Ejemplo n.º 1
0
class UserRoleController:

    def __init__(self, connection):
        self.connection = connection
        from models.user import User
        from models.role import Role
        from models.user_role import UserRole
        self.user = User(connection)
        self.role = Role(connection)
        self.user_role = UserRole(connection)

    def find_by_user_id(self, user_id):
        user_roles = self.user_role.find({'user_id': user_id})
        print user_roles
        ids = [ user_role['role_id'] for user_role in user_roles ]
        if ADMIN_ROLE_ID in ids:
            params = {}
        else:
            ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
            params = {'ids': ids}
        print params
        return self.role.find(params)

    def find_by_role_id(self, role_id):
        user_roles = self.user_role.find({'role_id': role_id})
        print user_roles
        ids = [row['user_id'] for row in user_roles]
        params = {'ids': ids}
        print params
        return self.user.find(params)
Ejemplo n.º 2
0
class UserRoleController:
    def __init__(self, connection):
        self.connection = connection
        from models.user import User
        from models.role import Role
        from models.user_role import UserRole
        self.user = User(connection)
        self.role = Role(connection)
        self.user_role = UserRole(connection)

    def find_by_user_id(self, user_id):
        user_roles = self.user_role.find({'user_id': user_id})
        print user_roles
        ids = [user_role['role_id'] for user_role in user_roles]
        if ADMIN_ROLE_ID in ids:
            params = {}
        else:
            ids = [
                user_role['role_id'] for user_role in user_roles
                if user_role['is_admin']
            ]
            params = {'ids': ids}
        print params
        return self.role.find(params)

    def find_by_role_id(self, role_id):
        user_roles = self.user_role.find({'role_id': role_id})
        print user_roles
        ids = [row['user_id'] for row in user_roles]
        params = {'ids': ids}
        print params
        return self.user.find(params)
Ejemplo n.º 3
0
class RoleController:
    def __init__(self, connection):
        self.connection = connection
        from models.role import Role
        from models.user_role import UserRole
        self.role = Role(connection)
        self.user_role = UserRole(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)
        from user_role_controller import UserRoleController
        self.user_role_controller = UserRoleController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({
            'user_id': user_id,
            'role_id': ADMIN_ROLE_ID
        })
        if len(row) > 0: return True
        else: return False

    # only the admin can create a role
    def create(self, access_token, params):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        if not self.is_admin(user_id): raise Exception("not permitted")
        self.role.create(params)
        return True

    def update(self, access_token, params):
        raise Exception("not supported")

    def delete(self, access_token, params):
        raise Exception("not supported")

    """
    1. find all roles if I'm the admin
    2. find only roles where I'm the role admin
    """

    def find_all(self, access_token, params=None):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        return self.user_role_controller.find_by_user_id(user_id)

    def find_one(self, access_token, params):
        raise Exception("not supported")
Ejemplo n.º 4
0
class RoleController:

    def __init__(self, connection):
        self.connection = connection
        from models.role import Role
        from models.user_role import UserRole
        self.role = Role(connection)
        self.user_role = UserRole(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)
        from user_role_controller import UserRoleController
        self.user_role_controller = UserRoleController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
        if len(row) > 0:  return True
        else: return False

    # only the admin can create a role
    def create(self, access_token, params):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        if not self.is_admin(user_id):  raise Exception("not permitted")
        self.role.create(params)
        return True

    def update(self, access_token, params):
        raise Exception("not supported")

    def delete(self, access_token, params):
        raise Exception("not supported")

    """
    1. find all roles if I'm the admin
    2. find only roles where I'm the role admin
    """
    def find_all(self, access_token, params=None):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        return self.user_role_controller.find_by_user_id(user_id)

    def find_one(self, access_token, params):
        raise Exception("not supported")
Ejemplo n.º 5
0
import sys

sys.path.insert(0, r'../..')
from models.connection import connection
from models.user_role import UserRole

user_role = UserRole(connection)

print user_role.find({'user_id': 'b2fc88a6-7253-4850-8d5a-07639b1315aa'})
print user_role.find({'role_id': '3867c370-552f-43b8-bed9-6aa00ffc41b4'})
print user_role.find({
    'user_id': 'c8b5dbbe-edd1-4e78-b03a-63b0d779be85',
    'role_id': '435a6417-6c1f-4d7c-87dd-e8f6c0effc7a'
})

