def postfix_mailboxes(request): loc = get_localizer(request) cfg = request.registry.settings sess = DBSession() errmess = None csrf = request.POST.get('csrf', '') if 'submit' in request.POST: if csrf != request.get_csrf(): request.session.flash({ 'text' : loc.translate(_('Error submitting form')), 'class' : 'danger' }) return HTTPSeeOther(location=request.route_url('postfix.cl.mail')) access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first() userdomains = sess.query(PDNSDomain).filter_by(account=str(access_user.nick)) admindomains = sess.query(PostfixDomainAdmins).filter_by(username=str(request.user)) maildomains = sess.query(PostfixDomain).filter(PostfixDomain.domain.in_([ad.domain for ad in admindomains])) mailboxes = sess.query(PostfixMailbox).filter(PostfixMailbox.domain.in_([md.domain for md in maildomains])) tpldef = {'errmessage':errmess, 'accessuser':access_user, 'userdomains':userdomains, 'admindomains':admindomains, 'maildomains':maildomains, 'mailboxes':mailboxes, 'aliases':None, } request.run_hook('access.cl.tpldef', tpldef, request) return(tpldef)
def delete_record(request): #if d in GET, delete domain #if r in GET, delete record #before delete check if this record exists and belongs to auth_user #delete and redirect to main module page #use _query to add aditional params when redirecting loc = get_localizer(request) cfg = request.registry.settings sess = DBSession() csrf = request.POST.get('csrf', '') access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first() user_domains = [d.id for d in sess.query(PDNSDomain).filter_by(account=str(request.user.id))] if csrf != request.get_csrf(): request.session.flash({ 'text' : loc.translate(_('Error submitting form')), 'class' : 'danger' }) return HTTPSeeOther(location=request.route_url('pdns.cl.domains'), _query=(('error', 'asc'),)) else: domainid = request.POST.get('domainid', None) recid = request.POST.get('recordid', None) if domainid and not recid: domain = sess.query(PDNSDomain).filter_by(id=int(request.POST.get('domainid', None))).first() if domain.id in user_domains: sess.delete(domain) sess.flush() elif recid: record = sess.query(PDNSRecord).filter_by(id=int(request.POST.get('recordid', None))).first() if record.domain_id in user_domains: sess.delete(record) sess.flush() return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
def dyn_priv_group_get(params, request): """ ExtDirect method for getting group's capabilities. """ gid = int(params.get('owner')) if gid <= 0: raise KeyError('Invalid group ID') recs = [] sess = DBSession() group = sess.query(Group).get(gid) if group is None: raise KeyError('Invalid group ID') for priv in sess.query(Privilege)\ .join(NPModule)\ .filter(NPModule.enabled == True, Privilege.can_be_set == True)\ .order_by(Privilege.name): prx = { 'privid' : priv.id, 'owner' : group.id, 'code' : priv.code, 'name' : priv.name, 'hasacls' : priv.has_acls, 'value' : None } if priv.code in group.caps: prx['value'] = group.caps[priv.code].value recs.append(prx) return { 'records' : recs, 'total' : len(recs), 'success' : True }
def sync(self): to_update = [] sess = DBSession() if len(self._pending_results) > 0: task_uuids = [k for k, v in self._pending_results.items() if v.ready()] if len(task_uuids) > 0: for log in sess.query(TaskLog).filter( TaskLog.celery_id.in_(task_uuids)): log.update(self._pending_results[log.celery_id]) to_update.append(log) del self._pending_results[log.celery_id] if len(self._sync_needed) > 0: sn = self._sync_needed for task in sess.query(Task).filter(Task.id.in_(sn.keys())): task.last_run_time = sn[task.id].last_run_time task.run_count = sn[task.id].run_count to_update.append(task) self._sync_needed = {} self._schedule = self.get_from_db() self.install_default_entries(self._schedule) self._heap = None
def edit_record(request): loc = get_localizer(request) cfg = request.registry.settings sess = DBSession() csrf = request.POST.get('csrf', '') access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first() user_domains = [d.id for d in sess.query(PDNSDomain).filter_by(account=str(request.user.id))] if csrf != request.get_csrf(): request.session.flash({ 'text' : loc.translate(_('Error submitting form')), 'class' : 'danger' }) return HTTPSeeOther(location=request.route_url('pdns.cl.domains')) else: rectype = request.POST.get('type', None) if rectype == "domain": domain = sess.query(PDNSDomain).filter_by(id=int(request.POST.get('domainid', None))).first() if domain.id in user_domains: domain.name = request.POST.get('hostName', None) domain.dtype = request.POST.get('hostType', None) domain.master = request.POST.get('hostValue', None) elif rectype == "record": record = sess.query(PDNSRecord).filter_by(id=int(request.POST.get('recordid', None))).first() if record.domain_id in user_domains: record.name = request.POST.get('name', None) record.content = request.POST.get('content', None) record.rtype = request.POST.get('rtype', None) record.ttl = None if request.POST.get('ttl', None) == '' else request.POST.get('ttl', None); record.prio = None if request.POST.get('prio', None) == '' else request.POST.get('prio', None); sess.flush() return HTTPSeeOther(location=request.route_url('pdns.cl.domains', _query=(('sort', 'asc'),)))
