def rest_delete_file(bucket_id, file_name): """ Deletes file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ # 1 check auth. if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2 only owner is allowed to delete if int(g.user.get_id()) != bucket_id: return "403" # 3 check if this combination really exists elements = dbSession.query(Userfile).filter((Userfile.folder == bucket_id), (Userfile.name == file_name)).first() if elements is None: dbSession.remove() return "404" # 4 try a delete-atempt # ATT [here an exception can lead to desynchronized states] if storageinterface.file_exists(bucket_id, file_name): storageinterface.delete_file(bucket_id, file_name) # no cascade possible, therfore we must remove the foreign-key there manually references = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == elements.id) for ref in references: dbSession.delete(ref) dbSession.delete(elements) dbSession.commit() dbSession.remove() return "200" dbSession.remove() return "500" # something went wrong
def rest_delete_container(bucket_id): """ Deletes specified container :param int bucket_id: The bucket to delete :return file: 200 Page """ # 1. check if logged in user is owner of bucket if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized if int(g.user.get_id()) != bucket_id: return "403" # Forbidden # ATT: all files in bucket must be deleted in db # can be replaced via bulkrequest, but this needs more attention, because errors are made easily and db could be out of synch [foreign keys and so on]! files_in_bucket = dbSession.query(Userfile).filter(Userfile.folder == bucket_id) for content in files_in_bucket: connectors = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == content.id) for connect in connectors: dbSession.delete(connect) dbSession.delete(content) user = dbSession.query(User).filter(User.id == bucket_id).first() dbSession.delete(user) dbSession.commit() storageinterface.delete_container(bucket_id) dbSession.remove() return "200"
def rest_delete_container(bucket_id): """ Deletes specified container :param int bucket_id: The bucket to delete :return file: 200 Page """ # 1. check if logged in user is owner of bucket if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized if int(g.user.get_id()) != bucket_id: return "403" # Forbidden # ATT: all files in bucket must be deleted in db # can be replaced via bulkrequest, but this needs more attention, because errors are made easily and db could be out of synch [foreign keys and so on]! files_in_bucket = dbSession.query(Userfile).filter( Userfile.folder == bucket_id) for content in files_in_bucket: connectors = dbSession.query(UserUserfile).filter( UserUserfile.userfile_id == content.id) for connect in connectors: dbSession.delete(connect) dbSession.delete(content) user = dbSession.query(User).filter(User.id == bucket_id).first() dbSession.delete(user) dbSession.commit() storageinterface.delete_container(bucket_id) dbSession.remove() return "200"
def rest_delete_file(bucket_id, file_name): """ Deletes file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ # 1 check auth. if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2 only owner is allowed to delete if int(g.user.get_id()) != bucket_id: return "403" # 3 check if this combination really exists elements = dbSession.query(Userfile).filter( (Userfile.folder == bucket_id), (Userfile.name == file_name)).first() if elements is None: dbSession.remove() return "404" # 4 try a delete-atempt # ATT [here an exception can lead to desynchronized states] if storageinterface.file_exists(bucket_id, file_name): storageinterface.delete_file(bucket_id, file_name) # no cascade possible, therfore we must remove the foreign-key there manually references = dbSession.query(UserUserfile).filter( UserUserfile.userfile_id == elements.id) for ref in references: dbSession.delete(ref) dbSession.delete(elements) dbSession.commit() dbSession.remove() return "200" dbSession.remove() return "500" # something went wrong
def rest_syncdb_share_file_permission(): name_file_owner = request.json['name_file_owner'] share_username = request.json['username'] permission = request.json['permission'] file_name = request.json['file_name'] etcd_client = init_etcd_connection() commit_key = '/setPermission/' + share_username + '_' + file_name + '/' + 'commit' async_commit_queue = Queue() async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue) async_commit_data.daemon = True async_commit_data.start() key_path = 'setPermission/' + share_username + '_' + file_name + '/' + 'ack_' + cloudplatform print ">>>>>>>>> REST API >>>>>>>>>>>>>>" print "key: " + key_path etcd_client.write(key_path, 2) print ">>>>> REST API: wrote to etcd..." print ">>>>>>>>> REST API >>>>>>>>>>>>>>" async_commit_data.join() commit_res = async_commit_queue.get() print ">>>> commit result: " + commit_res if commit_res == "1": user_file_owner = dbSession.query(User).filter( User.username == name_file_owner).first() print "got owner: " + str(user_file_owner.id) user = dbSession.query(User).filter( User.username == share_username).first() print "shared user: "******"userfile" + str(userfile.id) useruserfile = dbSession.query(UserUserfile).filter( UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() print "useruserfile" if useruserfile is not None: print "entry available" useruserfile.permission = permission dbSession.commit() else: print("set useruserfile") useruserfile = UserUserfile(userfile, user, permission) dbSession.add(useruserfile) dbSession.commit() etcd_client.write(key_path, 3) dbSession.remove() return "200"