print user_role.create({
    'user_id': 'b2fc88a6-7253-4850-8d5a-07639b1315aa',
    'role_id': 'ffffffff-ffff-ffff-ffff-ffffffffffff',
    'is_admin': False
})
print user_role.create({
    'user_id': '49d8bc68-f57e-11e3-ba1d-005056ba0d15',
    'role_id': '3867c370-552f-43b8-bed9-6aa00ffc41b4',
    'is_admin': False
})
print user_role.create({
    'user_id': '49d8bc68-f57e-11e3-ba1d-005056ba0d15',
    'role_id': '435a6417-6c1f-4d7c-87dd-e8f6c0effc7a',
    'is_admin': False
})
print user_role.create({
class InvitedUserController:
    def __init__(self, connection):
        self.connection = connection
        from models.invited_user import InvitedUser
        self.invited_user = InvitedUser(connection)
        from models.user_role import UserRole
        self.user_role = UserRole(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({
            'user_id': user_id,
            'role_id': ADMIN_ROLE_ID
        })
        if len(row) > 0: return True
        else: return False

    def is_role_admin(self, user_id, role_id):
        rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
        if len(rows) > 0 and rows[0]['is_admin']: return True
        else: return False

    def create(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # allowed if I'm an admin
        if self.is_admin(user_id):
            self.save(user_id, params)
            return True

        # allowed if I'm the role admin of the given role
        role_id = params['role_id']
        if self.is_role_admin(user_id, role_id):
            self.save(user_id, params)
            return True

        raise Exception("not permitted")

    def save(self, user_id, params):
        invited_users = self.invited_user.find(params)
        if len(invited_users) > 0:
            print 'already invited'
            return True
        if not params.get('invited_by'):
            params['invited_by'] = user_id
        if not params.get('invited_at'):
            params['invited_at'] = str(datetime.utcnow())
        if not params.get('state'):
            params['state'] = self.invited_user.INVITED
        if not params.get('is_admin'):
            params['is_admin'] = '0'
        return self.invited_user.create(params)

    def update(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # allowed if I'm an admin
        if self.is_admin(user_id):
            self.invited_user.update(params)
            return True

        # allowed if I'm the role admin of the given role
        role_id = params['role_id']
        if self.is_role_admin(user_id, role_id):
            self.invited_user.update(params)
            return True

        raise Exception("not permitted")

    """
    1. return all invited users if I'm the admin
    2. return all invited users of a given role if I'm the role admin
    """

    def find_all(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # return all invited users if I'm an admin
        if self.is_admin(user_id): return self.invited_user.find({})

        if not params.get('role_id'):
            # return all invited users of roles where I'm the role admin
            user_roles = self.user_role.find({'user_id': user_id})
            role_ids = [
                user_role['role_id'] for user_role in user_roles
                if user_role['is_admin']
            ]
            if len(role_ids) > 0:
                return self.invited_user.find({'role_ids': role_ids})
        else:
            # return all invited users of the given role if I'm the role admin
            role_id = params['role_id']
            if self.is_role_admin(user_id, role_id):
                return self.invited_user.find(params)

        raise Exception("not permitted")
class InvitedUserController:

    def __init__(self, connection):
        self.connection = connection
        from models.invited_user import InvitedUser
        self.invited_user = InvitedUser(connection)
        from models.user_role import UserRole
        self.user_role = UserRole(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
        if len(row) > 0:  return True
        else: return False

    def is_role_admin(self, user_id, role_id):
        rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
        if len(rows) > 0 and rows[0]['is_admin']:  return True
        else: return False

    def create(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # allowed if I'm an admin
        if self.is_admin(user_id):
            self.save(user_id, params)
            return True

        # allowed if I'm the role admin of the given role
        role_id = params['role_id']
        if self.is_role_admin(user_id, role_id):
            self.save(user_id, params)
            return True

        raise Exception("not permitted")

    def save(self, user_id, params):
        invited_users = self.invited_user.find(params)
        if len(invited_users) > 0:
            print 'already invited'
            return True
        if not params.get('invited_by'):
            params['invited_by'] = user_id
        if not params.get('invited_at'):
            params['invited_at'] = str(datetime.utcnow())
        if not params.get('state'):
            params['state'] = self.invited_user.INVITED
        if not params.get('is_admin'):
            params['is_admin'] = '0'
        return self.invited_user.create(params)

    def update(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # allowed if I'm an admin
        if self.is_admin(user_id):
            self.invited_user.update(params)
            return True