def new_entity_validator(ret, values, request): # FIXME: handle permissions if 'etypeid' not in values: return sess = DBSession() try: ent_type = sess.query(EntityType).get(int(values['etypeid'])) except (TypeError, ValueError): ent_type = None # FIXME: error out on non-existent types if ent_type is None: return parent_id = values.get('parentid') if not parent_id and not ent_type.root: ret['errors']['parent'].append( request.localizer.translate(_('This entity requires a parent.'))) if parent_id: try: parent = sess.query(Entity).get(int(parent_id)) if parent and parent.type.leaf: ret['errors']['parent'].append( request.localizer.translate( _('This entity can\'t have children.'))) except (TypeError, ValueError): pass mod = request.registry.getUtility(IModuleManager).get_module_browser()[ ent_type.module.name] em = mod[ent_type.model] xret = em.validate_fields(values, request) if 'errors' in xret: ret['errors'].update(xret['errors'])
def dyn_acl_user_set(px, request): """ ExtDirect method for setting user's ACLs. """ if 'records' not in px: raise ValueError('No records found') sess = DBSession() for params in px['records']: uid = int(params.get('owner')) aclid = int(params.get('privid')) code = params.get('code') value = params.get('value') if uid <= 0: raise KeyError('Invalid user ID') user = sess.query(User).get(uid) if user is None: raise KeyError('Invalid user ID') if value not in {True, False, None}: raise ValueError('Invalid capability value') priv = sess.query(Privilege)\ .join(NPModule)\ .filter(Privilege.code == code, NPModule.enabled == True, Privilege.can_be_set == True)\ .one() code = priv.code if value is None: if (code, aclid) in user.acls: del user.acls[(code, aclid)] else: user.acls[(code, aclid)] = value return { 'success' : True }
def dyn_priv_group_set(px, request): """ ExtDirect method for setting group's capabilities. """ if 'records' not in px: raise ValueError('No records found') sess = DBSession() for params in px['records']: gid = int(params.get('owner')) privid = int(params.get('privid')) value = params.get('value') if gid <= 0: raise KeyError('Invalid group ID') group = sess.query(Group).get(gid) if group is None: raise KeyError('Invalid group ID') if value not in {True, False, None}: raise ValueError('Invalid capability value') priv = sess.query(Privilege)\ .join(NPModule)\ .filter(Privilege.id == privid, NPModule.enabled == True, Privilege.can_be_set == True)\ .one() code = priv.code if value is None: if code in group.privileges: del group.privileges[code] else: group.privileges[code] = value return { 'success' : True }
def _ent_hist_tickets(hist, ent, req, begin, end, max_num): sess = DBSession() # TODO: check permissions qc = sess.query(TicketChange).options(joinedload( TicketChange.user)).join(Ticket).filter(Ticket.entity == ent) qt = sess.query(Ticket).options(joinedload( Ticket.created_by)).filter(Ticket.entity == ent) if begin is not None: qc = qc.filter(TicketChange.timestamp >= begin) qt = qt.filter(Ticket.creation_time >= begin) if end is not None: qc = qc.filter(TicketChange.timestamp <= end) qt = qt.filter(Ticket.creation_time <= end) if max_num: qc = qc.limit(max_num) qt = qt.limit(max_num) for tc in qc: eh = tc.get_entity_history(req) if eh: hist.append(eh) for tkt in qt: eh = tkt.get_entity_history(req) if eh: hist.append(eh)
def dyn_ticket_uwiz_update(params, request): tid = int(params['ticketid']) del params['ticketid'] sess = DBSession() model = ExtModel(Ticket) ticket = sess.query(Ticket).get(tid) if ticket is None: raise KeyError('Invalid ticket ID') for param in ('tstid', 'toid', 'name', 'descr'): if param in params: del params[param] # TODO: ENTITIES_LIST if not request.has_permission('TICKETS_CHANGE_STATE'): if 'ttrid' in params: del params['ttrid'] if not request.has_permission('TICKETS_CHANGE_FLAGS'): if 'flags' in params: del params['flags'] # TODO: USERS_LIST # TODO: GROUPS_LIST sess.execute(SetVariable('ticketid', ticket.id)) if 'ttrid' in params: ttr_id = params['ttrid'] if ttr_id: ttr_id = int(ttr_id) trans = sess.query(TicketStateTransition).get(ttr_id) if trans: sess.execute(SetVariable('ttrid', trans.id)) trans.apply(ticket) del params['ttrid'] if 'show_client' in params: show_cl = params['show_client'].lower() if show_cl in {'true', '1', 'on'}: show_cl = True else: show_cl = False del params['show_client'] else: show_cl = False sess.execute(SetVariable('show_client', npbool(show_cl))) if ('comments' in params) and request.has_permission('TICKETS_COMMENT', request.context, request): sess.execute(SetVariable('comments', params['comments'])) del params['comments'] else: sess.execute(SetVariable('comments', None)) model.set_values(ticket, params, request) sess.flush() sess.execute(SetVariable('tcid', None)) return { 'success' : True, 'action' : { 'do' : 'close', 'redraw' : [] } }
def dyn_ticket_uwiz_update(params, request): tid = int(params['ticketid']) del params['ticketid'] sess = DBSession() model = ExtModel(Ticket) ticket = sess.query(Ticket).get(tid) if ticket is None: raise KeyError('Invalid ticket ID') for param in ('tstid', 'toid', 'name', 'descr'): if param in params: del params[param] # TODO: ENTITIES_LIST if not request.has_permission('TICKETS_CHANGE_STATE'): if 'ttrid' in params: del params['ttrid'] if not request.has_permission('TICKETS_CHANGE_FLAGS'): if 'flags' in params: del params['flags'] # TODO: USERS_LIST # TODO: GROUPS_LIST sess.execute(SetVariable('ticketid', ticket.id)) if 'ttrid' in params: ttr_id = params['ttrid'] if ttr_id: ttr_id = int(ttr_id) trans = sess.query(TicketStateTransition).get(ttr_id) if trans: sess.execute(SetVariable('ttrid', trans.id)) trans.apply(ticket) del params['ttrid'] if 'show_client' in params: show_cl = params['show_client'].lower() if show_cl in {'true', '1', 'on'}: show_cl = True else: show_cl = False del params['show_client'] else: show_cl = False sess.execute(SetVariable('show_client', npbool(show_cl))) if ('comments' in params) and request.has_permission( 'TICKETS_COMMENT', request.context, request): sess.execute(SetVariable('comments', params['comments'])) del params['comments'] else: sess.execute(SetVariable('comments', None)) model.set_values(ticket, params, request) sess.flush() sess.execute(SetVariable('tcid', None)) return {'success': True, 'action': {'do': 'close', 'redraw': []}}