def rest_syncdb_share_file_permission(): name_file_owner = request.json['name_file_owner'] share_username = request.json['username'] permission = request.json['permission'] file_name = request.json['file_name'] etcd_client = init_etcd_connection() commit_key = '/setPermission/' + share_username + '_' + file_name + '/' + 'commit' async_commit_queue = Queue() async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue) async_commit_data.daemon = True async_commit_data.start() key_path = 'setPermission/' + share_username + '_' + file_name + '/' + 'ack_' + cloudplatform print ">>>>>>>>> REST API >>>>>>>>>>>>>>" print "key: " + key_path etcd_client.write(key_path, 2) print ">>>>> REST API: wrote to etcd..." print ">>>>>>>>> REST API >>>>>>>>>>>>>>" async_commit_data.join() commit_res = async_commit_queue.get() print ">>>> commit result: " + commit_res if commit_res == "1": user_file_owner = dbSession.query(User).filter(User.username == name_file_owner).first() print "got owner: " + str(user_file_owner.id) user = dbSession.query(User).filter(User.username == share_username).first() print "shared user: "******"userfile" + str(userfile.id) useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() print "useruserfile" if useruserfile is not None: print "entry available" useruserfile.permission = permission dbSession.commit() else: print("set useruserfile") useruserfile = UserUserfile(userfile, user, permission) dbSession.add(useruserfile) dbSession.commit() etcd_client.write(key_path, 3) dbSession.remove() return "200"
def register(): """ UserName Password Register :return file: either the register page or the homepage """ if g.user is not None and g.user.is_authenticated(): return redirect(url_for('home')) form = RegisterForm() error = None if form.validate_on_submit(): # generate randomness salt = uuid.uuid4().hex # hashing password user = dbSession.query(User).filter( User.username == request.form['username']).first() email = dbSession.query(User).filter( User.email == request.form['email']).first() if user is not None: error = 'username is already taken' elif email is not None: error = 'email was already used' else: user_string = "registerUser/" + form.username.data + '/' password = hashlib.sha256( salt.encode() + form.password.data.encode()).hexdigest() + ':' + salt data = { 'username': form.username.data, 'email': form.email.data, 'password': password, 'sso': 'none' } rest_url = '/storage/api/v1.0/syncdb/registeruser' # call synchronization between cloud dbs res_db_sync = db_cloud_sync(user_string, rest_url, data) print "register: res_db_sync: " + str(res_db_sync) if res_db_sync == -1: error == '+++++ registration fails, please try it again' else: print "+++++ sending was successfull" # login new user dbSession_new = scoped_session( sessionmaker(autocommit=False, bind=dbEngine)) user = dbSession_new.query(User).filter( User.username == request.form['username']).first() login_user(user) dbSession.remove() return redirect(url_for('home')) dbSession.remove() return render_template('register.html', form=form, error=error)
def rest_syncdb_register_user(): new_username = request.json['username'] new_email = request.json['email'] new_password = request.json['password'] new_sso = request.json['sso'] user = dbSession.query(User).filter(User.username == new_username).first() email = dbSession.query(User).filter(User.email == new_email).first() etcd_client = init_etcd_connection() commit_key = "/registerUser/" + new_username + '/' + 'commit' async_commit_queue = Queue() async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue) async_commit_data.daemon = True async_commit_data.start() if user is not None: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform etcd_client.write(user_key, 1) elif email is not None: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform etcd_client.write(user_key, 1) else: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform print ">>>>>>>>> REST API >>>>>>>>>>>>>>" print "user_key: " + user_key etcd_client.write(user_key, 2) print ">>>>> REST API: wrote to etcd..." print ">>>>>>>>> REST API >>>>>>>>>>>>>>" async_commit_data.join() commit_res = async_commit_queue.get() print ">>>> commit result: " + commit_res if commit_res == "1": user = User( username=new_username, email=new_email, password=new_password, sso=new_sso ) # save new user in database dbSession.add(user) dbSession.commit() # create container/bucket for the new registered user storageinterface.create_container(user.get_id()) etcd_client.write(user_key, 3) dbSession.remove() return "200"
