def delete_status_message(): (success, data) = delete_orphan_status_message() if not success: make_error(data, 500) return make_ok(data=data)
def set_config_alienvault(system_id): param_names = [ 'framework_framework_ip', 'sensor_detectors', 'sensor_interfaces', 'sensor_mservers', 'sensor_networks', 'server_server_ip' ] (success, system_ip) = ret = get_system_ip_from_system_id(system_id) if not success: return make_error(system_ip, 500) set_values = {} for key, value in request.args.iteritems(): if key not in param_names: return make_error("Bad param %s" % key, 400) else: set_values[key] = value (success, config_values) = set_av_config(system_ip, set_values) if not success: current_app.logger.error("system: set_config_alienvault error: " + str(config_values)) return make_error( "Cannot set AlienVault configuration info %s" % str(config_values), 500) flush_cache(namespace="system") job = alienvault_asynchronous_reconfigure.delay(system_id) return make_ok(job_id=job.id)
def delete_host(host_id): (success, data) = delete_host_references(host_id) if not success: make_error(data, 500) return make_ok()
def set_config_general(system_id): param_names = ['general_admin_dns', 'general_admin_gateway', 'general_admin_ip', 'general_admin_netmask', 'general_hostname', 'general_mailserver_relay', 'general_mailserver_relay_passwd', 'general_mailserver_relay_port', 'general_mailserver_relay_user', 'general_ntp_server', 'firewall_active'] set_values = {} for key, value in request.args.iteritems(): if key not in param_names: return make_error("Bad param %s" % key, 400) else: set_values[key] = value (success, job_id) = set_system_config(system_id, set_values) if not success: return make_error("Error setting new configuration: %s" % job_id, 500) return make_ok(job_id=job_id)
def ossec_add_new_agent(sensor_id): """ Call API method to run ossec_create_new_agent script """ agent_name = request.args.get('agent_name', None) agent_ip = request.args.get('agent_ip', None) asset_id = request.args.get('asset_id', None) # Check valid input valid_str = re.compile('^[-.\w]+$') if not valid_str.match(agent_name) or not (is_valid_ipv4(agent_ip) or is_valid_ipv4_cidr(agent_ip)): return make_bad_request("Invalid agent name or address") # Now call the api method to create the new agent - If everything is right it returns the agent id of the new agent (success, data) = api_ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id) if not success: current_app.logger.error("ossec_agent: error creating new agent: " + str(data)) return make_error(data, 500) # Now we get the agent detail try: agent_id = data (success, data) = apimethod_ossec_get_agent_from_db(sensor_id, agent_id) except APIException as e: return make_error_from_exception(e) if success: return make_ok(agent_detail=data) else: return make_error(data, 500)
def login(): username = request.args.get('username') password = request.args.get('password') if username is None: return make_bad_request( API_i18n.error(i18nmsgs.MISSING_PARAMETER_USERNAME)) if password is None: return make_bad_request( API_i18n.error(i18nmsgs.MISSING_PARAMETER_PASSWORD)) if not is_valid_user(username): return make_bad_request(API_i18n.error(i18nmsgs.INVALID_USERNAME)) if not is_valid_user_password(password): return make_bad_request(API_i18n.error(i18nmsgs.INVALID_PASSWORD)) try: user = db.session.query(Users).filter_by(login=username).one() except NoResultFound: return make_error( API_i18n.error(i18nmsgs.INVALID_USERNAME_OR_PASSWORD), 401) except MultipleResultsFound: return make_error(API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING), 500) except Exception, e: return make_error( API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING, {"exception": str(e)}), 500)
def get_host_info_list(): (success, data) = get_host_details_list() if not success: make_error(data, 500) return make_ok(**data)
def get_sensor_detector_by_device(sensor_id): """ Return the [sensor]/plugin list for a given sensor :param sensor_id: The sensor which we want to get the data :param device_id: Filter by device (canonical uuid) """ (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: get_sensor_detector: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") device_id = request.args.get('device_id', None) # Now call the ansible module to obtain the [sensor]/iface (success, data) = get_sensor_detectors_from_yaml(sensor_ip) if not success: current_app.logger.error( "detector: get_sensor_detector_by_device: %s" % str(data)) return make_error("Error getting sensor plugins", 500) try: yaml_data = get_plugin_get_request_from_yml( data['contacted'][sensor_ip]['plugins'], device_id) except: return make_error( "Something wrong while parsing the yml file. %s" % data, 500) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(plugins=yaml_data)