def __iter__(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() # TODO: add access controls for t in sess.query(FileFolder.name).filter(FileFolder.parent == root): yield t[0] for t in sess.query(File.filename).filter(File.folder == root): yield t[0]
def _cal_events(evts, params, req): ts_from = params.get('startDate') ts_to = params.get('endDate') if (not ts_from) or (not ts_to): return cals = params.get('cals') if isinstance(cals, Iterable) and len(cals): try: cals = [int(cal[5:]) for cal in cals if cal[:5] == 'user-'] except (TypeError, ValueError): cals = () if len(cals) == 0: return else: cals = None ts_from = dparse(ts_from).replace(hour=0, minute=0, second=0, microsecond=0) ts_to = dparse(ts_to).replace(hour=23, minute=59, second=59, microsecond=999999) sess = DBSession() cal_q = sess.query(Calendar).filter(Calendar.user == req.user) if cals: cal_q = cal_q.filter(Calendar.id.in_(cals)) cal_ids = [cal.id for cal in cal_q] for cali in sess.query(CalendarImport).filter(CalendarImport.user_id == req.user.id): cal = cali.calendar if cal.user == req.user: continue if cals and (cal.id not in cals): continue if not cal.can_read(req.user): continue if cal.id in cal_ids: continue cal_ids.append(cal.id) q = sess.query(Event)\ .filter( Event.calendar_id.in_(cal_ids), Event.event_start <= ts_to, Event.event_end >= ts_from ) for e in q: ev = { 'id' : 'event-%u' % e.id, 'cid' : 'user-%u' % e.calendar_id, 'title' : e.summary, 'start' : e.event_start, 'end' : e.event_end, 'ad' : e.all_day, 'notes' : e.description, 'loc' : e.location, 'url' : e.url, 'caned' : e.calendar.can_write(req.user) } evts.append(ev)
def resolve(cls, name, domain_aliases=True): name = name.strip('.') sess = DBSession() candidates = [(None, domain_candidates(name), None)] while len(candidates) > 0: old_candidates = candidates candidates = [] domain_cond = [] da_cond = [] for domain, names, suffix in old_candidates: if domain is None or isinstance(domain, Domain): domain_cond.append(and_( Domain.parent_id == (domain.id if domain else None), Domain.name.in_(names) )) if not domain_aliases: continue if domain is None or isinstance(domain, DomainAlias): da_cond.append(and_( DomainAlias.parent_id == (domain.id if domain else None), DomainAlias.name.in_(names) )) if len(domain_cond) > 0: for domain in sess.query(Domain).filter(or_(*domain_cond)): if suffix is None: domain_name = str(domain) else: domain_name = '.'.join((domain.name, suffix)) if name == domain_name: return domain offset = name.find('.' + domain_name) if offset > 0: left_part = name[:offset] candidates.append((domain, domain_candidates(left_part), domain_name)) if domain_aliases and len(da_cond) > 0: for da in sess.query(DomainAlias).filter(or_(*da_cond)): if suffix is None: domain_name = str(da) else: domain_name = '.'.join((da.name, suffix)) if name == domain_name: return da.domain offset = name.find('.' + domain_name) if offset > 0: left_part = name[:offset] dc = domain_candidates(left_part) candidates.extend(( (da, dc, domain_name), (da.domain, dc, domain_name) ))
def get_pkpass(request): loc = get_localizer(request) cfg = request.registry.settings sess = DBSession() client_pass = None token = None passserial = request.current_route_path().split('/')[-1].split("?")[0] try: token = request.params.get('authtoken', None) sess = DBSession() if token: try: client_pass = sess.query(PassbookPass).filter( PassbookPass.token == token, ).one() except NoResultFound: raise KeyError('Invalid token') else: try: client_pass = sess.query(PassbookPass).filter( PassbookPass.serial == passserial, ).one() token = client_pass.token except NoResultFound: raise KeyError('Invalid setial') except ValueError: pass p12_cert = cfg.get('netprofile.client.pkpass.p12', None) pem_cert = cfg.get('netprofile.client.pkpass.pem', None) teamId = cfg.get('netprofile.client.pkpass.teamId', None) passId = cfg.get('netprofile.client.pkpass.passId', None) passfile = tempfile.NamedTemporaryFile() pkpass = P.PyPKPass.PKPass.PKPass(passId, passserial) pkpass.webServiceURL = request.url.split("?")[0] pkpass.authenticationToken = token pkpass.backgroundColor="rgb(23, 187, 82)" pkpass.teamIdentifier=teamId pkpass.passTypeIdentifier=passId pkpass.addHeaderField("Name", "Netprofile Account", 'My Netprofile Account Details') pkpass.addPrimaryField("username", client_pass.stash.entity.nick, "Username") pkpass.addPrimaryField("Account Name", client_pass.stash.name, 'Account Name') pkpass.addSecondaryField("Amount", "{0}".format(client_pass.stash.amount), "Amont") pkpass.addSecondaryField("Credit", "{0}".format(client_pass.stash.credit), "Credit") pkpass.sign(p12_cert, "", passfile.name, pem_cert) resp = FileResponse(passfile.name) resp.content_disposition = 'attachment; filename="{0}.pkpass"'.format(passId) return resp
