def postfix_mailboxes(request):
loc = get_localizer(request)
cfg = request.registry.settings
sess = DBSession()
errmess = None
csrf = request.POST.get('csrf', '')
if 'submit' in request.POST:
if csrf != request.get_csrf():
request.session.flash({
'text' : loc.translate(_('Error submitting form')),
'class' : 'danger'
})
return HTTPSeeOther(location=request.route_url('postfix.cl.mail'))
access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first()
userdomains = sess.query(PDNSDomain).filter_by(account=str(access_user.nick))
admindomains = sess.query(PostfixDomainAdmins).filter_by(username=str(request.user))
maildomains = sess.query(PostfixDomain).filter(PostfixDomain.domain.in_([ad.domain for ad in admindomains]))
mailboxes = sess.query(PostfixMailbox).filter(PostfixMailbox.domain.in_([md.domain for md in maildomains]))
tpldef = {'errmessage':errmess,
'accessuser':access_user,
'userdomains':userdomains,
'admindomains':admindomains,
'maildomains':maildomains,
'mailboxes':mailboxes,
'aliases':None,
}
request.run_hook('access.cl.tpldef', tpldef, request)
return(tpldef)
def delete_record(request):
#if d in GET, delete domain
#if r in GET, delete record
#before delete check if this record exists and belongs to auth_user
#delete and redirect to main module page
#use _query to add aditional params when redirecting
loc = get_localizer(request)
cfg = request.registry.settings
sess = DBSession()
csrf = request.POST.get('csrf', '')
access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first()
user_domains = [d.id for d in sess.query(PDNSDomain).filter_by(account=str(request.user.id))]
if csrf != request.get_csrf():
request.session.flash({
'text' : loc.translate(_('Error submitting form')),
'class' : 'danger'
})
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'), _query=(('error', 'asc'),))
else:
domainid = request.POST.get('domainid', None)
recid = request.POST.get('recordid', None)
if domainid and not recid:
domain = sess.query(PDNSDomain).filter_by(id=int(request.POST.get('domainid', None))).first()
if domain.id in user_domains:
sess.delete(domain)
sess.flush()
elif recid:
record = sess.query(PDNSRecord).filter_by(id=int(request.POST.get('recordid', None))).first()
if record.domain_id in user_domains:
sess.delete(record)
sess.flush()
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
def dyn_priv_group_get(params, request):
"""
ExtDirect method for getting group's capabilities.
"""
gid = int(params.get('owner'))
if gid <= 0:
raise KeyError('Invalid group ID')
recs = []
sess = DBSession()
group = sess.query(Group).get(gid)
if group is None:
raise KeyError('Invalid group ID')
for priv in sess.query(Privilege)\
.join(NPModule)\
.filter(NPModule.enabled == True, Privilege.can_be_set == True)\
.order_by(Privilege.name):
prx = {
'privid' : priv.id,
'owner' : group.id,
'code' : priv.code,
'name' : priv.name,
'hasacls' : priv.has_acls,
'value' : None
}
if priv.code in group.caps:
prx['value'] = group.caps[priv.code].value
recs.append(prx)
return {
'records' : recs,
'total' : len(recs),
'success' : True
}
def sync(self):
to_update = []
sess = DBSession()
if len(self._pending_results) > 0:
task_uuids = [k
for k, v
in self._pending_results.items()
if v.ready()]
if len(task_uuids) > 0:
for log in sess.query(TaskLog).filter(
TaskLog.celery_id.in_(task_uuids)):
log.update(self._pending_results[log.celery_id])
to_update.append(log)
del self._pending_results[log.celery_id]
if len(self._sync_needed) > 0:
sn = self._sync_needed
for task in sess.query(Task).filter(Task.id.in_(sn.keys())):
task.last_run_time = sn[task.id].last_run_time
task.run_count = sn[task.id].run_count
to_update.append(task)
self._sync_needed = {}
self._schedule = self.get_from_db()
self.install_default_entries(self._schedule)
self._heap = None
def edit_record(request):
loc = get_localizer(request)
cfg = request.registry.settings
sess = DBSession()
csrf = request.POST.get('csrf', '')
access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first()
user_domains = [d.id for d in sess.query(PDNSDomain).filter_by(account=str(request.user.id))]
if csrf != request.get_csrf():
request.session.flash({
'text' : loc.translate(_('Error submitting form')),
'class' : 'danger'
})
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
else:
rectype = request.POST.get('type', None)
if rectype == "domain":
domain = sess.query(PDNSDomain).filter_by(id=int(request.POST.get('domainid', None))).first()
if domain.id in user_domains:
domain.name = request.POST.get('hostName', None)
domain.dtype = request.POST.get('hostType', None)
domain.master = request.POST.get('hostValue', None)
elif rectype == "record":
record = sess.query(PDNSRecord).filter_by(id=int(request.POST.get('recordid', None))).first()
if record.domain_id in user_domains:
record.name = request.POST.get('name', None)
record.content = request.POST.get('content', None)
record.rtype = request.POST.get('rtype', None)
record.ttl = None if request.POST.get('ttl', None) == '' else request.POST.get('ttl', None);
record.prio = None if request.POST.get('prio', None) == '' else request.POST.get('prio', None);
sess.flush()
return HTTPSeeOther(location=request.route_url('pdns.cl.domains', _query=(('sort', 'asc'),)))
def new_entity_validator(ret, values, request):
# FIXME: handle permissions
if 'etypeid' not in values:
return
sess = DBSession()
try:
ent_type = sess.query(EntityType).get(int(values['etypeid']))
except (TypeError, ValueError):
ent_type = None
# FIXME: error out on non-existent types
if ent_type is None:
return
parent_id = values.get('parentid')
if not parent_id and not ent_type.root:
ret['errors']['parent'].append(
request.localizer.translate(_('This entity requires a parent.')))
if parent_id:
try:
parent = sess.query(Entity).get(int(parent_id))
if parent and parent.type.leaf:
ret['errors']['parent'].append(
request.localizer.translate(
_('This entity can\'t have children.')))
except (TypeError, ValueError):
pass
mod = request.registry.getUtility(IModuleManager).get_module_browser()[
ent_type.module.name]
em = mod[ent_type.model]
xret = em.validate_fields(values, request)
if 'errors' in xret:
ret['errors'].update(xret['errors'])
def dyn_acl_user_set(px, request):
"""
ExtDirect method for setting user's ACLs.