def get_status(server_id): rc, server_ip = get_server_ip_from_server_id(server_id) if not rc: return make_error("Error while retrieving the server ip:%s" % server_ip, 500) rc, data = get_server_status(server_ip) if not rc: return make_error(data,500) return make_ok(result=rc, data=data)
def do_nmap_scan(): sensor_id = request.form.get('sensor_id', None) target = request.form.get('target', None) excludes = request.form.get('excludes', None) scan_type = request.form.get('scan_type', None) scan_timing = request.form.get('scan_timing', None) scan_ports = request.form.get('scan_ports', None) rdns = True if request.form.get('rdns', 'true') == 'true' else False autodetect = True if request.form.get('autodetect', 'true') == 'true' else False idm = True if request.form.get('idm', 'false') == 'true' else False targets = target.split(' ') ftargets = [] targets_number = 0 for t in targets: try: _ = IPAddress(t) ftargets.append(t) targets_number += 1 continue except: pass try: cidr = IPNetwork(t) ftargets.append(t) targets_number += cidr.size continue except: pass if len(ftargets) < 1: return make_error("No valid targets to scan", 500) try: # Delete all orphan scans which are running on background for current user. apimethod_delete_running_scans(current_user.login) except Exception as err: return make_error("Cannot flush old scans before running new nmap scan %s" % str(err), 500) targets = ','.join(ftargets) if targets and excludes: # Prepare new targets string with excludes. e.g "192.168.87.0/22,!192.168.87.222/32,!192.168.87.223/32" targets += ',' + ','.join(['!{}'.format(exclude_item) for exclude_item in excludes.split(',')]) job = run_nmap_scan.delay(sensor_id=sensor_id, target=targets, targets_number=targets_number, scan_type=scan_type, rdns=rdns, scan_timing=scan_timing, autodetect=autodetect, scan_ports=scan_ports, idm=idm, user=current_user.login) monitor_nmap_scan.delay(sensor_id=sensor_id, task_id=job.id) time.sleep(2) return make_ok(job_id=job.id)
def get_status(server_id): rc, server_ip = get_server_ip_from_server_id(server_id) if not rc: return make_error( "Error while retrieving the server ip:%s" % server_ip, 500) rc, data = get_server_status(server_ip) if not rc: return make_error(data, 500) return make_ok(result=rc, data=data)
def get_nmap_scan_status(task_id): try: job = apimethod_get_nmap_scan_status(task_id) except APINMAPScanKeyNotFound: return make_error("Task id not found", 404) except APINMAPScanException as exp: app.logger.error("Cannot retrieve the scan status {0}".format(str(exp))) return make_error("Cannot retrieve the scan status for the given task", 500) return make_ok(result=job)
def get_system_network_resolve(system_id): if not first_init_admin_access(): return make_error('Request forbidden', 403) (success, data) = dns_resolution(system_id) if not success: current_app.logger.error( "network: get_system_network_resolve error: " + str(data)) return make_error(data, 500) return make_ok(dns_resolution=data)
def stop_scan(task_id): try: apimethods_stop_scan(task_id) except APICannotResolveSensorID: return make_error("Cannot retrieve the task status", 404) except APINMAPScanKeyNotFound: return make_error("Cannot retrieve the task status", 404) except APINMAPScanException: return make_error("Cannot stop the scan", 500) return make_ok(result=True)
def get_nmap_scan_status(task_id): try: job = apimethod_get_nmap_scan_status(task_id) except APINMAPScanKeyNotFound: return make_error("Task id not found", 404) except APINMAPScanException as exp: app.logger.error("Cannot retrieve the scan status {0}".format( str(exp))) return make_error("Cannot retrieve the scan status for the given task", 500) return make_ok(result=job)
def get_license_trial(system_id): # Retrieve URL parameters. email = request.args.get('email') if email is None: current_app.logger.error ("license: get_license_trial error: Bad param 'email'") return make_error('Bad parameter email', 400) (success, msg) = register_appliance_trial(email, system_id, False) if not success: current_app.logger.error ("license: get_license_trial error: " + str(msg)) return make_error(msg, 500) return make_ok()
def get_nmap_scan(task_id): sensor_id = request.args.get('sensor_id', None) try: data = apimethod_get_nmap_scan(sensor_id=sensor_id, task_id=task_id) except (APINMAPScanCannotRetrieveBaseFolder, APINMAPScanCannotCreateLocalFolder, APINMAPScanCannotReadReport) as e: return make_error(str(e), 500) except APINMAPScanReportNotFound as e: return make_error(str(e), 404) except Exception as e: return make_error(str(e), 500) return make_ok(result=data)
