     if not self.organization:
         top_total = ana_type.query(ana_type.start_time == start_time
                                    ).order(-ana_type.total).fetch(limit)
         top_consumption = ana_type.query(
             ana_type.start_time == start_time).order(
                 -ana_type.total_consumption).fetch(limit)
         top_production = ana_type.query(
             ana_type.start_time == start_time).order(
                 ana_type.total_production).fetch(limit)
     else:
         top_total = ana_type.query(
             ndb.AND(
                 ana_type.start_time == start_time,
                 ana_type.entity_organization ==
                 self.organization.key)).order(-ana_type.total).fetch(limit)
         top_consumption = ana_type.query(
             ndb.AND(ana_type.start_time == start_time,
                     ana_type.entity_organization == self.organization.key)
         ).order(-ana_type.total_consumption).fetch(limit)
         top_production = ana_type.query(
             ndb.AND(ana_type.start_time == start_time,
                     ana_type.entity_organization == self.organization.key)
         ).order(-ana_type.total_production).fetch(limit)
     top_total_json = []
     for s in top_total:
         if ana_type == ConceptAnalyticsMonthlyStat:
             d = s.to_dict()
             con = s.entity.get()
             if con:
                 phr = con.get_phrasing()
             else:
                 phr = 'Concept no longer exists'
             d['phrasing'] = phr
             top_total_json.append(d)
         else:
             d = s.to_dict()
             user = s.entity.get()
             if user:
                 username = user.username
             else:
                 username = '******'
             d['username'] = username
             top_total_json.append(d)
     top_consumption_json = []
     for s in top_consumption:
         if ana_type == ConceptAnalyticsMonthlyStat:
             d = s.to_dict()
             con = s.entity.get()
             if con:
                 phr = con.get_phrasing()
             else:
                 phr = 'Concept no longer exists'
             d['phrasing'] = phr
             top_consumption_json.append(d)
         else:
             d = s.to_dict()
             user = s.entity.get()
             if user:
                 username = user.username
             else:
                 username = '******'
             d['username'] = username
             top_consumption_json.append(d)
     top_production_json = []
     for s in top_production:
         if ana_type == ConceptAnalyticsMonthlyStat:
             d = s.to_dict()
             con = s.entity.get()
             if con:
                 phr = con.get_phrasing()
             else:
                 phr = 'Concept no longer exists'
             d['phrasing'] = phr
             top_production_json.append(d)
         else:
             d = s.to_dict()
             user = s.entity.get()
             if user:
                 username = user.username
             else:
                 username = '******'
             d['username'] = username
             top_production_json.append(d)
     response = {
         'start_time': time.mktime(start_time.timetuple()) * 1000,
         'start_time_str': str(start_time),
         'top_total': top_total_json,
         'top_consumption': top_consumption_json,
         'top_production': top_production_json,
     }
     self.write_json_response(response)