"""
if 'records' not in px:
raise ValueError('No records found')
sess = DBSession()
for params in px['records']:
uid = int(params.get('owner'))
aclid = int(params.get('privid'))
code = params.get('code')
value = params.get('value')
if uid <= 0:
raise KeyError('Invalid user ID')
user = sess.query(User).get(uid)
if user is None:
raise KeyError('Invalid user ID')
if value not in {True, False, None}:
raise ValueError('Invalid capability value')
priv = sess.query(Privilege)\
.join(NPModule)\
.filter(Privilege.code == code, NPModule.enabled == True, Privilege.can_be_set == True)\
.one()
code = priv.code
if value is None:
if (code, aclid) in user.acls:
del user.acls[(code, aclid)]
else:
user.acls[(code, aclid)] = value
return { 'success' : True }
def dyn_priv_group_set(px, request):
"""
ExtDirect method for setting group's capabilities.
"""
if 'records' not in px:
raise ValueError('No records found')
sess = DBSession()
for params in px['records']:
gid = int(params.get('owner'))
privid = int(params.get('privid'))
value = params.get('value')
if gid <= 0:
raise KeyError('Invalid group ID')
group = sess.query(Group).get(gid)
if group is None:
raise KeyError('Invalid group ID')
if value not in {True, False, None}:
raise ValueError('Invalid capability value')
priv = sess.query(Privilege)\
.join(NPModule)\
.filter(Privilege.id == privid, NPModule.enabled == True, Privilege.can_be_set == True)\
.one()
code = priv.code
if value is None:
if code in group.privileges:
del group.privileges[code]
else:
group.privileges[code] = value
return { 'success' : True }
def _ent_hist_tickets(hist, ent, req, begin, end, max_num):
sess = DBSession()
# TODO: check permissions
qc = sess.query(TicketChange).options(joinedload(
TicketChange.user)).join(Ticket).filter(Ticket.entity == ent)
qt = sess.query(Ticket).options(joinedload(
Ticket.created_by)).filter(Ticket.entity == ent)
if begin is not None:
qc = qc.filter(TicketChange.timestamp >= begin)
qt = qt.filter(Ticket.creation_time >= begin)
if end is not None:
qc = qc.filter(TicketChange.timestamp <= end)
qt = qt.filter(Ticket.creation_time <= end)
if max_num:
qc = qc.limit(max_num)
qt = qt.limit(max_num)
for tc in qc:
eh = tc.get_entity_history(req)
if eh:
hist.append(eh)
for tkt in qt:
eh = tkt.get_entity_history(req)
if eh:
hist.append(eh)
def dyn_ticket_uwiz_update(params, request):
tid = int(params['ticketid'])
del params['ticketid']
sess = DBSession()
model = ExtModel(Ticket)
ticket = sess.query(Ticket).get(tid)
if ticket is None:
raise KeyError('Invalid ticket ID')
for param in ('tstid', 'toid', 'name', 'descr'):
if param in params:
del params[param]
# TODO: ENTITIES_LIST
if not request.has_permission('TICKETS_CHANGE_STATE'):
if 'ttrid' in params:
del params['ttrid']
if not request.has_permission('TICKETS_CHANGE_FLAGS'):
if 'flags' in params:
del params['flags']
# TODO: USERS_LIST
# TODO: GROUPS_LIST
sess.execute(SetVariable('ticketid', ticket.id))
if 'ttrid' in params:
ttr_id = params['ttrid']
if ttr_id:
ttr_id = int(ttr_id)
trans = sess.query(TicketStateTransition).get(ttr_id)
if trans:
sess.execute(SetVariable('ttrid', trans.id))
trans.apply(ticket)
del params['ttrid']
if 'show_client' in params:
show_cl = params['show_client'].lower()
if show_cl in {'true', '1', 'on'}:
show_cl = True
else:
show_cl = False
del params['show_client']
else:
show_cl = False
sess.execute(SetVariable('show_client', npbool(show_cl)))
if ('comments' in params) and request.has_permission('TICKETS_COMMENT', request.context, request):
sess.execute(SetVariable('comments', params['comments']))
del params['comments']
else:
sess.execute(SetVariable('comments', None))
model.set_values(ticket, params, request)
sess.flush()
sess.execute(SetVariable('tcid', None))
return {
'success' : True,
'action' : {
'do' : 'close',
'redraw' : []
}
}
def dyn_ticket_uwiz_update(params, request):
tid = int(params['ticketid'])
del params['ticketid']
sess = DBSession()
model = ExtModel(Ticket)
ticket = sess.query(Ticket).get(tid)
if ticket is None:
raise KeyError('Invalid ticket ID')
for param in ('tstid', 'toid', 'name', 'descr'):
if param in params:
del params[param]
# TODO: ENTITIES_LIST
if not request.has_permission('TICKETS_CHANGE_STATE'):
if 'ttrid' in params:
del params['ttrid']
if not request.has_permission('TICKETS_CHANGE_FLAGS'):
if 'flags' in params:
del params['flags']
# TODO: USERS_LIST
# TODO: GROUPS_LIST
sess.execute(SetVariable('ticketid', ticket.id))
if 'ttrid' in params:
ttr_id = params['ttrid']
if ttr_id:
ttr_id = int(ttr_id)
trans = sess.query(TicketStateTransition).get(ttr_id)
if trans:
sess.execute(SetVariable('ttrid', trans.id))
trans.apply(ticket)
del params['ttrid']
if 'show_client' in params:
show_cl = params['show_client'].lower()
if show_cl in {'true', '1', 'on'}:
show_cl = True
else:
show_cl = False
del params['show_client']
else:
show_cl = False
sess.execute(SetVariable('show_client', npbool(show_cl)))
if ('comments' in params) and request.has_permission(
'TICKETS_COMMENT', request.context, request):
sess.execute(SetVariable('comments', params['comments']))
del params['comments']
else:
sess.execute(SetVariable('comments', None))
model.set_values(ticket, params, request)
sess.flush()