def get_license_version(system_id): """ Get the current versions """ if not first_init_admin_access(): return make_error ('Request forbidden -- authorization will not help', 403) (success, msg) = get_current_version(system_id) if not success: api_log.error("license: get_license_versions error: " + str(msg)) return make_error("An internet connection is needed in order to activate your version.", 500) return make_ok(**msg)
def delete_nmap_scan(task_id): sensor_id = request.args.get('sensor_id', None) try: apimethod_delete_nmap_scan(sensor_id=sensor_id, task_id=task_id) except (APINMAPScanCannotRetrieveBaseFolder, APINMAPScanCannotCreateLocalFolder, APINMAPScanReportCannotBeDeleted) as e: return make_error(str(e), 500) except APINMAPScanReportNotFound as e: return make_error(str(e), 404) except: return make_error("Cannot Delete the report", 500) return make_ok(result=True)
def get_data_status_messages(): component_id = request.args.get('component_id') component_type = request.args.get('component_type') message_id = request.args.get('message_id', None) level = request.args.get('level') if level is not None: level = level.split(',') order_desc = request.args.get('order_desc') page = request.args.get('page', 1) if page is not None: if not is_valid_integer(page): return make_error( "The parameter page (%s) is not a valid integer value" % str(page), 500) page = int(page) if message_id is not None: if not is_valid_integer(message_id): return make_error( "The parameter message_id (%s) is not a valid integer value" % str(message_id), 500) message_id = int(message_id) page_row = request.args.get('page_rows', 50) if page_row is not None: page_row = int(page_row) orderby = request.args.get('order_by') if orderby not in ['creation_time', 'component_type', 'level', '', None]: return make_bad_request( "Invalid parameter order by. Allowed values are ('creation_time','component_type','level','')" ) (success, data) = get_status_messages(component_id=component_id, level=level, orderby=orderby, page=page, page_row=page_row, order_desc=order_desc, component_type=component_type, message_id=message_id) if not success: return make_error(data, 500) return make_ok(**data)
def get_license_pro(system_id): # Retrieve URL parameters. key = request.args.get('key') if key is None: current_app.logger.error("license: get_license_pro error: Missing param 'key'") return make_error('Missing param key', 400) (success, msg) = register_appliance_pro(key, system_id, False) if not success: current_app.logger.error ("license: get_license_pro error: " + str(msg)) return make_error(msg, 500) #Launch the upgrade job = alienvault_asynchronous_update.delay(system_id, only_feed=False,update_key=key) return make_ok(job_id=job.id)
def put_sensor(sensor_id): password = request.args.get('password', None) if password is not None: (success, response) = add_sensor(sensor_id, request.args.get('password')) if not success: api_log.error(str(response)) return make_error("Error adding sensor, please check the system is reachable and the password is correct", 500) (success, job_id) = set_sensor_context(sensor_id, request.args.get('ctx').lower()) if not success: return make_error("Error setting sensor context", 500) return make_ok(job_id=job_id)
def get_nmap_scan(task_id): sensor_id = request.args.get('sensor_id', None) try: data = apimethod_get_nmap_scan(sensor_id=sensor_id, task_id=task_id) except (APINMAPScanCannotRetrieveBaseFolder, APINMAPScanCannotCreateLocalFolder, APINMAPScanCannotReadReport) as e: return make_error(str(e), 500) except APINMAPScanReportNotFound as e: return make_error(str(e), 404) except: return make_error(data, 500) return make_ok(result=data)
def get_alienvault_status(system_id): """Get the status of each profile from a given AlienVault system The blueprint handle the following url: GET /av/api/1.0/system/<system_id>/status/alienvault?no_cache=<boolean> Args: system_id (str): String with system id (uuid) or local no_cache (boolean): Flag to indicate whether load cached data or fresh one. """ no_cache = True if request.args.get('no_cache', 'false') == 'true' else False success, result = alienvault_status(system_id, no_cache=no_cache) if not success: api_log.error( "Cannot retrieve AlienVault status for system_id %s. Error: %s" % (system_id, str(result))) api_log.error( "Failed API call: remote addr = %s, host addr = %s, blueprint = %s, URL = %s" % (request.remote_addr, request.host, request.blueprint, request.base_url)) return make_error( "Cannot retrieve AlienVault status for system %s" % system_id, 500) return make_ok(**result)