        # allowed if I'm the role admin of the given role
        role_id = params['role_id']
        if self.is_role_admin(user_id, role_id):
            self.invited_user.update(params)
            return True

        raise Exception("not permitted")

    """
    1. return all invited users if I'm the admin
    2. return all invited users of a given role if I'm the role admin
    """
    def find_all(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # return all invited users if I'm an admin
        if self.is_admin(user_id):  return self.invited_user.find({})

        if not params.get('role_id'):
            # return all invited users of roles where I'm the role admin
            user_roles = self.user_role.find({'user_id': user_id})
            role_ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
            if len(role_ids) > 0:   return self.invited_user.find({'role_ids': role_ids})
        else:
            # return all invited users of the given role if I'm the role admin
            role_id = params['role_id']
            if self.is_role_admin(user_id, role_id):    return self.invited_user.find(params)

        raise Exception("not permitted")
Ejemplo n.º 8
0
class UserController:

    def __init__(self, connection):
        self.connection = connection
        from models.user import User
        from models.user_role import UserRole
        from models.invited_user import InvitedUser
        self.user = User(connection)
        self.user_role = UserRole(connection)
        self.invited_user = InvitedUser(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
        if len(row) > 0:  return True
        else: return False

    def is_role_admin(self, user_id, role_id):
        rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
        if len(rows) > 0 and rows[0]['is_admin']:  return True
        else: return False

    def is_member(self, user_id, role_id):
        rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
        if len(rows) > 0:  return True
        else: return False

    def create(self, access_token, params):

        # if this is the first user, save it as an admin
        users = self.user.find({})
        if len(users) == 0:
            # set this user to the admin
            self.user.create(params)
            self.user_role.create({'user_id': params['id'], 'role_id': ADMIN_ROLE_ID})
            return True

        # add a user to a role if I'm an admin or the role admin of the given role
        if params.get('role_id'):
            rows = self.token_controller.find(access_token)
            user_id = rows[0]['user_id']
            if self.is_admin(user_id) or self.is_role_admin(user_id, role_id):
                self.user_role.create(params)
                return True
            else:
                raise Exception("not permitted")

        rows = self.user.find(params)
        if len(rows) > 0:
            print 'already exists'
            return True

        # add the user if this user was invited before
        invited_users = self.invited_user.find(params)
        if len(invited_users) == 1:
            invited_user = invited_users[0]
            self.user.create(params)
            self.user_role.create({'user_id': params['id'], 'role_id': invited_user['role_id'], 'is_admin': invited_user['is_admin']})
            self.invited_user.update({'email':params['email'], 'state':self.invited_user.REGISTERED})
            return True
        else:
            raise Exception("not permitted")

    """
    1. return requested users if I'm the admin
    2. return all users of roles where I'm the role admin
    3. return myself if I'm not the role admin of any role
    4. return all members of the given role if I'm a member of the given role
    """
    def find_all(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # return all users if I'm an admin
        if self.is_admin(user_id):  return self.user.find(params)

        if not params.get('role_id'):
            # return all users of roles where I'm the role admin
            user_roles = self.user_role.find({'user_id': user_id})
            role_ids = [ user_role['role_id'] for user_role in user_roles if user_role['is_admin'] ]
            if len(role_ids) > 0:   return self.user.find({'role_ids': role_ids})

            # if role is not given, return only itself
            return self.user.find({'id': user_id})

        # return all members of the given role if I'm a member of the given role
        if self.is_member(user_id, params['role_id']):  return self.user.find(params)

        raise Exception("not permitted")
Ejemplo n.º 9
0
import sys
sys.path.insert(0, r'../..')
from models.connection import connection
from models.user_role import UserRole
user_role = UserRole(connection)

print user_role.find({'user_id':'b2fc88a6-7253-4850-8d5a-07639b1315aa'})
print user_role.find({'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4'})
print user_role.find({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a'})