sess.execute(SetVariable('tcid', None))
return {'success': True, 'action': {'do': 'close', 'redraw': []}}
def __iter__(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() # TODO: add access controls for t in sess.query(FileFolder.name).filter(FileFolder.parent == root): yield t[0] for t in sess.query(File.filename).filter(File.folder == root): yield t[0]
def _cal_events(evts, params, req):
ts_from = params.get('startDate')
ts_to = params.get('endDate')
if (not ts_from) or (not ts_to):
return
cals = params.get('cals')
if isinstance(cals, Iterable) and len(cals):
try:
cals = [int(cal[5:]) for cal in cals if cal[:5] == 'user-']
except (TypeError, ValueError):
cals = ()
if len(cals) == 0:
return
else:
cals = None
ts_from = dparse(ts_from).replace(hour=0, minute=0, second=0, microsecond=0)
ts_to = dparse(ts_to).replace(hour=23, minute=59, second=59, microsecond=999999)
sess = DBSession()
cal_q = sess.query(Calendar).filter(Calendar.user == req.user)
if cals:
cal_q = cal_q.filter(Calendar.id.in_(cals))
cal_ids = [cal.id for cal in cal_q]
for cali in sess.query(CalendarImport).filter(CalendarImport.user_id == req.user.id):
cal = cali.calendar
if cal.user == req.user:
continue
if cals and (cal.id not in cals):
continue
if not cal.can_read(req.user):
continue
if cal.id in cal_ids:
continue
cal_ids.append(cal.id)
q = sess.query(Event)\
.filter(
Event.calendar_id.in_(cal_ids),
Event.event_start <= ts_to,
Event.event_end >= ts_from
)
for e in q:
ev = {
'id' : 'event-%u' % e.id,
'cid' : 'user-%u' % e.calendar_id,
'title' : e.summary,
'start' : e.event_start,
'end' : e.event_end,
'ad' : e.all_day,
'notes' : e.description,
'loc' : e.location,
'url' : e.url,
'caned' : e.calendar.can_write(req.user)
}
evts.append(ev)
def resolve(cls, name, domain_aliases=True):
name = name.strip('.')
sess = DBSession()
candidates = [(None, domain_candidates(name), None)]
while len(candidates) > 0:
old_candidates = candidates
candidates = []
domain_cond = []
da_cond = []
for domain, names, suffix in old_candidates:
if domain is None or isinstance(domain, Domain):
domain_cond.append(and_(
Domain.parent_id == (domain.id if domain else None),
Domain.name.in_(names)
))
if not domain_aliases:
continue
if domain is None or isinstance(domain, DomainAlias):
da_cond.append(and_(
DomainAlias.parent_id == (domain.id if domain else None),
DomainAlias.name.in_(names)
))
if len(domain_cond) > 0:
for domain in sess.query(Domain).filter(or_(*domain_cond)):
if suffix is None:
domain_name = str(domain)
else:
domain_name = '.'.join((domain.name, suffix))
if name == domain_name:
return domain
offset = name.find('.' + domain_name)
if offset > 0:
left_part = name[:offset]
candidates.append((domain, domain_candidates(left_part), domain_name))
if domain_aliases and len(da_cond) > 0:
for da in sess.query(DomainAlias).filter(or_(*da_cond)):
if suffix is None:
domain_name = str(da)
else:
domain_name = '.'.join((da.name, suffix))
if name == domain_name:
return da.domain
offset = name.find('.' + domain_name)
if offset > 0:
left_part = name[:offset]
dc = domain_candidates(left_part)
candidates.extend((
(da, dc, domain_name),
(da.domain, dc, domain_name)
))
def get_pkpass(request):
loc = get_localizer(request)
cfg = request.registry.settings
sess = DBSession()
client_pass = None
token = None
passserial = request.current_route_path().split('/')[-1].split("?")[0]
try:
token = request.params.get('authtoken', None)
sess = DBSession()
if token:
try:
client_pass = sess.query(PassbookPass).filter(
PassbookPass.token == token,
).one()
except NoResultFound:
raise KeyError('Invalid token')
else:
try:
client_pass = sess.query(PassbookPass).filter(
PassbookPass.serial == passserial,
).one()
token = client_pass.token
except NoResultFound:
raise KeyError('Invalid setial')
except ValueError:
pass
p12_cert = cfg.get('netprofile.client.pkpass.p12', None)
pem_cert = cfg.get('netprofile.client.pkpass.pem', None)
teamId = cfg.get('netprofile.client.pkpass.teamId', None)
passId = cfg.get('netprofile.client.pkpass.passId', None)
passfile = tempfile.NamedTemporaryFile()
pkpass = P.PyPKPass.PKPass.PKPass(passId, passserial)
pkpass.webServiceURL = request.url.split("?")[0]
pkpass.authenticationToken = token
pkpass.backgroundColor="rgb(23, 187, 82)"
pkpass.teamIdentifier=teamId
pkpass.passTypeIdentifier=passId
pkpass.addHeaderField("Name", "Netprofile Account", 'My Netprofile Account Details')
pkpass.addPrimaryField("username", client_pass.stash.entity.nick, "Username")
pkpass.addPrimaryField("Account Name", client_pass.stash.name, 'Account Name')
pkpass.addSecondaryField("Amount", "{0}".format(client_pass.stash.amount), "Amont")
pkpass.addSecondaryField("Credit", "{0}".format(client_pass.stash.credit), "Credit")
pkpass.sign(p12_cert, "", passfile.name, pem_cert)
resp = FileResponse(passfile.name)
resp.content_disposition = 'attachment; filename="{0}.pkpass"'.format(passId)
return resp
def ff_tree_update(params, request):
sess = DBSession()
user = request.user
root_ff = user.group.effective_root_folder
for rec in params.get('records', ()):
ff_id = rec.get('id')
if ff_id == 'root':
continue
ff_id = int(ff_id)
ff_name = rec.get('text')
ff_parent = rec.get('parentId')