def rest_syncfile_save_file_tmp(user_email, file_name): print "rest_syncfile_save_file_tmp: ..." if request.method == 'POST': # set tmp suffix for saving the file only temporary file_name += "_tmp" # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter( Userfile.name == file_name).first() user = dbSession.query(User).filter(User.email == user_email).first() user_id = user.get_id() print("-------------> found user with email : " + user_email + " and bucket id : " + user_id) if userfile is None: if user is None: return "403" # Forbidden userfile = Userfile(user_id, file_name) useruserfile = UserUserfile(userfile, user, 6) dbSession.add(userfile) dbSession.add(useruserfile) dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter( UserUserfile.user_id == user_id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: print("return 403") dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient content = request.json['content'] print("-------------------------------------------------------------") print( "Received an external POST in order to save following file temporarily" ) print("content: " + content) print("user email: " + user_email) print("bucketid: " + str(user_id)) print("file_name: " + file_name) print("-------------------------------------------------------------") response = "500" if storageinterface.upload_from_text(user_id, file_name, content): response = "200" file_string = "saveFile_tmp/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform etcd_client = init_etcd_connection() etcd_client.write(file_string, 2) dbSession.remove() return response
def register(): """ UserName Password Register :return file: either the register page or the homepage """ if g.user is not None and g.user.is_authenticated(): return redirect(url_for('home')) form = RegisterForm() error = None if form.validate_on_submit(): # generate randomness salt = uuid.uuid4().hex # hashing password user = dbSession.query(User).filter(User.username == request.form['username']).first() email = dbSession.query(User).filter(User.email == request.form['email']).first() if user is not None: error = 'username is already taken' elif email is not None: error = 'email was already used' else: user_string = "registerUser/" + form.username.data + '/' password = hashlib.sha256( salt.encode() + form.password.data.encode()).hexdigest() + ':' + salt data = { 'username': form.username.data, 'email': form.email.data, 'password': password, 'sso': 'none' } rest_url = '/storage/api/v1.0/syncdb/registeruser' # call synchronization between cloud dbs res_db_sync = db_cloud_sync(user_string, rest_url, data) print "register: res_db_sync: " + str(res_db_sync) if res_db_sync == -1: error == '+++++ registration fails, please try it again' else: print "+++++ sending was successfull" # login new user dbSession_new = scoped_session(sessionmaker(autocommit=False, bind=dbEngine)) user = dbSession_new.query(User).filter(User.username == request.form['username']).first() login_user(user) dbSession.remove() return redirect(url_for('home')) dbSession.remove() return render_template('register.html', form=form, error=error)
def rest_syncdb_register_user(): new_username = request.json['username'] new_email = request.json['email'] new_password = request.json['password'] new_sso = request.json['sso'] user = dbSession.query(User).filter(User.username == new_username).first() email = dbSession.query(User).filter(User.email == new_email).first() etcd_client = init_etcd_connection() commit_key = "/registerUser/" + new_username + '/' + 'commit' async_commit_queue = Queue() async_commit_data = FuncThread(listen_commit_status, etcd_client, commit_key, async_commit_queue) async_commit_data.daemon = True async_commit_data.start() if user is not None: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform etcd_client.write(user_key, 1) elif email is not None: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform etcd_client.write(user_key, 1) else: user_key = "registerUser/" + new_username + '/' + 'ack_' + cloudplatform print ">>>>>>>>> REST API >>>>>>>>>>>>>>" print "user_key: " + user_key etcd_client.write(user_key, 2) print ">>>>> REST API: wrote to etcd..." print ">>>>>>>>> REST API >>>>>>>>>>>>>>" async_commit_data.join() commit_res = async_commit_queue.get() print ">>>> commit result: " + commit_res if commit_res == "1": user = User(username=new_username, email=new_email, password=new_password, sso=new_sso) # save new user in database dbSession.add(user) dbSession.commit() # create container/bucket for the new registered user storageinterface.create_container(user.get_id()) etcd_client.write(user_key, 3) dbSession.remove() return "200"
def rest_download_file_to_text(bucket_id, file_name): """ Returns specified file in container as text :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return string: The file as a string """ # 1 check if user is auth if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized userfile = dbSession.query(UserUserfile, Userfile).filter(UserUserfile.userfile_id == Userfile.id, Userfile.name == file_name, UserUserfile.user_id == g.user.get_id(), Userfile.folder == bucket_id).first() if userfile is None: dbSession.remove() return "404" # Not found if int(userfile.UserUserfile.permission) < 4: dbSession.remove() return "403" value = storageinterface.download_file_to_text(bucket_id, file_name) if value is None: # FIXME wat do in this case? print('Database out of synch with storage!') value = "" dbSession.remove() return value
