Example #1
0
 def new_function(*args, **kw):
     """
     Wrapped function
     """
     start = time.time()
     request = _find_request(args)
     if not hasattr(request, 'user') or not hasattr(request, 'client'):
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     user = UserList.get_user_by_username(request.user.username)
     if user is None:
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     if not ApiToolbox.is_token_in_roles(request.token, roles):
         raise HttpForbiddenException(
             error_description='This call requires roles: {0}'.format(
                 ', '.join(roles)),
             error='invalid_roles')
     duration = time.time() - start
     result = f(*args, **kw)
     if isinstance(result, OVSResponse):
         result.timings['security'] = [duration, 'Security']
     return result
Example #2
0
 def _validate_access(self, backend, request):
     _ = self
     if not ApiToolbox.access_granted(request.client,
                                      user_rights=backend.user_rights,
                                      client_rights=backend.client_rights):
         raise HttpForbiddenException(
             error_description=
             'The requesting client has no access to this Backend',
             error='no_ownership')
Example #3
0
 def validate_access(self, backend, request):
     """
     :param backend: The Backend to validate
     :type backend: Backend
     :param request: The raw request
     :type request: Request
     """
     _ = self
     if not Toolbox.access_granted(request.client,
                                   user_rights=backend.user_rights,
                                   client_rights=backend.client_rights):
         raise HttpForbiddenException(error_description='The requesting client has no access to this Backend',
                                      error='no_ownership')
Example #4
0
 def retrieve(self, request, user):
     """
     Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to load
     :type user: User
     """
     if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(
             request.client, ['manage']):
         return user
     raise HttpForbiddenException(
         error_description='Fetching user information not allowed',
         error='no_ownership')
Example #5
0
 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     :param request: Raw request
     :type request: Request
     :param client: Client to return
     :type client: Client
     """
     _ = format
     if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         return client
     raise HttpForbiddenException(
         error_description='Fetching client information not allowed',
         error='no_ownership')
Example #6
0
 def new_function(*args, **kw):
     """
     Wrapped function
     """
     request = _find_request(args)
     if not hasattr(request, 'user') or not hasattr(request, 'client'):
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     user = UserList.get_user_by_username(request.user.username)
     if user is None:
         raise HttpUnauthorizedException(
             error_description='Not authenticated',
             error='not_authenticated')
     if not Toolbox.is_token_in_roles(request.token, roles):
         raise HttpForbiddenException(
             error_description='This call requires roles: {0}'.format(
                 ', '.join(roles)),
             error='invalid_roles')
     return f(*args, **kw)
Example #7
0
 def partial_update(self, contents, user, request):
     """
     Update a User
     :param request: The raw request
     :type request: Request
     :param user: The user to update
     :type user: User
     :param contents: The contents to update/return
     :type contents: str
     """
     contents = None if contents is None else contents.split(',')
     serializer = FullSerializer(User,
                                 contents=contents,
                                 instance=user,
                                 data=request.DATA)
     user = serializer.deserialize()
     if user.guid == request.client.user_guid:
         raise HttpForbiddenException(
             error_description='A user cannot update itself',
             error='impossible_request')
     user.save()
     return user
Example #8
0
 def destroy(self, request, client):
     """
     Deletes a user
     :param request: Raw request
     :type request: Request
     :param client: The Client to be deleted
     :type client: Client
     :return: None
     :rtype: None
     """
     if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
             request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
     else:
         return HttpForbiddenException(
             error_description='Deleting this client is now allowed',
             error='no_ownership')
Example #9
0
 def set_password(self, request, user, new_password):
     """
     Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to update the password from
     :type user: User
     :param new_password: The new password to be set
     :type new_password: str
     """
     if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(
             request.client, ['manage']):
         user.password = hashlib.sha256(str(new_password)).hexdigest()
         user.save()
         for client in user.clients:
             for token in client.tokens:
                 for junction in token.roles:
                     junction.delete()
                 token.delete()
         return user
     raise HttpForbiddenException(
         error_description='Updating password not allowed',
         error='impossible_request')
Example #10
0
 def destroy(self, request, user):
     """
     Deletes a user
     :param request: The raw request
     :type request: Request
     :param user: The user to delete
     :type user: User
     :return: None
     :rtype: None
     """
     if request.client.user_guid == user.guid:
         raise HttpForbiddenException(
             error_description='A user cannot delete itself',
             error='impossible_request')
     for client in user.clients:
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
     user.delete()
     return None