# TODO: support changing uid/gid and rights, maybe?
if not ff_name:
raise ValueError('Empty folder names are not supported')
if ff_parent and (ff_parent != 'root'):
ff_parent = int(ff_parent)
else:
ff_parent = None
ff = sess.query(FileFolder).get(ff_id)
if ff is None:
raise KeyError('Unknown folder ID %d' % ff_id)
if root_ff and (not ff.is_inside(root_ff)):
raise ValueError('Folder access denied')
cur_parent = ff.parent
if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))):
raise ValueError('Folder access denied')
ff.name = ff_name
if ff_parent:
new_parent = sess.query(FileFolder).get(ff_parent)
if new_parent is None:
raise KeyError('Unknown parent folder ID %d' % ff_parent)
if (not new_parent.can_write(user)) or (not new_parent.can_traverse_path(user)):
raise ValueError('Folder access denied')
if root_ff and (not new_parent.is_inside(root_ff)):
raise ValueError('Folder access denied')
if new_parent.is_inside(ff):
raise ValueError('Folder loop detected')
ff.parent = new_parent
elif not user.root_writable:
raise ValueError('Folder access denied')
else:
ff.parent = None
return {
'success' : True
}
def dav_children(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in itertools.chain( sess.query(FileFolder).filter(FileFolder.parent == root), sess.query(File).filter(File.folder == root) ): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def cals_avail(params, req):
cals = []
sess = DBSession()
q = sess.query(Calendar).filter(
Calendar.user_id != req.user.id,
or_(
and_(Calendar.group_access != CalendarAccess.none, Calendar.group == req.user.group),
Calendar.global_access != CalendarAccess.none
)
)
for cal in q:
cals.append({
'id' : 'user-%u' % cal.id,
'title' : cal.name,
'desc' : cal.description,
'owner' : str(cal.user),
'color' : cal.style,
'hidden' : False,
'cancreate' : cal.can_write(req.user)
})
return {
'success' : True,
'calendars' : cals,
'total' : len(cals)
}
def dav_children(self): sess = DBSession() for u in sess.query(User): ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self yield ab
def file_ul(request):
sess = DBSession()
try:
ff_id = request.POST['ffid']
except KeyError:
ff_id = None
folder = None
if ff_id:
ff_id = int(ff_id)
folder = sess.query(FileFolder).get(ff_id)
if folder and not folder.can_write(request.user):
raise ValueError('Folder access denied')
for fo in request.POST.getall('file'):
obj = File(
user_id=request.user.id,
user=request.user,
group_id=request.user.group.id,
group=request.user.group,
rights=F_DEFAULT_FILES
)
if fo.filename:
obj.name = obj.filename = fo.filename
obj.folder = folder
sess.add(obj)
obj.set_from_file(fo.file, request.user, sess)
res = Response(html_escape(json.dumps({
'success' : True,
'msg' : 'File(s) uploaded'
}), False))
res.headerlist.append(('X-Frame-Options', 'SAMEORIGIN'))
return res
def dav_children(self): sess = DBSession() for u in sess.query(User): u.__req__ = self.req u.__parent__ = self u.__plugin__ = self yield u
def do_login(request):
if authenticated_userid(request):
return HTTPFound(location=request.route_url('core.home'))
login = ''
did_fail = False
cur_locale = locale_neg(request)
if 'submit' in request.POST:
login = request.POST.get('user', '')
passwd = request.POST.get('pass', '')
csrf = request.POST.get('csrf', '')
if csrf == request.get_csrf():
sess = DBSession()
reg = request.registry
hash_con = reg.settings.get('netprofile.auth.hash', 'sha1')
salt_len = int(reg.settings.get('netprofile.auth.salt_length', 4))
q = sess.query(User).filter(User.state == UserState.active).filter(User.enabled == True).filter(User.login == login)
for user in q:
if user.check_password(passwd, hash_con, salt_len):
return auth_add(request, login, 'core.home')
did_fail = True
mmgr = request.registry.getUtility(IModuleManager)
return {
'login' : login,
'failed' : did_fail,
'res_css' : mmgr.get_css(request),
'res_js' : mmgr.get_js(request),
'res_ljs' : mmgr.get_local_js(request, cur_locale),
'cur_loc' : cur_locale
}
def dyn_globalsettings_form(param, request):
"""
ExtDirect method to populate a global settings form.