def ff_tree_update(params, request): sess = DBSession() user = request.user root_ff = user.group.effective_root_folder for rec in params.get('records', ()): ff_id = rec.get('id') if ff_id == 'root': continue ff_id = int(ff_id) ff_name = rec.get('text') ff_parent = rec.get('parentId') # TODO: support changing uid/gid and rights, maybe? if not ff_name: raise ValueError('Empty folder names are not supported') if ff_parent and (ff_parent != 'root'): ff_parent = int(ff_parent) else: ff_parent = None ff = sess.query(FileFolder).get(ff_id) if ff is None: raise KeyError('Unknown folder ID %d' % ff_id) if root_ff and (not ff.is_inside(root_ff)): raise ValueError('Folder access denied') cur_parent = ff.parent if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))): raise ValueError('Folder access denied') ff.name = ff_name if ff_parent: new_parent = sess.query(FileFolder).get(ff_parent) if new_parent is None: raise KeyError('Unknown parent folder ID %d' % ff_parent) if (not new_parent.can_write(user)) or (not new_parent.can_traverse_path(user)): raise ValueError('Folder access denied') if root_ff and (not new_parent.is_inside(root_ff)): raise ValueError('Folder access denied') if new_parent.is_inside(ff): raise ValueError('Folder loop detected') ff.parent = new_parent elif not user.root_writable: raise ValueError('Folder access denied') else: ff.parent = None return { 'success' : True }
def dav_children(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in itertools.chain( sess.query(FileFolder).filter(FileFolder.parent == root), sess.query(File).filter(File.folder == root) ): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def cals_avail(params, req): cals = [] sess = DBSession() q = sess.query(Calendar).filter( Calendar.user_id != req.user.id, or_( and_(Calendar.group_access != CalendarAccess.none, Calendar.group == req.user.group), Calendar.global_access != CalendarAccess.none ) ) for cal in q: cals.append({ 'id' : 'user-%u' % cal.id, 'title' : cal.name, 'desc' : cal.description, 'owner' : str(cal.user), 'color' : cal.style, 'hidden' : False, 'cancreate' : cal.can_write(req.user) }) return { 'success' : True, 'calendars' : cals, 'total' : len(cals) }
def dav_children(self): sess = DBSession() for u in sess.query(User): ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self yield ab
def file_ul(request): sess = DBSession() try: ff_id = request.POST['ffid'] except KeyError: ff_id = None folder = None if ff_id: ff_id = int(ff_id) folder = sess.query(FileFolder).get(ff_id) if folder and not folder.can_write(request.user): raise ValueError('Folder access denied') for fo in request.POST.getall('file'): obj = File( user_id=request.user.id, user=request.user, group_id=request.user.group.id, group=request.user.group, rights=F_DEFAULT_FILES ) if fo.filename: obj.name = obj.filename = fo.filename obj.folder = folder sess.add(obj) obj.set_from_file(fo.file, request.user, sess) res = Response(html_escape(json.dumps({ 'success' : True, 'msg' : 'File(s) uploaded' }), False)) res.headerlist.append(('X-Frame-Options', 'SAMEORIGIN')) return res
def dav_children(self): sess = DBSession() for u in sess.query(User): u.__req__ = self.req u.__parent__ = self u.__plugin__ = self yield u
def do_login(request): if authenticated_userid(request): return HTTPFound(location=request.route_url('core.home')) login = '' did_fail = False cur_locale = locale_neg(request) if 'submit' in request.POST: login = request.POST.get('user', '') passwd = request.POST.get('pass', '') csrf = request.POST.get('csrf', '') if csrf == request.get_csrf(): sess = DBSession() reg = request.registry hash_con = reg.settings.get('netprofile.auth.hash', 'sha1') salt_len = int(reg.settings.get('netprofile.auth.salt_length', 4)) q = sess.query(User).filter(User.state == UserState.active).filter(User.enabled == True).filter(User.login == login) for user in q: if user.check_password(passwd, hash_con, salt_len): return auth_add(request, login, 'core.home') did_fail = True mmgr = request.registry.getUtility(IModuleManager) return { 'login' : login, 'failed' : did_fail, 'res_css' : mmgr.get_css(request), 'res_js' : mmgr.get_js(request), 'res_ljs' : mmgr.get_local_js(request, cur_locale), 'cur_loc' : cur_locale }
def dyn_globalsettings_form(param, request): """ ExtDirect method to populate a global settings form. """ node = param['section'] path = node.split('.') if len(path) != 2: raise ValueError('Invalid section node ID specified: %r' % (node,)) moddef = path[0] sname = path[1] mmgr = request.registry.getUtility(IModuleManager) if moddef not in mmgr.loaded: raise ValueError('Unknown, uninstalled or disabled module name requested: %r' % (moddef,)) all_settings = mmgr.get_settings('global') if moddef not in all_settings or sname not in all_settings[moddef]: raise ValueError('Setting doesn\'t exist: %r' % (node,)) form = [] section = all_settings[moddef][sname] sess = DBSession() values = dict( (s.name, s.value) for s in sess.query(GlobalSetting).filter( GlobalSetting.name.startswith('%s.%s.' % (moddef, sname)) ) ) for setting_name, setting in section.items(): fullname = '%s.%s.%s' % (moddef, sname, setting_name) if fullname in values: values[fullname] = setting.parse_param(values[fullname]) return section.get_form_cfg(request, moddef, values)