def get_license_pro(system_id): if not first_init_admin_access(): return make_error ('Request forbidden -- authorization will not help', 403) # Retrieve URL parameters. key = request.args.get('key') if key is None: current_app.logger.error("license: get_license_pro error: Missing param 'key'") return make_error('Missing param key', 400) (success, msg) = register_appliance_pro(key, system_id, False) if not success: current_app.logger.error("license: get_license_pro error: " + str(msg)) return make_error(msg, 500) return make_ok()
def get_config_alienvault(system_id): (success, config_values) = get_system_config_alienvault(system_id) if not success: return make_error(config_values, 500) return make_ok(**config_values)
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: %s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_systems(): (success, system_data) = system.get_all() if not success: current_app.logger.error("system: get_systems error: " + str(system_data)) return make_error("Cannot retrieve systems info", 500) return make_ok(systems=system_data)
def get_system(system_id): (success, ip) = system.get(system_id) if not success: current_app.logger.error("system: get_system error: " + str(ip)) return make_error("Cannot retrieve system %s info" % system_id, 500) return make_ok(info=ip)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def get_license_version(system_id): """ Get the current versions """ if not first_init_admin_access(): return make_error('Request forbidden -- authorization will not help', 403) (success, msg) = get_current_version(system_id) if not success: api_log.error("license: get_license_versions error: " + str(msg)) return make_error( "An internet connection is needed in order to activate your version.", 500) return make_ok(**msg)
def get_ossec_active_agents(sensor_id): (result, data) = ossec_get_available_agents(sensor_id, 'list_online_agents') if result: return make_ok(agents=data) else: return make_error(data, 500)
def get_ossec_restart_agent(sensor_id, agent_id): (result, data) = ossec_get_available_agents(sensor_id, 'restart_agent', agent_id) if result: return make_ok(msg=data) else: return make_error(data, 500)
def get_ossec_check_integrity_agent(sensor_id, agent_id): (result, data) = ossec_get_available_agents(sensor_id, 'integrity_check', agent_id) if result: return make_ok(msg=data) else: return make_error(data, 500)
def get_list_nmap_scans(): try: user_scans = apimethod_get_nmap_scan_list(user=current_user.login) except Exception as exp: app.logger.error("Cannot retrieve the scan list {0}".format(str(exp))) return make_error("Cannot retrieve the scan list", 500) return make_ok(result=user_scans)
def get_ossec_check(sensor_id): """Creates a new preconfigured agent and return the local path :param sensor_id: Sensor id :param agent_id: Agent id. Must be a string that match [0-9]{1,4} :param agent_type: Type of agent to be generated. """ agent_ip = request.args.get("agent_ip", None) agent_name = request.args.get("agent_name", None) check_type = request.args.get("check_type", None) if check_type not in ["lastscan", "lastip"]: return make_bad_request( "Invalid check_type value. Allowed values are(lastscan, lastip)") if check_type == 'lastip': if agent_name is None: return make_bad_request( "Agent name not specified. Allowed characters are [^a-zA-Z0-9_\\-()]+" ) if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None: return make_bad_request( "Invalid agent name. Allowed characters are [^a-zA-Z0-9_\\-()]+" ) elif not is_valid_ipv4(agent_ip): return make_bad_request( "Invalid agent_ip value. It should be a valid IP v4 dotted address" ) (result, data) = ossec_get_check(sensor_id=sensor_id, agent_ip=agent_ip, agent_name=agent_name, check_type=check_type) if result: return make_ok(check=data) return make_error(data, 500)
def put_sensor_interface(sensor_id): """ Set the [sensor]/interfaces list on ossim_setup.conf of the sensor """ # Get the 'ifaces' param list, with contains the ifaces # It must be a comma separate list ifaces = request.args.get('ifaces') if ifaces is None: current_app.logger.error("interfaces: put_sensor_interface error: Missing parameter 'ifaces'") return make_bad_request("Missing parameter ifaces") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("interfaces: put_sensor_interface error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") # Call the ansible module to obtain the [sensor]/iface (success, data) = set_sensor_interfaces(sensor_ip, ifaces) if not success: current_app.logger.error("interfaces: put_sensor_interfaces_from_conf error: %s" % data) return make_error("Error setting sensor interfaces", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error( "detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def get_system_network_traffic_stats(system_id): (success, data) = get_traffic_stats(system_id) if not success: current_app.logger.error("network: get_system_network_traffic_stats error: " + str(data)) return make_error("Error getting iface list", 500) return make_ok(stats=data)