"""
node = param['section']
path = node.split('.')
if len(path) != 2:
raise ValueError('Invalid section node ID specified: %r' % (node,))
moddef = path[0]
sname = path[1]
mmgr = request.registry.getUtility(IModuleManager)
if moddef not in mmgr.loaded:
raise ValueError('Unknown, uninstalled or disabled module name requested: %r' % (moddef,))
all_settings = mmgr.get_settings('global')
if moddef not in all_settings or sname not in all_settings[moddef]:
raise ValueError('Setting doesn\'t exist: %r' % (node,))
form = []
section = all_settings[moddef][sname]
sess = DBSession()
values = dict(
(s.name, s.value)
for s
in sess.query(GlobalSetting).filter(
GlobalSetting.name.startswith('%s.%s.' % (moddef, sname))
)
)
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting_name)
if fullname in values:
values[fullname] = setting.parse_param(values[fullname])
return section.get_form_cfg(request, moddef, values)
def file_mnt(request):
ff_id = request.matchdict.get('ffid')
if ff_id == 'root':
if not request.user.root_readable:
raise HTTPForbidden()
resp = DAVMountResponse(
request=request,
path='/',
username=request.user.login
)
else:
try:
ff_id = int(ff_id)
except (TypeError, ValueError):
raise HTTPNotFound()
sess = DBSession()
ff = sess.query(FileFolder).get(ff_id)
if not ff.allow_traverse(request):
raise HTTPForbidden()
path = '/'.join(ff.get_uri()[1:] + [''])
resp = DAVMountResponse(
request=request,
path=path,
username=request.user.login
)
resp.make_body()
resp.headerlist.append(('X-Frame-Options', 'SAMEORIGIN'))
return resp
def _cal_events_update(params, req):
cal_id = params.get('CalendarId', '')
if cal_id != _cal['id']:
return
if 'EventId' not in params:
return
evtype, evid = params['EventId'].split('-')
if evtype != 'ticket':
return
evid = int(evid)
if not has_permission('TICKETS_UPDATE', req.context, req):
return
sess = DBSession()
tkt = sess.query(Ticket).get(evid)
if tkt is None:
return
sess.execute(SetVariable('ticketid', tkt.id))
if 'StartDate' in params:
new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
tkt.assigned_time = new_ts
if ('EndDate' in params) and tkt.assigned_time:
new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
delta = new_ts - tkt.assigned_time
tkt.duration = delta.seconds
def ff_tree_delete(params, request):
sess = DBSession()
user = request.user
root_ff = user.group.effective_root_folder
total = 0
for rec in params.get('records', ()):
ff_id = rec.get('id')
if ff_id == 'root':
continue
ff_id = int(ff_id)
ff = sess.query(FileFolder).get(ff_id)
if ff is None:
raise KeyError('Unknown folder ID %d' % ff_id)
if root_ff and (not ff.is_inside(root_ff)):
raise ValueError('Folder access denied')
cur_parent = ff.parent
if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))):
raise ValueError('Folder access denied')
if (not cur_parent) and (not user.root_writable):
raise ValueError('Folder access denied')
# Extra precaution
if ff.user != user:
raise ValueError('Folder access denied')
sess.delete(ff)
total += 1
return {
'success' : True,
'total' : total
}
def dav_children(self): sess = DBSession() for g in sess.query(Group): g.__req__ = self.req g.__parent__ = self g.__plugin__ = self yield g
def _wizcb_submit_hdl(wiz, em, step, act, val, req):
xcls = cls
if isinstance(xcls, str):
xcls = _name_to_class(xcls)
sess = DBSession()
fieldIDs = json.loads(val['field_id'])
templateName = val['template']
templId = val['templ_id']
for fid in fieldIDs:
resvalue = {
'templ_id':
templId,
'field_id':
fid,
'template':
templateName,
'field':
sess.query(PDNSFieldType).filter(
PDNSFieldType.id == fid).first()
}
em = ExtModel(xcls)
obj = xcls()
em.set_values(obj, resvalue, req, True)
sess.add(obj)
sess.flush()
print("TROLOLO")
return {'do': 'close', 'reload': True}
def _cal_events_update(params, req):
if 'EventId' not in params:
return
evtype, evid = params['EventId'].split('-')
if evtype != 'ticket':
return
evid = int(evid)
if not req.has_permission('TICKETS_UPDATE'):
return
# TODO: fancy permissions/ACLs
sess = DBSession()
tkt = sess.query(Ticket).get(evid)
if tkt is None:
return
sess.execute(SetVariable('ticketid', tkt.id))
if 'StartDate' in params:
new_ts = dparse(params['StartDate']).replace(tzinfo=None,
microsecond=0)
if new_ts:
tkt.assigned_time = new_ts
if ('EndDate' in params) and tkt.assigned_time:
new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
delta = new_ts - tkt.assigned_time
tkt.duration = delta.seconds
def find_princs_digest(param, request):
sess = DBSession()
try:
user = sess.query(User).filter(User.state == UserState.active,
User.enabled == True,
User.login == param['username']).one()
except NoResultFound:
return None
if not user.a1_hash:
return None
req_path = unquote(request.path.lower())
uri_path = unquote(param['uri'].lower())
if req_path != uri_path:
return None
ha2 = hashlib.md5(
('%s:%s' % (request.method, param['uri'])).encode()).hexdigest()
data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'],
'auth', ha2)
resp = hashlib.md5(('%s:%s' % (user.a1_hash, data)).encode()).hexdigest()
if resp == param['response']:
groups = ['g:%s' % user.group.name]
for sgr in user.secondary_groups:
if sgr == user.group:
continue
groups.append('g:%s' % sgr.name)
return groups
return None
def client_activate(request):
if authenticated_userid(request):
return HTTPSeeOther(location=request.route_url('access.cl.home'))
did_fail = True
cur_locale = locale_neg(request)
cfg = request.registry.settings
comb_js = asbool(cfg.get('netprofile.client.combine_js', False))