def file_mnt(request): ff_id = request.matchdict.get('ffid') if ff_id == 'root': if not request.user.root_readable: raise HTTPForbidden() resp = DAVMountResponse( request=request, path='/', username=request.user.login ) else: try: ff_id = int(ff_id) except (TypeError, ValueError): raise HTTPNotFound() sess = DBSession() ff = sess.query(FileFolder).get(ff_id) if not ff.allow_traverse(request): raise HTTPForbidden() path = '/'.join(ff.get_uri()[1:] + ['']) resp = DAVMountResponse( request=request, path=path, username=request.user.login ) resp.make_body() resp.headerlist.append(('X-Frame-Options', 'SAMEORIGIN')) return resp
def _cal_events_update(params, req): cal_id = params.get('CalendarId', '') if cal_id != _cal['id']: return if 'EventId' not in params: return evtype, evid = params['EventId'].split('-') if evtype != 'ticket': return evid = int(evid) if not has_permission('TICKETS_UPDATE', req.context, req): return sess = DBSession() tkt = sess.query(Ticket).get(evid) if tkt is None: return sess.execute(SetVariable('ticketid', tkt.id)) if 'StartDate' in params: new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0) if new_ts: tkt.assigned_time = new_ts if ('EndDate' in params) and tkt.assigned_time: new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0) if new_ts: delta = new_ts - tkt.assigned_time tkt.duration = delta.seconds
def ff_tree_delete(params, request): sess = DBSession() user = request.user root_ff = user.group.effective_root_folder total = 0 for rec in params.get('records', ()): ff_id = rec.get('id') if ff_id == 'root': continue ff_id = int(ff_id) ff = sess.query(FileFolder).get(ff_id) if ff is None: raise KeyError('Unknown folder ID %d' % ff_id) if root_ff and (not ff.is_inside(root_ff)): raise ValueError('Folder access denied') cur_parent = ff.parent if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))): raise ValueError('Folder access denied') if (not cur_parent) and (not user.root_writable): raise ValueError('Folder access denied') # Extra precaution if ff.user != user: raise ValueError('Folder access denied') sess.delete(ff) total += 1 return { 'success' : True, 'total' : total }
def dav_children(self): sess = DBSession() for g in sess.query(Group): g.__req__ = self.req g.__parent__ = self g.__plugin__ = self yield g
def _wizcb_submit_hdl(wiz, em, step, act, val, req): xcls = cls if isinstance(xcls, str): xcls = _name_to_class(xcls) sess = DBSession() fieldIDs = json.loads(val['field_id']) templateName = val['template'] templId = val['templ_id'] for fid in fieldIDs: resvalue = { 'templ_id': templId, 'field_id': fid, 'template': templateName, 'field': sess.query(PDNSFieldType).filter( PDNSFieldType.id == fid).first() } em = ExtModel(xcls) obj = xcls() em.set_values(obj, resvalue, req, True) sess.add(obj) sess.flush() print("TROLOLO") return {'do': 'close', 'reload': True}
def _cal_events_update(params, req): if 'EventId' not in params: return evtype, evid = params['EventId'].split('-') if evtype != 'ticket': return evid = int(evid) if not req.has_permission('TICKETS_UPDATE'): return # TODO: fancy permissions/ACLs sess = DBSession() tkt = sess.query(Ticket).get(evid) if tkt is None: return sess.execute(SetVariable('ticketid', tkt.id)) if 'StartDate' in params: new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0) if new_ts: tkt.assigned_time = new_ts if ('EndDate' in params) and tkt.assigned_time: new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0) if new_ts: delta = new_ts - tkt.assigned_time tkt.duration = delta.seconds
def find_princs_digest(param, request): sess = DBSession() try: user = sess.query(User).filter(User.state == UserState.active, User.enabled == True, User.login == param['username']).one() except NoResultFound: return None if not user.a1_hash: return None req_path = unquote(request.path.lower()) uri_path = unquote(param['uri'].lower()) if req_path != uri_path: return None ha2 = hashlib.md5( ('%s:%s' % (request.method, param['uri'])).encode()).hexdigest() data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'], 'auth', ha2) resp = hashlib.md5(('%s:%s' % (user.a1_hash, data)).encode()).hexdigest() if resp == param['response']: groups = ['g:%s' % user.group.name] for sgr in user.secondary_groups: if sgr == user.group: continue groups.append('g:%s' % sgr.name) return groups return None
def client_activate(request): if authenticated_userid(request): return HTTPSeeOther(location=request.route_url('access.cl.home')) did_fail = True cur_locale = locale_neg(request) cfg = request.registry.settings comb_js = asbool(cfg.get('netprofile.client.combine_js', False)) can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False)) must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True)) link_id = int(cfg.get('netprofile.client.registration.link_id', 1)) rand_len = int(cfg.get('netprofile.client.registration.code_length', 20)) if (not can_reg) or (not must_verify): return HTTPSeeOther(location=request.route_url('access.cl.login')) code = request.GET.get('code', '').strip().upper() login = request.GET.get('for', '') if code and login and (len(code) == rand_len): sess = DBSession() for link in sess.query(AccessEntityLink)\ .options(joinedload(AccessEntityLink.entity))\ .filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code): # TODO: implement code timeouts ent = link.entity if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login): ent.access_state = AccessState.ok.value sess.delete(link) did_fail = False break tpldef = { 'failed' : did_fail, 'comb_js' : comb_js, 'cur_loc' : cur_locale } request.run_hook('access.cl.tpldef.activate', tpldef, request) return tpldef
