Example #1
0
def put(request, username):
    """
    Update existing user based on username.
    """
    # Users can only update their own account, unless admin
    if (request.user['username'] != username) and (auth.is_admin(request.user) is False):
        return HttpResponseForbidden()

    try:
        in_json = json.loads(request.body)
    except ValueError:
        return HttpResponseBadRequest("invalid JSON")

    from api.models import db_model
    dbc = db_model.connect()
    user = dbc.hbuser.find_one({"username": username})
    if user is None:
        return HttpResponseNotFound()
    else:
        if "password" in in_json:
            m = hashlib.sha512()
            m.update(in_json['password'])
            user['password'] = m.hexdigest()
        if "email" in in_json:
            user['email'] = in_json['email']
        if "roles" in in_json:
            user['roles'] = in_json['roles']
        user['updatedAt'] = datetime.isoformat(datetime.now())
        dbc.hbuser.save(user)
        logger.info("user '%s' updated by '%s'" % (username, request.user['username']))
        return HttpResponse()
Example #2
0
def put(request, session_id):
    """
    Update existing session based on session_id.
    """
    try:
        new = json.loads(request.body)
    except ValueError:
        return HttpResponseBadRequest("invalid JSON")

    dbc = db_model.connect()
    try:
        session = dbc.session.find_one({"_id": ObjectId(session_id)})
    except InvalidId:
        return HttpResponseNotFound()
    if session is None:
        return HttpResponseNotFound()

    # Users can only update their own sessions, unless admin
    elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False):
        logger.info("user '%s' attempted to update session '%s', but was forbidden" % (request.user['username'], session_id))
        return HttpResponseForbidden()
    else:
        if "name" in new:
            session['name'] = new['name']
        if "description" in new:
            session['description'] = new['description']
        if "upstreamHost" in new:
            session['upstreamHost'] = new['upstreamHost']
        if "upstreamPort" in new:
            session['upstreamPort'] = new['upstreamPort']
        if "username" in new:
            session['username'] = new['username']
        if "testPlan" in new:
            testplan = dbc.testplan.find_one({"_id": ObjectId(new['testPlan']['id'])})
            if testplan is not None:
                session['testPlan'] = new['testPlan']
            else:
                return HttpResponseNotFound("testplan '%s' does not exist" % new['testPlan'])

        if ("serverOverloadProfile" in new) and ("id" in new['serverOverloadProfile']):
            so_profile = dbc.serveroverload.find_one({"_id": ObjectId(new['serverOverloadProfile']['id'])})
            if so_profile is not None:
                session['serverOverloadProfile'] = new['serverOverloadProfile']
            else:
                return HttpResponseNotFound("serverOverloadProfile '%s' does not exist" % new['serverOverloadProfile']['id'])

        if ("qosProfile" in new) and ("id" in new['qosProfile']):
            qos_profile = dbc.qos.find_one({"_id": ObjectId(new['qosProfile']['id'])})
            if qos_profile is not None:
                session['qosProfile'] = new['qosProfile']
            else:
                return HttpResponseNotFound("qosProfile'%s' does not exist" % new['qosProfile']['id'])

        try:
            session['updatedAt'] = datetime.isoformat(datetime.now())
            dbc.session.save(session)
        except DuplicateKeyError:
            return HttpResponseBadRequest("session name is not unique")
        logger.info("session '%s' updated by '%s'" % (session_id, request.user['username']))
        return HttpResponse()
Example #3
0
def get_all_sessions(request):
    """
    Retrieve all sessions.
    """
    dbc = db_model.connect()
    if auth.is_admin(request.user) is True:  # Admins retrieve all sessions
        sessions = [s for s in dbc.session.find()]
    else:  # Regular users retrieve only the sessions they own
        sessions = [s for s in dbc.session.find({"username": request.user['username']})]

    for s in sessions:
        s['id'] = str(s.pop('_id'))
    return JsonResponse({"sessions": sessions})
Example #4
0
def get(request, username=None):
    """
    Retrieve user based on username.
    """
    if username is None:  # Retrieve all users
        return get_all_users(request)

    # Users can only retrieve their own account, unless admin
    if (request.user['username'] != username) and (auth.is_admin(request.user) is False):
        return HttpResponseForbidden()

    from api.models import db_model
    dbc = db_model.connect()
    user = dbc.hbuser.find_one({"username": username}, {"_id": 0})
    if user is None:
        return HttpResponseNotFound()
    else:
        return JsonResponse(user)
Example #5
0
def delete(request, session_id):
    """
    Delete session based on session_id.
    """
    dbc = db_model.connect()
    try:
        session = dbc.session.find_one({"_id": ObjectId(session_id)})
    except InvalidId:
        return HttpResponseNotFound()
    if session is None:
        return HttpResponseNotFound()

    # Users can only delete their own sessions, unless admin
    elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False):
        logger.info("user '%s' attempted to delete session '%s', but was forbidden" % (request.user['username'], session_id))
        return HttpResponseForbidden()
    else:
        dbc.session.remove(session)
        logger.info("session '%s' deleted by '%s'" % (session_id, request.user['username']))
        return HttpResponse()
Example #6
0
def get(request, session_id=None):
    """
    Retrieve a session based on session_id.
    """
    if session_id is None:
        return get_all_sessions(request)

    dbc = db_model.connect()
    try:
        session = dbc.session.find_one({"_id": ObjectId(session_id)})
    except InvalidId:
        return HttpResponseNotFound()
    if session is None:
        return HttpResponseNotFound()

    # Users cannot retrieve sessions they do not own, unless admin
    elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False):
        return HttpResponseForbidden()
    else:
        session['id'] = str(session.pop('_id'))
        return JsonResponse(session)