can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False))
must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True))
link_id = int(cfg.get('netprofile.client.registration.link_id', 1))
rand_len = int(cfg.get('netprofile.client.registration.code_length', 20))
if (not can_reg) or (not must_verify):
return HTTPSeeOther(location=request.route_url('access.cl.login'))
code = request.GET.get('code', '').strip().upper()
login = request.GET.get('for', '')
if code and login and (len(code) == rand_len):
sess = DBSession()
for link in sess.query(AccessEntityLink)\
.options(joinedload(AccessEntityLink.entity))\
.filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code):
# TODO: implement code timeouts
ent = link.entity
if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login):
ent.access_state = AccessState.ok.value
sess.delete(link)
did_fail = False
break
tpldef = {
'failed' : did_fail,
'comb_js' : comb_js,
'cur_loc' : cur_locale
}
request.run_hook('access.cl.tpldef.activate', tpldef, request)
return tpldef
def client_activate(request):
if authenticated_userid(request):
return HTTPSeeOther(location=request.route_url('access.cl.home'))
did_fail = True
cur_locale = locale_neg(request)
cfg = request.registry.settings
comb_js = asbool(cfg.get('netprofile.client.combine_js', False))
can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False))
must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True))
link_id = int(cfg.get('netprofile.client.registration.link_id', 1))
rand_len = int(cfg.get('netprofile.client.registration.code_length', 20))
if (not can_reg) or (not must_verify):
return HTTPSeeOther(location=request.route_url('access.cl.login'))
code = request.GET.get('code', '').strip().upper()
login = request.GET.get('for', '')
if code and login and (len(code) == rand_len):
sess = DBSession()
for link in sess.query(AccessEntityLink)\
.options(joinedload(AccessEntityLink.entity))\
.filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code):
# TODO: implement code timeouts
ent = link.entity
if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login):
ent.access_state = AccessState.ok.value
sess.delete(link)
did_fail = False
break
tpldef = {
'failed' : did_fail,
'comb_js' : comb_js,
'cur_loc' : cur_locale
}
request.run_hook('access.cl.tpldef.activate', tpldef, request)
return tpldef
def client_chrate(ctx, request):
loc = get_localizer(request)
csrf = request.POST.get('csrf', '')
rate_id = int(request.POST.get('rateid'), 0)
aent_id = int(request.POST.get('entityid'))
ent = request.user.parent
err = True
if csrf == request.get_csrf():
sess = DBSession()
aent = sess.query(AccessEntity).get(aent_id)
if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities):
err = False
if 'clear' in request.POST:
rate_id = None
aent.next_rate_id = None
elif rate_id > 0:
aent.next_rate_id = rate_id
if err:
request.session.flash({
'text' : loc.translate(_('Error scheduling rate change')),
'class' : 'danger'
})
elif rate_id:
request.session.flash({
'text' : loc.translate(_('Rate change successfully scheduled'))
})
else:
request.session.flash({
'text' : loc.translate(_('Rate change successfully cancelled'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def client_chrate(ctx, request):
loc = request.localizer
csrf = request.POST.get('csrf', '')
rate_id = int(request.POST.get('rateid'), 0)
aent_id = int(request.POST.get('entityid'))
ent = request.user.parent
err = True
if csrf == request.get_csrf():
sess = DBSession()
aent = sess.query(AccessEntity).get(aent_id)
if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities):
err = False
if 'clear' in request.POST:
rate_id = None
aent.next_rate_id = None
elif rate_id > 0:
aent.next_rate_id = rate_id
if err:
request.session.flash({
'text' : loc.translate(_('Error scheduling rate change')),
'class' : 'danger'
})
elif rate_id:
request.session.flash({
'text' : loc.translate(_('Rate change successfully scheduled'))
})
else:
request.session.flash({
'text' : loc.translate(_('Rate change successfully cancelled'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def _dyn_prep_tpl(params, req):
objid = params.get('objid')
objtype = params.get('objtype')
if (not objid) or (not objtype):
raise ValueError('No object specified')
docid = params.get('docid')
if not docid:
raise ValueError('No document specified')
sess = DBSession()
docid = int(docid)
doc = sess.query(Document).get(docid)
if not doc:
raise KeyError('No such document')
config = {
'docid' : docid,
'code' : doc.code,
'name' : doc.name,
'type' : doc.type,
'vars' : doc.variables,
'body' : doc.body
}
tpl_vars = {}
form_fields = []
req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req)
req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req)
return {
'success' : True,
'doc' : config,
'vars' : tpl_vars,
'form' : form_fields
}
def _wizcb_submit_hdl(wiz, em, step, act, val, req):
xcls = cls
if isinstance(xcls, str):
xcls = _name_to_class(xcls)
sess = DBSession()
cfg = get_current_registry().settings
fieldIDs = json.loads(val['field_id'])
fieldlist = val['field']
templateName = val['template']
templId = val['templ_id']
for fid in fieldIDs:
resvalue = {'templ_id' : templId,
'field_id' : fid,
'template' : templateName,
'field' : sess.query(PDNSFieldType).filter(PDNSFieldType.id==fid).first()
}
em = ExtModel(xcls)
obj = xcls()
em.set_values(obj, resvalue, req, True)
sess.add(obj)
sess.flush()
print("TROLOLO")
return {
'do' : 'close',
'reload' : True
}
def disable(self, moddef):
"""
Remove a module from the list of enabled modules.
