def put(request, username): """ Update existing user based on username. """ # Users can only update their own account, unless admin if (request.user['username'] != username) and (auth.is_admin(request.user) is False): return HttpResponseForbidden() try: in_json = json.loads(request.body) except ValueError: return HttpResponseBadRequest("invalid JSON") from api.models import db_model dbc = db_model.connect() user = dbc.hbuser.find_one({"username": username}) if user is None: return HttpResponseNotFound() else: if "password" in in_json: m = hashlib.sha512() m.update(in_json['password']) user['password'] = m.hexdigest() if "email" in in_json: user['email'] = in_json['email'] if "roles" in in_json: user['roles'] = in_json['roles'] user['updatedAt'] = datetime.isoformat(datetime.now()) dbc.hbuser.save(user) logger.info("user '%s' updated by '%s'" % (username, request.user['username'])) return HttpResponse()
def put(request, session_id): """ Update existing session based on session_id. """ try: new = json.loads(request.body) except ValueError: return HttpResponseBadRequest("invalid JSON") dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users can only update their own sessions, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False): logger.info("user '%s' attempted to update session '%s', but was forbidden" % (request.user['username'], session_id)) return HttpResponseForbidden() else: if "name" in new: session['name'] = new['name'] if "description" in new: session['description'] = new['description'] if "upstreamHost" in new: session['upstreamHost'] = new['upstreamHost'] if "upstreamPort" in new: session['upstreamPort'] = new['upstreamPort'] if "username" in new: session['username'] = new['username'] if "testPlan" in new: testplan = dbc.testplan.find_one({"_id": ObjectId(new['testPlan']['id'])}) if testplan is not None: session['testPlan'] = new['testPlan'] else: return HttpResponseNotFound("testplan '%s' does not exist" % new['testPlan']) if ("serverOverloadProfile" in new) and ("id" in new['serverOverloadProfile']): so_profile = dbc.serveroverload.find_one({"_id": ObjectId(new['serverOverloadProfile']['id'])}) if so_profile is not None: session['serverOverloadProfile'] = new['serverOverloadProfile'] else: return HttpResponseNotFound("serverOverloadProfile '%s' does not exist" % new['serverOverloadProfile']['id']) if ("qosProfile" in new) and ("id" in new['qosProfile']): qos_profile = dbc.qos.find_one({"_id": ObjectId(new['qosProfile']['id'])}) if qos_profile is not None: session['qosProfile'] = new['qosProfile'] else: return HttpResponseNotFound("qosProfile'%s' does not exist" % new['qosProfile']['id']) try: session['updatedAt'] = datetime.isoformat(datetime.now()) dbc.session.save(session) except DuplicateKeyError: return HttpResponseBadRequest("session name is not unique") logger.info("session '%s' updated by '%s'" % (session_id, request.user['username'])) return HttpResponse()
def get_all_sessions(request): """ Retrieve all sessions. """ dbc = db_model.connect() if auth.is_admin(request.user) is True: # Admins retrieve all sessions sessions = [s for s in dbc.session.find()] else: # Regular users retrieve only the sessions they own sessions = [s for s in dbc.session.find({"username": request.user['username']})] for s in sessions: s['id'] = str(s.pop('_id')) return JsonResponse({"sessions": sessions})
def get_all_sessions(request): """ Retrieve all sessions. """ dbc = db_model.connect() if auth.is_admin(request.user) is True: # Admins retrieve all sessions sessions = [s for s in dbc.session.find()] else: # Regular users retrieve only the sessions they own sessions = [ s for s in dbc.session.find({"username": request.user['username']}) ] for s in sessions: s['id'] = str(s.pop('_id')) return JsonResponse({"sessions": sessions})
def get(request, username=None): """ Retrieve user based on username. """ if username is None: # Retrieve all users return get_all_users(request) # Users can only retrieve their own account, unless admin if (request.user['username'] != username) and (auth.is_admin(request.user) is False): return HttpResponseForbidden() from api.models import db_model dbc = db_model.connect() user = dbc.hbuser.find_one({"username": username}, {"_id": 0}) if user is None: return HttpResponseNotFound() else: return JsonResponse(user)