def client_activate(request): if authenticated_userid(request): return HTTPSeeOther(location=request.route_url('access.cl.home')) did_fail = True cur_locale = locale_neg(request) cfg = request.registry.settings comb_js = asbool(cfg.get('netprofile.client.combine_js', False)) can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False)) must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True)) link_id = int(cfg.get('netprofile.client.registration.link_id', 1)) rand_len = int(cfg.get('netprofile.client.registration.code_length', 20)) if (not can_reg) or (not must_verify): return HTTPSeeOther(location=request.route_url('access.cl.login')) code = request.GET.get('code', '').strip().upper() login = request.GET.get('for', '') if code and login and (len(code) == rand_len): sess = DBSession() for link in sess.query(AccessEntityLink)\ .options(joinedload(AccessEntityLink.entity))\ .filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code): # TODO: implement code timeouts ent = link.entity if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login): ent.access_state = AccessState.ok.value sess.delete(link) did_fail = False break tpldef = { 'failed' : did_fail, 'comb_js' : comb_js, 'cur_loc' : cur_locale } request.run_hook('access.cl.tpldef.activate', tpldef, request) return tpldef
def client_chrate(ctx, request): loc = get_localizer(request) csrf = request.POST.get('csrf', '') rate_id = int(request.POST.get('rateid'), 0) aent_id = int(request.POST.get('entityid')) ent = request.user.parent err = True if csrf == request.get_csrf(): sess = DBSession() aent = sess.query(AccessEntity).get(aent_id) if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities): err = False if 'clear' in request.POST: rate_id = None aent.next_rate_id = None elif rate_id > 0: aent.next_rate_id = rate_id if err: request.session.flash({ 'text' : loc.translate(_('Error scheduling rate change')), 'class' : 'danger' }) elif rate_id: request.session.flash({ 'text' : loc.translate(_('Rate change successfully scheduled')) }) else: request.session.flash({ 'text' : loc.translate(_('Rate change successfully cancelled')) }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def client_chrate(ctx, request): loc = request.localizer csrf = request.POST.get('csrf', '') rate_id = int(request.POST.get('rateid'), 0) aent_id = int(request.POST.get('entityid')) ent = request.user.parent err = True if csrf == request.get_csrf(): sess = DBSession() aent = sess.query(AccessEntity).get(aent_id) if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities): err = False if 'clear' in request.POST: rate_id = None aent.next_rate_id = None elif rate_id > 0: aent.next_rate_id = rate_id if err: request.session.flash({ 'text' : loc.translate(_('Error scheduling rate change')), 'class' : 'danger' }) elif rate_id: request.session.flash({ 'text' : loc.translate(_('Rate change successfully scheduled')) }) else: request.session.flash({ 'text' : loc.translate(_('Rate change successfully cancelled')) }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def _dyn_prep_tpl(params, req): objid = params.get('objid') objtype = params.get('objtype') if (not objid) or (not objtype): raise ValueError('No object specified') docid = params.get('docid') if not docid: raise ValueError('No document specified') sess = DBSession() docid = int(docid) doc = sess.query(Document).get(docid) if not doc: raise KeyError('No such document') config = { 'docid' : docid, 'code' : doc.code, 'name' : doc.name, 'type' : doc.type, 'vars' : doc.variables, 'body' : doc.body } tpl_vars = {} form_fields = [] req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req) req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req) return { 'success' : True, 'doc' : config, 'vars' : tpl_vars, 'form' : form_fields }
def _wizcb_submit_hdl(wiz, em, step, act, val, req): xcls = cls if isinstance(xcls, str): xcls = _name_to_class(xcls) sess = DBSession() cfg = get_current_registry().settings fieldIDs = json.loads(val['field_id']) fieldlist = val['field'] templateName = val['template'] templId = val['templ_id'] for fid in fieldIDs: resvalue = {'templ_id' : templId, 'field_id' : fid, 'template' : templateName, 'field' : sess.query(PDNSFieldType).filter(PDNSFieldType.id==fid).first() } em = ExtModel(xcls) obj = xcls() em.set_values(obj, resvalue, req, True) sess.add(obj) sess.flush() print("TROLOLO") return { 'do' : 'close', 'reload' : True }
def disable(self, moddef): """ Remove a module from the list of enabled modules. """ from netprofile_core.models import NPModule if moddef not in self.modules: logger.error( 'Can\'t find module \'%s\'. Verify installation and try again.', moddef) return False if moddef in self.loaded: if not self.unload(moddef): # pragma: no cover logger.error('Can\'t unload module \'%s\'.', moddef) return False sess = DBSession() try: mod = sess.query(NPModule).filter(NPModule.name == moddef).one() except NoResultFound: return False if mod.enabled == False: return True mod.enabled = False transaction.commit() return True
def get_settings(request): # FIXME: implement settings cache invalidation if 'auth.settings' in request.session: return request.session['auth.settings'] mmgr = request.registry.getUtility(IModuleManager) all_settings = mmgr.get_settings('user') user = request.user if user is None: ret = {} for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): if setting.default is None: continue ret['%s.%s.%s' % (moddef, sname, setting_name)] = setting.default else: sess = DBSession() ret = dict( (s.name, s.value) for s in sess.query(UserSetting).filter(UserSetting.user == user)) for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): fullname = '%s.%s.%s' % (moddef, sname, setting.name) if fullname in ret: ret[fullname] = setting.parse_param(ret[fullname]) elif setting.default is not None: ret[fullname] = setting.default request.session['auth.settings'] = ret return ret