"""
from netprofile_core.models import NPModule
if moddef not in self.modules:
logger.error(
'Can\'t find module \'%s\'. Verify installation and try again.',
moddef)
return False
if moddef in self.loaded:
if not self.unload(moddef): # pragma: no cover
logger.error('Can\'t unload module \'%s\'.', moddef)
return False
sess = DBSession()
try:
mod = sess.query(NPModule).filter(NPModule.name == moddef).one()
except NoResultFound:
return False
if mod.enabled == False:
return True
mod.enabled = False
transaction.commit()
return True
def get_settings(request):
# FIXME: implement settings cache invalidation
if 'auth.settings' in request.session:
return request.session['auth.settings']
mmgr = request.registry.getUtility(IModuleManager)
all_settings = mmgr.get_settings('user')
user = request.user
if user is None:
ret = {}
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
if setting.default is None:
continue
ret['%s.%s.%s' %
(moddef, sname, setting_name)] = setting.default
else:
sess = DBSession()
ret = dict(
(s.name, s.value)
for s in sess.query(UserSetting).filter(UserSetting.user == user))
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting.name)
if fullname in ret:
ret[fullname] = setting.parse_param(ret[fullname])
elif setting.default is not None:
ret[fullname] = setting.default
request.session['auth.settings'] = ret
return ret
def task_generate(srv_ids=(), station_ids=()):
cfg = app.settings
factory = ConfigGeneratorFactory(cfg, app.mmgr)
ret = []
sess = DBSession()
loc = sys_localizer(app.mmgr.cfg.registry)
q = sess.query(Server)
if len(srv_ids) > 0:
q = q.filter(Server.id.in_(srv_ids))
if len(station_ids) > 0:
q = q.filter(Server.host_id.in_(station_ids))
for srv in q:
gen = factory.get(srv.type.generator_name)
logger.info('Generating config of type %s for host %s', srv.type.generator_name, str(srv.host))
gen.generate(srv)
ret.append(loc.translate(_('Successfully generated %s configuration for host %s.')) % (
srv.type.name,
str(srv.host)
))
hosts = factory.deploy()
ret.append(loc.translate(_('Successfully deployed configuration for hosts: %s.')) % (', '.join(hosts),))
factory.restore_umask()
transaction.commit()
return ret
def _dyn_prep_tpl(params, req):
objid = params.get('objid')
objtype = params.get('objtype')
if (not objid) or (not objtype):
raise ValueError('No object specified')
docid = params.get('docid')
if not docid:
raise ValueError('No document specified')
sess = DBSession()
docid = int(docid)
doc = sess.query(Document).get(docid)
if not doc:
raise KeyError('No such document')
config = {
'docid': docid,
'code': doc.code,
'name': doc.name,
'type': doc.type,
'vars': doc.variables,
'body': doc.body
}
tpl_vars = {}
form_fields = []
req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req)
req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req)
return {
'success': True,
'doc': config,
'vars': tpl_vars,
'form': form_fields
}
def find_princs_digest(param, request):
sess = DBSession()
try:
user = sess.query(User).filter(User.state == UserState.active,
User.enabled.is_(True),
User.login == param['username']).one()
except NoResultFound:
return None
if not user.password_ha1:
return None
req_path = unquote(request.path.lower())
uri_path = unquote(param['uri'].lower())
if req_path != uri_path:
return None
ha2 = hashlib.md5(('%s:%s' % (request.method,
param['uri'])).encode()).hexdigest()
data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'],
param['cnonce'], 'auth', ha2)
resp = hashlib.md5(('%s:%s' % (user.password_ha1,
data)).encode()).hexdigest()
if hmac.compare_digest(resp, param['response']):
groups = ['g:%s' % (user.group.name,)]
for sgr in user.secondary_groups:
if sgr == user.group:
continue
groups.append('g:%s' % (sgr.name,))
return groups
return None
def get_settings(request):
# FIXME: implement settings cache invalidation
if 'auth.settings' in request.session:
return request.session['auth.settings']
mmgr = request.registry.getUtility(IModuleManager)
all_settings = mmgr.get_settings('user')
user = request.user
if user is None:
ret = {}
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
if setting.default is None:
continue
ret['%s.%s.%s' % (moddef,
sname,
setting_name)] = setting.default
else:
sess = DBSession()
ret = dict(
(s.name, s.value)
for s
in sess.query(UserSetting).filter(UserSetting.user == user))
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting.name)
if fullname in ret:
ret[fullname] = setting.parse_param(ret[fullname])
elif setting.default is not None:
ret[fullname] = setting.default
request.session['auth.settings'] = ret
return ret
def dav_children(self): sess = DBSession() for ab in sess.query(AddressBook)\ .filter(AddressBook.user == self.user): ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self yield ab
def edit_record(request):
loc = get_localizer(request)
sess = DBSession()
csrf = request.POST.get('csrf', '')
user_domains = [
d.id for d in sess.query(PDNSDomain)
.filter_by(account=str(request.user.id))
]
if csrf != request.get_csrf():
request.session.flash({
'text': loc.translate(_('Error submitting form')),
'class': 'danger'
})
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
else:
rectype = request.POST.get('type', None)
if rectype == "domain":
domain = sess.query(PDNSDomain).filter_by(
id=int(request.POST.get('domainid', None))
).first()
if domain.id in user_domains:
domain.name = request.POST.get('hostName', None)
domain.dtype = request.POST.get('hostType', None)
domain.master = request.POST.get('hostValue', None)
elif rectype == "record":
record = sess.query(PDNSRecord).filter_by(
id=int(request.POST.get('recordid', None))
).first()
if record.domain_id in user_domains:
record.name = request.POST.get('name', None)
record.content = request.POST.get('content', None)
record.rtype = request.POST.get('rtype', None)
record.ttl = request.POST.get('ttl', None)
if record.ttl == '':
record.ttl = None
record.prio = request.POST.get('prio', None)
if record.prio == '':