def login(): """ UserName Password Login :return file: Either the homepage or the loginpage """ if g.user is not None and g.user.is_authenticated(): return redirect(url_for('home')) error = None form = LoginForm(request.form) if request.method == 'POST': if form.validate_on_submit(): user = dbSession.query(User).filter(User.username == request.form['username']).first() if user is not None and user.sso == "none": password, salt = user.password.split(':') if password == hashlib.sha256(salt.encode() + request.form['password'].encode()).hexdigest(): session['remember_me'] = form.remember_me.data login_user(user) dbSession.remove() return redirect(request.args.get('next') or url_for('home')) else: error = 'Invalid password' else: error = 'Invalid username' dbSession.remove() return render_template('login.html', form=form, error=error)
def login(): """ UserName Password Login :return file: Either the homepage or the loginpage """ if g.user is not None and g.user.is_authenticated(): return redirect(url_for('home')) error = None form = LoginForm(request.form) if request.method == 'POST': if form.validate_on_submit(): user = dbSession.query(User).filter( User.username == request.form['username']).first() if user is not None and user.sso == "none": password, salt = user.password.split(':') if password == hashlib.sha256( salt.encode() + request.form['password'].encode()).hexdigest(): session['remember_me'] = form.remember_me.data login_user(user) dbSession.remove() return redirect( request.args.get('next') or url_for('home')) else: error = 'Invalid password' else: error = 'Invalid username' dbSession.remove() return render_template('login.html', form=form, error=error)
def rest_download_file_to_text(bucket_id, file_name): """ Returns specified file in container as text :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return string: The file as a string """ # 1 check if user is auth if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized userfile = dbSession.query(UserUserfile, Userfile).filter( UserUserfile.userfile_id == Userfile.id, Userfile.name == file_name, UserUserfile.user_id == g.user.get_id(), Userfile.folder == bucket_id).first() if userfile is None: dbSession.remove() return "404" # Not found if int(userfile.UserUserfile.permission) < 4: dbSession.remove() return "403" value = storageinterface.download_file_to_text(bucket_id, file_name) if value is None: # FIXME wat do in this case? print('Database out of synch with storage!') value = "" dbSession.remove() return value
def rest_syncfile_save_file_tmp(user_email, file_name): print "rest_syncfile_save_file_tmp: ..." if request.method == 'POST': # set tmp suffix for saving the file only temporary file_name += "_tmp" # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first() user = dbSession.query(User).filter(User.email == user_email).first() user_id = user.get_id() print("-------------> found user with email : " + user_email + " and bucket id : " + user_id) if userfile is None: if user is None: return "403" # Forbidden userfile = Userfile(user_id, file_name) useruserfile = UserUserfile(userfile, user, 6) dbSession.add(userfile) dbSession.add(useruserfile) dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user_id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: print("return 403") dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient content = request.json['content'] print("-------------------------------------------------------------") print("Received an external POST in order to save following file temporarily") print("content: " + content) print("user email: " + user_email) print("bucketid: " + str(user_id)) print("file_name: " + file_name) print("-------------------------------------------------------------") response = "500" if storageinterface.upload_from_text(user_id, file_name, content): response = "200" file_string = "saveFile_tmp/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform etcd_client = init_etcd_connection() etcd_client.write(file_string, 2) dbSession.remove() return response
def load_user(id): """ Function for LoginManager to get a user with specific id :param string/int id: the id of the user to load """ user = dbSession.query(User).filter(User.id == int(id)).first() dbSession.remove() return user
def google_authorized(resp): """ Function that gets called by Google oauth after a login :param resp: the response by google :return file: Homepage or fail page """ next_url = request.args.get('next') or url_for('home') if resp is None: # The user likely denied the request # TODO: excalate error to user: '******' return redirect(next_url) try: session['oauth_token'] = (resp['access_token'], '') except: return "400" user_data = google.get('/userinfo/v2/me').data user = dbSession.query(User).filter( User.email == user_data['email']).first() if user is None: user_string = "registerUser/" + user_data['id'] + '/' rest_url = '/storage/api/v1.0/syncdb/registeruser' data = { 'username': user_data['id'], 'email': user_data['email'], 'password': "******", 'sso': 'google' } res_db_sync = db_cloud_sync(user_string, rest_url, data) if res_db_sync == -1: error = '+++++ registration fails, please try it again' print error else: print "+++++ sending was successfull" # login new user dbSession_new = scoped_session( sessionmaker(autocommit=False, bind=dbEngine)) user = dbSession_new.query(User).filter( User.email == user_data['email']).first() login_user(user) else: login_user(user) dbSession.remove() return redirect(next_url)