def task_generate(srv_ids=(), station_ids=()): cfg = app.settings factory = ConfigGeneratorFactory(cfg, app.mmgr) ret = [] sess = DBSession() loc = sys_localizer(app.mmgr.cfg.registry) q = sess.query(Server) if len(srv_ids) > 0: q = q.filter(Server.id.in_(srv_ids)) if len(station_ids) > 0: q = q.filter(Server.host_id.in_(station_ids)) for srv in q: gen = factory.get(srv.type.generator_name) logger.info('Generating config of type %s for host %s', srv.type.generator_name, str(srv.host)) gen.generate(srv) ret.append(loc.translate(_('Successfully generated %s configuration for host %s.')) % ( srv.type.name, str(srv.host) )) hosts = factory.deploy() ret.append(loc.translate(_('Successfully deployed configuration for hosts: %s.')) % (', '.join(hosts),)) factory.restore_umask() transaction.commit() return ret
def _dyn_prep_tpl(params, req): objid = params.get('objid') objtype = params.get('objtype') if (not objid) or (not objtype): raise ValueError('No object specified') docid = params.get('docid') if not docid: raise ValueError('No document specified') sess = DBSession() docid = int(docid) doc = sess.query(Document).get(docid) if not doc: raise KeyError('No such document') config = { 'docid': docid, 'code': doc.code, 'name': doc.name, 'type': doc.type, 'vars': doc.variables, 'body': doc.body } tpl_vars = {} form_fields = [] req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req) req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req) return { 'success': True, 'doc': config, 'vars': tpl_vars, 'form': form_fields }
def find_princs_digest(param, request): sess = DBSession() try: user = sess.query(User).filter(User.state == UserState.active, User.enabled.is_(True), User.login == param['username']).one() except NoResultFound: return None if not user.password_ha1: return None req_path = unquote(request.path.lower()) uri_path = unquote(param['uri'].lower()) if req_path != uri_path: return None ha2 = hashlib.md5(('%s:%s' % (request.method, param['uri'])).encode()).hexdigest() data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'], 'auth', ha2) resp = hashlib.md5(('%s:%s' % (user.password_ha1, data)).encode()).hexdigest() if hmac.compare_digest(resp, param['response']): groups = ['g:%s' % (user.group.name,)] for sgr in user.secondary_groups: if sgr == user.group: continue groups.append('g:%s' % (sgr.name,)) return groups return None
def get_settings(request): # FIXME: implement settings cache invalidation if 'auth.settings' in request.session: return request.session['auth.settings'] mmgr = request.registry.getUtility(IModuleManager) all_settings = mmgr.get_settings('user') user = request.user if user is None: ret = {} for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): if setting.default is None: continue ret['%s.%s.%s' % (moddef, sname, setting_name)] = setting.default else: sess = DBSession() ret = dict( (s.name, s.value) for s in sess.query(UserSetting).filter(UserSetting.user == user)) for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): fullname = '%s.%s.%s' % (moddef, sname, setting.name) if fullname in ret: ret[fullname] = setting.parse_param(ret[fullname]) elif setting.default is not None: ret[fullname] = setting.default request.session['auth.settings'] = ret return ret
def dav_children(self): sess = DBSession() for ab in sess.query(AddressBook)\ .filter(AddressBook.user == self.user): ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self yield ab
def edit_record(request): loc = get_localizer(request) sess = DBSession() csrf = request.POST.get('csrf', '') user_domains = [ d.id for d in sess.query(PDNSDomain) .filter_by(account=str(request.user.id)) ] if csrf != request.get_csrf(): request.session.flash({ 'text': loc.translate(_('Error submitting form')), 'class': 'danger' }) return HTTPSeeOther(location=request.route_url('pdns.cl.domains')) else: rectype = request.POST.get('type', None) if rectype == "domain": domain = sess.query(PDNSDomain).filter_by( id=int(request.POST.get('domainid', None)) ).first() if domain.id in user_domains: domain.name = request.POST.get('hostName', None) domain.dtype = request.POST.get('hostType', None) domain.master = request.POST.get('hostValue', None) elif rectype == "record": record = sess.query(PDNSRecord).filter_by( id=int(request.POST.get('recordid', None)) ).first() if record.domain_id in user_domains: record.name = request.POST.get('name', None) record.content = request.POST.get('content', None) record.rtype = request.POST.get('rtype', None) record.ttl = request.POST.get('ttl', None) if record.ttl == '': record.ttl = None record.prio = request.POST.get('prio', None) if record.prio == '': record.prio = None sess.flush() return HTTPSeeOther(location=request.route_url( 'pdns.cl.domains', _query=(('sort', 'asc'),)) )
def __getitem__(self, name): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() # TODO: add access controls try: f = sess.query(FileFolder).filter(FileFolder.parent == root, FileFolder.name == name).one() except NoResultFound: try: f = sess.query(File).filter(File.folder == root, File.filename == name).one() except NoResultFound: raise KeyError('No such file or directory') f.__req__ = self.req f.__parent__ = self f.__plugin__ = self return f