record.prio = None
sess.flush()
return HTTPSeeOther(location=request.route_url(
'pdns.cl.domains',
_query=(('sort', 'asc'),))
)
def __getitem__(self, name):
user = self.req.user
root = None
if user:
root = user.group.effective_root_folder
sess = DBSession()
# TODO: add access controls
try:
f = sess.query(FileFolder).filter(FileFolder.parent == root, FileFolder.name == name).one()
except NoResultFound:
try:
f = sess.query(File).filter(File.folder == root, File.filename == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
f.__req__ = self.req
f.__parent__ = self
f.__plugin__ = self
return f
def delete_record(request):
# if d in GET, delete domain
# if r in GET, delete record
# before delete check if this record exists and belongs to auth_user
# delete and redirect to main module page
# use _query to add aditional params when redirecting
loc = get_localizer(request)
sess = DBSession()
csrf = request.POST.get('csrf', '')
user_domains = [
d.id for d in sess.query(PDNSDomain)
.filter_by(account=str(request.user.id))
]
if csrf != request.get_csrf():
request.session.flash({
'text': loc.translate(_('Error submitting form')),
'class': 'danger'
})
return HTTPSeeOther(
location=request.route_url('pdns.cl.domains'),
_query=(('error', 'asc'),)
)
else:
domainid = request.POST.get('domainid', None)
recid = request.POST.get('recordid', None)
if domainid and not recid:
domain = sess.query(PDNSDomain).filter_by(
id=int(request.POST.get('domainid', None))
).first()
if domain.id in user_domains:
sess.delete(domain)
sess.flush()
elif recid:
record = sess.query(PDNSRecord).filter_by(
id=int(request.POST.get('recordid', None))
).first()
if record.domain_id in user_domains:
sess.delete(record)
sess.flush()
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
def list_domains(request):
loc = get_localizer(request)
sess = DBSession()
errmess = None
csrf = request.POST.get('csrf', '')
tpldef = {'errmessage': errmess}
request.run_hook('access.cl.tpldef', tpldef, request)
# if request.POST:
# check csrf
if 'submit' in request.POST:
if csrf != request.get_csrf():
request.session.flash({
'text': loc.translate(_('Error submitting form')),
'class': 'danger'
})
return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
# Get all the templates with associated fields
templates = sess.query(PDNSTemplateType).join(PDNSTemplate).all()
access_user = sess.query(AccessEntity).filter_by(
nick=str(request.user)
).first()
user_domains = sess.query(PDNSDomain).filter_by(
account=str(request.user.id)
)
records = []
for d in user_domains:
recs = sess.query(PDNSRecord).filter_by(domain_id=d.id)
for r in recs:
records.append(r)
tpldef.update({
'req': request,
'formdata': request.POST,
'getparams': request.GET,
'accessuser': access_user,
'userdomains': user_domains,
'domainrecords': records,
'domain': None,
'templates': templates
})
return tpldef
def __getitem__(self, name):
sess = DBSession()
try:
u = sess.query(User).filter(User.login == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
u.__req__ = self.req
u.__parent__ = self
u.__plugin__ = self
return u
def __getitem__(self, name):
sess = DBSession()
try:
g = sess.query(Group).filter(Group.name == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
g.__req__ = self.req
g.__parent__ = self
g.__plugin__ = self
return g
def __getitem__(self, name):
sess = DBSession()
try:
u = sess.query(User).filter(User.login == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
ab = DAVPluginUserAddressBooks(self.req, u)
ab.__req__ = self.req
ab.__parent__ = self
return ab
def get_user(request):
sess = DBSession()
userid = unauthenticated_userid(request)
if userid is not None:
from .models import AccessEntity
try:
return sess.query(AccessEntity).filter(
AccessEntity.nick == userid).one()
except NoResultFound:
return None
def dav_collections(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in sess.query(FileFolder).filter(FileFolder.parent == root): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def get_user(request):
sess = DBSession()
userid = unauthenticated_userid(request)
if userid is not None:
try:
return sess.query(ExternalOperationProvider).filter(
ExternalOperationProvider.authentication_username ==
userid).one()
except NoResultFound:
return None
def __acl__(self):
user = self.req.user
root = user.group.effective_root_folder
if root:
rights = root.rights
ff_user = '******' % root.user.login
ff_group = 'g:%s' % root.group.name
else:
sess = DBSession()
try:
root_user = sess.query(User).get(global_setting('core.vfs.root_uid'))
root_group = sess.query(Group).get(global_setting('core.vfs.root_gid'))
except NoResultFound:
return (DENY_ALL,)
ff_user = '******' % root_user.login
ff_group = 'g:%s' % root_group.name
rights = global_setting('core.vfs.root_rights')
return (
(Allow if (rights & F_OWNER_EXEC) else Deny, ff_user, 'access'),
(Allow if (rights & F_OWNER_READ) else Deny, ff_user, 'read'),
(Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'write'),
(Allow if (rights & F_OWNER_EXEC) else Deny, ff_user, 'execute'),
(Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'create'),
(Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'delete'),
(Allow if (rights & F_GROUP_EXEC) else Deny, ff_group, 'access'),
(Allow if (rights & F_GROUP_READ) else Deny, ff_group, 'read'),
(Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'write'),
(Allow if (rights & F_GROUP_EXEC) else Deny, ff_group, 'execute'),
(Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'create'),
(Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'delete'),
(Allow if (rights & F_OTHER_EXEC) else Deny, Everyone, 'access'),
(Allow if (rights & F_OTHER_READ) else Deny, Everyone, 'read'),
(Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'write'),
(Allow if (rights & F_OTHER_EXEC) else Deny, Everyone, 'execute'),
(Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'create'),
(Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'delete'),
DENY_ALL
)