def google_authorized(resp): """ Function that gets called by Google oauth after a login :param resp: the response by google :return file: Homepage or fail page """ next_url = request.args.get('next') or url_for('home') if resp is None: # The user likely denied the request # TODO: excalate error to user: '******' return redirect(next_url) try: session['oauth_token'] = (resp['access_token'], '') except: return "400" user_data = google.get('/userinfo/v2/me').data user = dbSession.query(User).filter(User.email == user_data['email']).first() if user is None: user_string = "registerUser/" + user_data['id'] + '/' rest_url = '/storage/api/v1.0/syncdb/registeruser' data = { 'username': user_data['id'], 'email': user_data['email'], 'password': "******", 'sso': 'google' } res_db_sync = db_cloud_sync(user_string, rest_url, data) if res_db_sync == -1: error = '+++++ registration fails, please try it again' print error else: print "+++++ sending was successfull" # login new user dbSession_new = scoped_session(sessionmaker(autocommit=False, bind=dbEngine)) user = dbSession_new.query(User).filter(User.email == user_data['email']).first() login_user(user) else: login_user(user) dbSession.remove() return redirect(next_url)
def rest_overwrite_file_from_text(bucket_id, file_name): """ Uploads text to file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ # 1 check auth. if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2 check if this file really exists element = dbSession.query(Userfile).filter( (Userfile.folder == bucket_id), (Userfile.name == file_name)).first() if element is None: dbSession.remove() return "404" print(element.name) # 3 get this file again, just to check with right permissions file_ = dbSession.query(UserUserfile, Userfile).filter( UserUserfile.userfile_id == Userfile.id, UserUserfile.user_id == g.user.get_id(), or_(UserUserfile.permission == 2, UserUserfile.permission == 6), Userfile.folder == bucket_id, Userfile.name == file_name).first() if file_ is None: dbSession.remove() return '403' # because file exists, this means user has no right to manipulate print(file_.Userfile.name) # 4 send new element content = request.json['content'] response = "200" if not storageinterface.upload_from_text(bucket_id, file_name, content): response = "500" print(response) dbSession.remove() return response
def rest_overwrite_file_from_text(bucket_id, file_name): """ Uploads text to file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ # 1 check auth. if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2 check if this file really exists element = dbSession.query(Userfile).filter((Userfile.folder == bucket_id), (Userfile.name == file_name)).first() if element is None: dbSession.remove() return "404" print(element.name) # 3 get this file again, just to check with right permissions file_ = dbSession.query(UserUserfile, Userfile).filter(UserUserfile.userfile_id == Userfile.id, UserUserfile.user_id == g.user.get_id(), or_(UserUserfile.permission == 2, UserUserfile.permission == 6), Userfile.folder == bucket_id, Userfile.name == file_name).first() if file_ is None: dbSession.remove() return '403' # because file exists, this means user has no right to manipulate print(file_.Userfile.name) # 4 send new element content = request.json['content'] response = "200" if not storageinterface.upload_from_text(bucket_id, file_name, content): response = "500" print(response) dbSession.remove() return response
def rest_list_files(bucket_id): """ Lists files in container :param int bucket_id: The bucket to list :return string: Json object containing the list of files """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized if int(g.user.get_id()) != bucket_id: return "403" # gets every file of g.user files = dbSession.query(Userfile.name).filter(Userfile.folder == g.user.get_id()).order_by(Userfile.name) data = [] for _iter_ in files: data.append(_iter_[0]) json_string = json.dumps(data) # print(json_string) dbSession.remove() return json_string
def rest_share_list_files_read(): """ Lists files with permission >0 :return string: json with all files with permission > 0 """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 1: gets every file with permission > 4 for g.user # Sample-SQL-command # SELECT user.username, user_userfile.permission,userfile.id,userfile.folder,userfile.name FROM user_userfile,userfile JOIN user ON user.id = userfile.folder WHERE user_userfile.userfile_id = userfile.id AND user_userfile.user_id = g.user.get_id() ; files = dbSession.query(UserUserfile, Userfile, User).filter(User.id == Userfile.folder, UserUserfile.userfile_id == Userfile.id, UserUserfile.user_id == g.user.get_id(), UserUserfile.permission >= 4) # 2 create json with data data = [] for _iter_ in files: data.append([_iter_.User.username, _iter_.Userfile.name, _iter_.User.id]) json_string = json.dumps(data) dbSession.remove() return json_string
def rest_share_list_files_read(): """ Lists files with permission >0 :return string: json with all files with permission > 0 """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 1: gets every file with permission > 4 for g.user # Sample-SQL-command # SELECT user.username, user_userfile.permission,userfile.id,userfile.folder,userfile.name FROM user_userfile,userfile JOIN user ON user.id = userfile.folder WHERE user_userfile.userfile_id = userfile.id AND user_userfile.user_id = g.user.get_id() ; files = dbSession.query(UserUserfile, Userfile, User).filter( User.id == Userfile.folder, UserUserfile.userfile_id == Userfile.id, UserUserfile.user_id == g.user.get_id(), UserUserfile.permission >= 4) # 2 create json with data data = [] for _iter_ in files: data.append( [_iter_.User.username, _iter_.Userfile.name, _iter_.User.id]) json_string = json.dumps(data) dbSession.remove() return json_string