def delete_record(request): # if d in GET, delete domain # if r in GET, delete record # before delete check if this record exists and belongs to auth_user # delete and redirect to main module page # use _query to add aditional params when redirecting loc = get_localizer(request) sess = DBSession() csrf = request.POST.get('csrf', '') user_domains = [ d.id for d in sess.query(PDNSDomain) .filter_by(account=str(request.user.id)) ] if csrf != request.get_csrf(): request.session.flash({ 'text': loc.translate(_('Error submitting form')), 'class': 'danger' }) return HTTPSeeOther( location=request.route_url('pdns.cl.domains'), _query=(('error', 'asc'),) ) else: domainid = request.POST.get('domainid', None) recid = request.POST.get('recordid', None) if domainid and not recid: domain = sess.query(PDNSDomain).filter_by( id=int(request.POST.get('domainid', None)) ).first() if domain.id in user_domains: sess.delete(domain) sess.flush() elif recid: record = sess.query(PDNSRecord).filter_by( id=int(request.POST.get('recordid', None)) ).first() if record.domain_id in user_domains: sess.delete(record) sess.flush() return HTTPSeeOther(location=request.route_url('pdns.cl.domains'))
def list_domains(request): loc = get_localizer(request) sess = DBSession() errmess = None csrf = request.POST.get('csrf', '') tpldef = {'errmessage': errmess} request.run_hook('access.cl.tpldef', tpldef, request) # if request.POST: # check csrf if 'submit' in request.POST: if csrf != request.get_csrf(): request.session.flash({ 'text': loc.translate(_('Error submitting form')), 'class': 'danger' }) return HTTPSeeOther(location=request.route_url('pdns.cl.domains')) # Get all the templates with associated fields templates = sess.query(PDNSTemplateType).join(PDNSTemplate).all() access_user = sess.query(AccessEntity).filter_by( nick=str(request.user) ).first() user_domains = sess.query(PDNSDomain).filter_by( account=str(request.user.id) ) records = [] for d in user_domains: recs = sess.query(PDNSRecord).filter_by(domain_id=d.id) for r in recs: records.append(r) tpldef.update({ 'req': request, 'formdata': request.POST, 'getparams': request.GET, 'accessuser': access_user, 'userdomains': user_domains, 'domainrecords': records, 'domain': None, 'templates': templates }) return tpldef
def __getitem__(self, name): sess = DBSession() try: u = sess.query(User).filter(User.login == name).one() except NoResultFound: raise KeyError('No such file or directory') u.__req__ = self.req u.__parent__ = self u.__plugin__ = self return u
def __getitem__(self, name): sess = DBSession() try: g = sess.query(Group).filter(Group.name == name).one() except NoResultFound: raise KeyError('No such file or directory') g.__req__ = self.req g.__parent__ = self g.__plugin__ = self return g
def __getitem__(self, name): sess = DBSession() try: u = sess.query(User).filter(User.login == name).one() except NoResultFound: raise KeyError('No such file or directory') ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self return ab
def get_user(request): sess = DBSession() userid = unauthenticated_userid(request) if userid is not None: from .models import AccessEntity try: return sess.query(AccessEntity).filter( AccessEntity.nick == userid).one() except NoResultFound: return None
def dav_collections(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in sess.query(FileFolder).filter(FileFolder.parent == root): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def get_user(request): sess = DBSession() userid = unauthenticated_userid(request) if userid is not None: try: return sess.query(ExternalOperationProvider).filter( ExternalOperationProvider.authentication_username == userid).one() except NoResultFound: return None
def __acl__(self): user = self.req.user root = user.group.effective_root_folder if root: rights = root.rights ff_user = '******' % root.user.login ff_group = 'g:%s' % root.group.name else: sess = DBSession() try: root_user = sess.query(User).get(global_setting('core.vfs.root_uid')) root_group = sess.query(Group).get(global_setting('core.vfs.root_gid')) except NoResultFound: return (DENY_ALL,) ff_user = '******' % root_user.login ff_group = 'g:%s' % root_group.name rights = global_setting('core.vfs.root_rights') return ( (Allow if (rights & F_OWNER_EXEC) else Deny, ff_user, 'access'), (Allow if (rights & F_OWNER_READ) else Deny, ff_user, 'read'), (Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'write'), (Allow if (rights & F_OWNER_EXEC) else Deny, ff_user, 'execute'), (Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'create'), (Allow if (rights & F_OWNER_WRITE) else Deny, ff_user, 'delete'), (Allow if (rights & F_GROUP_EXEC) else Deny, ff_group, 'access'), (Allow if (rights & F_GROUP_READ) else Deny, ff_group, 'read'), (Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'write'), (Allow if (rights & F_GROUP_EXEC) else Deny, ff_group, 'execute'), (Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'create'), (Allow if (rights & F_GROUP_WRITE) else Deny, ff_group, 'delete'), (Allow if (rights & F_OTHER_EXEC) else Deny, Everyone, 'access'), (Allow if (rights & F_OTHER_READ) else Deny, Everyone, 'read'), (Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'write'), (Allow if (rights & F_OTHER_EXEC) else Deny, Everyone, 'execute'), (Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'create'), (Allow if (rights & F_OTHER_WRITE) else Deny, Everyone, 'delete'), DENY_ALL )