print user_role.create({'user_id':'b2fc88a6-7253-4850-8d5a-07639b1315aa', 'role_id':'ffffffff-ffff-ffff-ffff-ffffffffffff', 'is_admin':False})
print user_role.create({'user_id':'49d8bc68-f57e-11e3-ba1d-005056ba0d15', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':False})
print user_role.create({'user_id':'49d8bc68-f57e-11e3-ba1d-005056ba0d15', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'c8b5dbbe-edd1-4e78-b03a-63b0d779be85', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':False})
print user_role.create({'user_id':'117043220775623860708', 'role_id':'435a6417-6c1f-4d7c-87dd-e8f6c0effc7a', 'is_admin':False})
print user_role.create({'user_id':'117043220775623860708', 'role_id':'3867c370-552f-43b8-bed9-6aa00ffc41b4', 'is_admin':True})
Ejemplo n.º 10
0
class PermissionController:

    def __init__(self, connection):
        self.connection = connection
        from models.permission import Permission
        from models.user_role import UserRole
        self.permission = Permission(connection)
        self.user_role = UserRole(connection)
        from token_controller import TokenController
        self.token_controller = TokenController(connection)
        from user_role_controller import UserRoleController
        self.user_role_controller = UserRoleController(connection)

    def is_admin(self, user_id):
        row = self.user_role.find({'user_id': user_id, 'role_id': ADMIN_ROLE_ID})
        if len(row) > 0:  return True
        else: return False

    def is_role_admin(self, user_id, role_id):
        rows = self.user_role.find({'user_id': user_id, 'role_id': role_id})
        if len(rows) > 0 and rows[0]['is_admin']:  return True
        else: return False

    def are_permitted(self, access_token, params_list):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        for params in params_list:
            if not self.is_permitted(user_id, params):  return False
        return True

    def is_permitted(self, user_id, params):
        params['user_id'] = user_id
        params['all'] = True
        rows = self.permission.find(params)
        print "permitted : %s" % rows
        if len(rows) == 0:  return False
        for row in rows:
            if not row.get('condition'):   return True
        if not params.get('parent'):   return False    # parent must be given because all permissions have conditions
        # now check if the parent permissions include the given 'parent' value
        for row in rows:
            parent_params = json.loads(row['condition'])
            parent_params['user_id'] = user_id
            #parent_params['role_id'] = row['role_id']
            parent_params['value'] = params['parent']
            parent_params['all'] = True
            parent_rows = self.permission.find(parent_params)
            print "permitted parents : %s" % parent_rows
            if len(parent_rows) == 0:  return False     #### TODO: not sure if all have to be true......
        return True

    def create(self, access_token, params):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        if not self.is_admin(user_id):  raise Exception("not permitted")
        self.permission.create(params)
        return True

    def update(self, access_token, params):
        raise Exception("not supported")

    def delete(self, access_token, params):
        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']
        if not self.is_admin(user_id):  raise Exception("not permitted")
        self.permission.delete(params)
        return True

    """
    1. find all of my permissions from access_token
    2. find all permissions of given user if I'm the admin
    3. find all permissions of given role if I'm the admin
    4. find member's all permissions if I'm the role admin of the given role
    5. find member's all permissions if I'm the role admin of any roles where the given user belongs
    6. find member's all permissions if I'm the given user
    """
    def find_all(self, access_token, params):

        rows = self.token_controller.find(access_token)
        user_id = rows[0]['user_id']

        # return my permissions
        if not params.get('user_id') and not params.get('role_id'):
            params['user_id'] = user_id
            return self.permission.find(params)

        # return requested user/role's permissions if I'm an admin
        if self.is_admin(user_id):  return self.permission.find(params)

        # return requested role's permissions if I'm a role admin
        if params.get('role_id'):
            if self.is_role_admin(user_id, params['role_id']):  return self.permission.find(params)
            else:   raise Exception("not permitted")

        if params.get('user_id'):
            # return my permissions when the given user is me
            if user_id == params['user_id']:    return self.permission.find(params)

            # return requested user's permissions if I'm a role admin of any roles the given user belongs
            user_roles = self.user_role.find({'user_id': params['user_id']})
            if len(user_roles) == 0:    raise Exception("not permitted")
            for user_role in user_roles:
                if self.is_role_admin(user_id, user_role['role_id']):   return self.permission.find(params)
            raise Exception("not permitted")

    def find_one(self, access_token, params):
        raise Exception("not supported")