def rest_list_files(bucket_id): """ Lists files in container :param int bucket_id: The bucket to list :return string: Json object containing the list of files """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized if int(g.user.get_id()) != bucket_id: return "403" # gets every file of g.user files = dbSession.query(Userfile.name).filter( Userfile.folder == g.user.get_id()).order_by(Userfile.name) data = [] for _iter_ in files: data.append(_iter_[0]) json_string = json.dumps(data) # print(json_string) dbSession.remove() return json_string
def rest_share_file(bucket_id, file_name): """ Sets permission for file in db :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ print "rest_share_file: ..." username = request.json['username'] permission = request.json['permission'] print "username: "******"permission: " + permission print "bucket id: " + str(bucket_id) print "filename: " + file_name # 1. check if logged in user is owner of file_name if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2. check if Owner of bucket is changing permissions if int(g.user.get_id()) != bucket_id: return "403" # Forbidden # 3. check if file in table Userfile exists userfile = dbSession.query(Userfile).filter(Userfile.folder == bucket_id, Userfile.name == file_name).first() if userfile is None: dbSession.remove() return "404" # Not found # 4. check if user_id in table User exists print("check user") user = dbSession.query(User).filter(User.username == username).first() if user is None: dbSession.remove() return "404" # Not found # 5. check if permission allready exists in table UserUserfile #user_file_owner user_file_owner = dbSession.query(User).filter(User.id == bucket_id).first() data = { 'name_file_owner': user_file_owner.username, 'permission': permission, 'bucket_id': bucket_id, 'file_name': file_name, 'username': username } print "Username Owner: " + user_file_owner.username print "file_name: " + file_name print "username: "******"503" else: ret_val = "200" dbSession.remove() return ret_val
def rest_syncfile_save_file(user_email, file_name): print "rest_syncfile_save_file: ..." if request.method == 'POST': # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first() user = dbSession.query(User).filter(User.email == user_email).first() user_id = user.get_id() print("-------------> found user with email : " + user_email + " and bucket id : " + user_id) if userfile is None: if user is None: return "403" # Forbidden userfile = Userfile(user_id, file_name) useruserfile = UserUserfile(userfile, user, 6) dbSession.add(userfile) dbSession.add(useruserfile) dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: print("return 403") dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient file_name_tmp = file_name+"_tmp" tmp_value = "" elements = dbSession.query(Userfile).filter((Userfile.folder == user_id), (Userfile.name == file_name_tmp)).first() if elements is None: dbSession.remove() return "404" if storageinterface.file_exists(user_id, file_name_tmp): # get tmp file that was saved before # get value of tmp file tmp_value = storageinterface.download_file_to_text(user_id, file_name_tmp) # delete tmp file storageinterface.delete_file(user_id, file_name_tmp) # no cascade possible, therfore we must remove the foreign-key there manually references = dbSession.query(UserUserfile).filter(UserUserfile.userfile_id == elements.id) for ref in references: dbSession.delete(ref) dbSession.delete(elements) dbSession.commit() dbSession.remove() #tmp_value = unicode(tmp_value,"utf-8") print("-------------------------------------------------------------") print("Received an external POST in order to save following file") print("content: " + tmp_value) print("user email: " + user_email) print("file_name: " + file_name) print("-------------------------------------------------------------") response = "500" if storageinterface.upload_from_text(user_id, file_name, tmp_value): response = "200" file_string = "saveFile/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform etcd_client = init_etcd_connection() etcd_client.write(file_string, 3) dbSession.remove() return response
def rest_upload_from_text(bucket_id, file_name): """ Uploads text to new file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter( Userfile.name == file_name).first() user = dbSession.query(User).filter(User.id == bucket_id).first() if userfile is None: if user is None: dbSession.remove() return "403" # Forbidden # userfile = Userfile(bucket_id, file_name) # useruserfile = UserUserfile(userfile, user, 6) # dbSession.add(userfile) # dbSession.add(useruserfile) # dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter( UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient content = request.json['content'] etcd_client = init_etcd_connection() file_string = "saveFile/" + str(user.id) + '_' + file_name + '/' # file_string = "saveFile/" + file_name + '/' # 150706 lars - zur besseren Unterscheidung der