def get_local_info(): success, system_data = system.get_local_info() if not success: current_app.logger.error("system: get_local_info error: " + str(system_data)) return make_error("Cannot retrieve local system info", 500) return make_ok(**system_data)
def get_system_network_resolve(system_id): (success, data) = dns_resolution(system_id) if not success: current_app.logger.error("network: get_system_network_resolve error: " + str(data)) return make_error(data, 500) return make_ok(dns_resolution=data)
def get_jobs(system_id): """ Blueprint to get the jobs running on a system GET /av/api/1.0/system/<system_id>/jobs Args: system_id (str): String with system id (uuid) or local. Returns: data: JSON with job ID, job name and its start time, or error message { "status": "success", "data": { "jobs": [ { "job_id": "9c83c664-5d8a-4daf-ac2c-532c0209a734", "name": "configuration_backup", "time_start": 1381734702 }, ... } """ success, jobs = get_jobs_running(system_id) if not success: error_msg = "Can't retrieve jobs running for system %s. Please verify that the system is reachable." % system_id return make_error(error_msg, 500) return make_ok(jobs=jobs)
def put_system_update_feed(system_id): """Blueprint to launch local/remote feed update Args: system_id (UUID): system to update Returns: data: JSON with status and job ID or error message success example: { "data": { "job_id": "fe7df875-1939-4c55-a499-af99880f3351" }, "status": "success" } error example: { "message": "Cannot update system 564D9762-9196-99CD-46E6-3D941F32AA6. Please verify that the system is reachable.", "status": "error", "status_code": 500, "status_long_message": "Server got itself in trouble", "status_short_message": "Internal Server Error" } """ (success, job_id) = asynchronous_update(system_id, only_feed=True) if not success: error_msg = "Cannot update system %s" % system_id api_log.error(error_msg + ": %s" % job_id) error_msg = error_msg + ". Please verify that the system is reachable." return make_error(error_msg, 500) return make_ok(job_id=job_id)
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: " error_msg = error_msg + "%s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_license_trial(system_id): if not first_init_admin_access(): return make_error ('Request forbidden -- authorization will not help', 403) # Retrieve URL parameters. email = request.args.get('email') if email is None: current_app.logger.error("license: get_license_trial error: Bad param 'email'") return make_error('Bad parameter email', 400) (success, msg) = register_appliance_trial(email, system_id, False) if not success: current_app.logger.error("license: get_license_trial error: " + str(msg)) return make_error(msg, 500) return make_ok()
def get_jobs(system_id): """ Blueprint to get the jobs running on a system GET /av/api/1.0/system/<system_id>/jobs Args: system_id (str): String with system id (uuid) or local. Returns: data: JSON with job ID, job name and its start time, or error message { "status": "success", "data": { "jobs": [ { "job_id": "9c83c664-5d8a-4daf-ac2c-532c0209a734", "name": "configuration_backup", "time_start": 1381734702 }, ... } """ success, jobs = get_jobs_running(system_id) if not success: error_msg = "Cannot retrieve jobs running for system %s. " % system_id error_msg = error_msg + "Please verify that the system is reachable." return make_error(error_msg, 500) return make_ok(jobs=jobs)
def get_data_status_message_by_id(message_id): (success, data) = get_status_message_by_id(message_id, is_admin_user()) if not success: return make_error(data, 500) return make_ok(**data)
def check_permission (*args, **kwargs): allowed_check_params = ['host_id', 'host_group_id'] url_params = kwargs if request.method == "POST": url_params = dict(url_params, **request.form) params_to_check = {} params_not_to_check = {} for key in url_params.keys(): if key in allowed_check_params: try: splitted = url_params[key].split(',') params_to_check[key] = [uuid.UUID(x).hex for x in splitted] except: raise AssertionError("arg '%s' is not an UUID" % url_params[key]) else: params_not_to_check[key] = url_params[key] if not params_to_check: # No need to check anything. return func(*args, **kwargs) params_checked = {} for key, value in params_to_check.iteritems(): filtered = filter(lambda x: current_user.is_allowed(x, kind=key), value) if filtered: params_checked[key] = ','.join(filtered) if not params_checked: return make_error("User '%s' does not have any permission on the specified assets" % current_user.login, 403) params = dict(params_not_to_check, **params_checked) return func(*args, **params)