def delete(request, session_id): """ Delete session based on session_id. """ dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users can only delete their own sessions, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False): logger.info("user '%s' attempted to delete session '%s', but was forbidden" % (request.user['username'], session_id)) return HttpResponseForbidden() else: dbc.session.remove(session) logger.info("session '%s' deleted by '%s'" % (session_id, request.user['username'])) return HttpResponse()
def get(request, session_id=None): """ Retrieve a session based on session_id. """ if session_id is None: return get_all_sessions(request) dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users cannot retrieve sessions they do not own, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin(request.user) is False): return HttpResponseForbidden() else: session['id'] = str(session.pop('_id')) return JsonResponse(session)
def get(request, session_id=None): """ Retrieve a session based on session_id. """ if session_id is None: return get_all_sessions(request) dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users cannot retrieve sessions they do not own, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin( request.user) is False): return HttpResponseForbidden() else: session['id'] = str(session.pop('_id')) return JsonResponse(session)
def delete(request, session_id): """ Delete session based on session_id. """ dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users can only delete their own sessions, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin( request.user) is False): logger.info( "user '%s' attempted to delete session '%s', but was forbidden" % (request.user['username'], session_id)) return HttpResponseForbidden() else: dbc.session.remove(session) logger.info("session '%s' deleted by '%s'" % (session_id, request.user['username'])) return HttpResponse()
def put(request, session_id): """ Update existing session based on session_id. """ try: new = json.loads(request.body) except ValueError: return HttpResponseBadRequest("invalid JSON") dbc = db_model.connect() try: session = dbc.session.find_one({"_id": ObjectId(session_id)}) except InvalidId: return HttpResponseNotFound() if session is None: return HttpResponseNotFound() # Users can only update their own sessions, unless admin elif (session['username'] != request.user['username']) and (auth.is_admin( request.user) is False): logger.info( "user '%s' attempted to update session '%s', but was forbidden" % (request.user['username'], session_id)) return HttpResponseForbidden() else: if "name" in new: session['name'] = new['name'] if "description" in new: session['description'] = new['description'] if "upstreamHost" in new: session['upstreamHost'] = new['upstreamHost'] if "upstreamPort" in new: session['upstreamPort'] = new['upstreamPort'] if "username" in new: session['username'] = new['username'] if "testPlan" in new: testplan = dbc.testplan.find_one( {"_id": ObjectId(new['testPlan']['id'])}) if testplan is not None: session['testPlan'] = new['testPlan'] else: return HttpResponseNotFound("testplan '%s' does not exist" % new['testPlan']) if ("serverOverloadProfile" in new) and ("id" in new['serverOverloadProfile']): so_profile = dbc.serveroverload.find_one( {"_id": ObjectId(new['serverOverloadProfile']['id'])}) if so_profile is not None: session['serverOverloadProfile'] = new['serverOverloadProfile'] else: return HttpResponseNotFound( "serverOverloadProfile '%s' does not exist" % new['serverOverloadProfile']['id']) if ("qosProfile" in new) and ("id" in new['qosProfile']): qos_profile = dbc.qos.find_one( {"_id": ObjectId(new['qosProfile']['id'])}) if qos_profile is not None: session['qosProfile'] = new['qosProfile'] else: return HttpResponseNotFound("qosProfile'%s' does not exist" % new['qosProfile']['id']) try: session['updatedAt'] = datetime.isoformat(datetime.now()) dbc.session.save(session) except DuplicateKeyError: return HttpResponseBadRequest("session name is not unique") logger.info("session '%s' updated by '%s'" % (session_id, request.user['username'])) return HttpResponse()