Dateien. async_ready_queue = Queue() thread_listen_ready_list = [] thread_counter_clouds = 0 for hoster in cloud_hoster: if cloud_hoster[hoster][1] is not None: hoster_string_ready = "/" + file_string + "ack_" + hoster pros = FuncThread(listen_ready_ack, etcd_client, hoster_string_ready, hoster, async_ready_queue) pros.daemon = True pros.start() thread_listen_ready_list.append(pros) thread_counter_clouds += 1 try: etcd_client.write(file_string, "", dir=True) except EtcdNotFile: for p in thread_listen_ready_list: p.terminate() print("terminate") else: # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_ready_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print "+++++ saveFile: ack listener finished..." data = {'content': content} email = current_user.email # create file string with _tmp suffix file_string_tmp = "saveFile_tmp/" + email + '_' + file_name + '_tmp/' async_receive_queue = Queue() thread_listen_receive_list = [] thread_counter_clouds = 0 for hoster in etcd_cloud_hoster: if etcd_cloud_hoster[hoster][1]: hoster_string_ready = "/" + file_string_tmp + "ack_" + hoster pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster, async_receive_queue, "2") pros.daemon = True pros.start() thread_listen_receive_list.append(pros) thread_counter_clouds = thread_counter_clouds + 1 async_send_data = FuncThread( send_sync_data, etcd_cloud_hoster, data, '/storage/api/v1.0/syncfile/savefile_tmp/' + email + '/' + file_name) async_send_data.daemon = True async_send_data.start() print "+++++ send save file temp data to clouds" # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_receive_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print "++++++++ all clouds have saved the file temporarily" file_string = "saveFile/" + email + '_' + file_name + '/' async_receive_queue = Queue() thread_listen_receive_list = [] thread_counter_clouds = 0 for hoster in etcd_cloud_hoster: if etcd_cloud_hoster[hoster][1]: hoster_string_ready = "/" + file_string + "ack_" + hoster pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster, async_receive_queue, "3") pros.daemon = True pros.start() thread_listen_receive_list.append(pros) thread_counter_clouds = thread_counter_clouds + 1 async_send_data = FuncThread( send_sync_data, etcd_cloud_hoster, data, '/storage/api/v1.0/syncfile/savefile/' + email + '/' + file_name) async_send_data.daemon = True async_send_data.start() print "+++++ send save file data to clouds" # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_receive_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print "++++++++ all clouds have saved the file" response = "200" # if not storageinterface.upload_from_text(bucket_id, file_name, content): # response = "500" dbSession.remove() return response
def rest_upload_from_text(bucket_id, file_name): """ Uploads text to new file in container :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter(Userfile.name == file_name).first() user = dbSession.query(User).filter(User.id == bucket_id).first() if userfile is None: if user is None: dbSession.remove() return "403" # Forbidden # userfile = Userfile(bucket_id, file_name) # useruserfile = UserUserfile(userfile, user, 6) # dbSession.add(userfile) # dbSession.add(useruserfile) # dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter(UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient content = request.json['content'] etcd_client = init_etcd_connection() file_string = "saveFile/" + str(user.id) + '_' + file_name + '/' # file_string = "saveFile/" + file_name + '/' # 150706 lars - zur besseren Unterscheidung der Dateien. async_ready_queue = Queue() thread_listen_ready_list = [] thread_counter_clouds = 0 for hoster in cloud_hoster: if cloud_hoster[hoster][1] is not None: hoster_string_ready = "/" + file_string + "ack_" + hoster pros = FuncThread(listen_ready_ack, etcd_client, hoster_string_ready, hoster, async_ready_queue) pros.daemon = True pros.start() thread_listen_ready_list.append(pros) thread_counter_clouds += 1 try: etcd_client.write(file_string, "", dir=True) except EtcdNotFile: for p in thread_listen_ready_list: p.terminate() print("terminate") else: # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_ready_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print "+++++ saveFile: ack listener finished..." data = { 'content': content } email = current_user.email # create file string with _tmp suffix file_string_tmp = "saveFile_tmp/" + email + '_' + file_name + '_tmp/' async_receive_queue = Queue() thread_listen_receive_list = [] thread_counter_clouds = 0 for hoster in etcd_cloud_hoster: if etcd_cloud_hoster[hoster][1]: hoster_string_ready = "/" + file_string_tmp + "ack_" + hoster pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster, async_receive_queue, "2") pros.daemon = True pros.start() thread_listen_receive_list.append(pros) thread_counter_clouds = thread_counter_clouds + 1 async_send_data = FuncThread(send_sync_data, etcd_cloud_hoster, data, '/storage/api/v1.0/syncfile/savefile_tmp/' + email + '/' + file_name) async_send_data.daemon = True async_send_data.start() print "+++++ send save file temp data to clouds" # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_receive_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print"++++++++ all clouds have saved the file temporarily" file_string = "saveFile/" + email + '_' + file_name + '/' async_receive_queue = Queue() thread_listen_receive_list = [] thread_counter_clouds = 0 for hoster in etcd_cloud_hoster: if etcd_cloud_hoster[hoster][1]: hoster_string_ready = "/" + file_string + "ack_" + hoster pros = FuncThread(listen_ack_etcd, etcd_client, hoster_string_ready, hoster, async_receive_queue, "3") pros.daemon = True pros.start() thread_listen_receive_list.append(pros) thread_counter_clouds = thread_counter_clouds + 1 async_send_data = FuncThread(send_sync_data, etcd_cloud_hoster, data, '/storage/api/v1.0/syncfile/savefile/' + email + '/' + file_name) async_send_data.daemon = True async_send_data.start() print "+++++ send save file data to clouds" # wait for all listen_ack processes for p in thread_listen_ready_list: p.join() etcd_cloud_hoster = cloud_hoster # evaluate results from queue for i in range(0, thread_counter_clouds): result = async_receive_queue.get() for r in result: if result[r][0]: etcd_cloud_hoster[r][0] = True print"++++++++ all clouds have saved the file" response = "200" # if not storageinterface.upload_from_text(bucket_id, file_name, content): # response = "500" dbSession.remove() return response
def rest_share_file(bucket_id, file_name): """ Sets permission for file in db :param int bucket_id: The bucket in which the file is in :param string file_name: The name of the file :return file: a status response """ print "rest_share_file: ..." username = request.json['username'] permission = request.json['permission'] print "username: "******"permission: " + permission print "bucket id: " + str(bucket_id) print "filename: " + file_name # 1. check if logged in user is owner of file_name if g.user is None or not g.user.is_authenticated(): return "401" # Unauthorized # 2. check if Owner of bucket is changing permissions if int(g.user.get_id()) != bucket_id: return "403" # Forbidden # 3. check if file in table Userfile exists userfile = dbSession.query(Userfile).filter( Userfile.folder == bucket_id, Userfile.name == file_name).first() if userfile is None: dbSession.remove() return "404" # Not found # 4. check if user_id in table User exists print("check user") user = dbSession.query(User).filter(User.username == username).first() if user is None: dbSession.remove() return "404" # Not found # 5. check if permission allready exists in table UserUserfile #user_file_owner user_file_owner = dbSession.query(User).filter( User.id == bucket_id).first() data = { 'name_file_owner': user_file_owner.username, 'permission': permission, 'bucket_id': bucket_id, 'file_name': file_name, 'username': username } print "Username Owner: " + user_file_owner.username print "file_name: " + file_name print "username: "******"503" else: ret_val = "200" dbSession.remove() return ret_val
def rest_syncfile_save_file(user_email, file_name): print "rest_syncfile_save_file: ..." if request.method == 'POST': # if file doesnt exists -> logged in user must be bucket_id -> add permission to UserUserfiles userfile = dbSession.query(Userfile).filter( Userfile.name == file_name).first() user = dbSession.query(User).filter(User.email == user_email).first() user_id = user.get_id() print("-------------> found user with email : " + user_email + " and bucket id : " + user_id) if userfile is None: if user is None: return "403" # Forbidden userfile = Userfile(user_id, file_name) useruserfile = UserUserfile(userfile, user, 6) dbSession.add(userfile) dbSession.add(useruserfile) dbSession.commit() # if file exists -> check if file_name, user_id is found with right permission in UserUserfiles else: useruserfile = dbSession.query(UserUserfile).filter( UserUserfile.user_id == user.id, UserUserfile.userfile_id == userfile.id).first() if useruserfile is None or useruserfile.permission < 6: print("return 403") dbSession.remove() return '403' # redirect(url_for('403')) # No permission found or permission not sufficient file_name_tmp = file_name + "_tmp" tmp_value = "" elements = dbSession.query(Userfile).filter( (Userfile.folder == user_id), (Userfile.name == file_name_tmp)).first() if elements is None: dbSession.remove() return "404" if storageinterface.file_exists(user_id, file_name_tmp): # get tmp file that was saved before # get value of tmp file tmp_value = storageinterface.download_file_to_text( user_id, file_name_tmp) # delete tmp file storageinterface.delete_file(user_id, file_name_tmp) # no cascade possible, therfore we must remove the foreign-key there manually references = dbSession.query(UserUserfile).filter( UserUserfile.userfile_id == elements.id) for ref in references: dbSession.delete(ref) dbSession.delete(elements) dbSession.commit() dbSession.remove() #tmp_value = unicode(tmp_value,"utf-8") print("-------------------------------------------------------------") print("Received an external POST in order to save following file") print("content: " + tmp_value) print("user email: " + user_email) print("file_name: " + file_name) print("-------------------------------------------------------------") response = "500" if storageinterface.upload_from_text(user_id, file_name, tmp_value): response = "200" file_string = "saveFile/" + user_email + '_' + file_name + '/' + 'ack_' + cloudplatform etcd_client = init_etcd_connection() etcd_client.write(file_string, 3) dbSession.remove() return response