Example #1
0
def location_edit():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    locationid = request.args.get('location')
    location = Location.query.filter_by(id=locationid).first()
    original_data = location.to_dict()
    if location is None:
        render_template('location.html', title=_('Location is not defined'))

    form = LocationForm(formdata=request.form, obj=location)

    if request.method == 'POST' and form.validate_on_submit():
        location.place = form.place.data
        location.area = form.area.data
        location.facillity = form.facillity.data
        location.position = form.position.data
        location.type = form.type.data
        db.session.commit()

        Audit().auditlog_update_post('location',
                                     original_data=original_data,
                                     updated_data=location.to_dict(),
                                     record_name=location.longName())
        flash(_('Your changes have been saved.'))

        return redirect(url_for('main.location_list'))

    else:
        return render_template('location.html',
                               title=_('Edit Location'),
                               form=form)
Example #2
0
def service_add():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    form = ServiceForm()

    if form.validate_on_submit():
        service = Service(name=form.name.data, color=form.color.data)
        for u in form.users.data:
            user = User.query.filter_by(id=u).first()
            print("Adding: User: %s to: %s" % (user.username, service.name))
            service.users.append(user)
        service.manager = User.query.filter_by(id=form.manager.data).first()

        db.session.add(service)
        db.session.commit()

        Audit().auditlog_new_post('service',
                                  original_data=service.to_dict(),
                                  record_name=service.name)
        flash(_('Service have been saved.'))
        return redirect(url_for('main.service_list'))

    else:
        return render_template('service.html', form=form)
Example #3
0
def create_access():
    data = request.get_json() or {}
    for field in ['name', 'status']:
        if field not in data:
            return bad_request('must include %s fields' % field)

    check_access = Access.query.filter_by(name=data['name']).first()
    if check_access is not None:
        return bad_request('Access already exist with id: %s' %
                           check_access.id)

    access = Access()
    access.from_dict(data)

    db.session.add(access)
    db.session.commit()

    Audit().auditlog_new_post('access',
                              original_data=access.to_dict(),
                              record_name=access.name)

    response = jsonify(access.to_dict())

    response.status_code = 201
    response.headers['Location'] = url_for('api.get_access', id=access.id)
    return response
Example #4
0
def create_location():
    data = request.get_json() or {}
    for field in ['place', 'facillity', 'area', 'position', 'type']:
        if field not in data:
            return bad_request('must include field: %s' % field)

    check_loc = Location.query.filter_by(place=data['place'],
                                         facillity=data['facillity'],
                                         area=data['area'],
                                         position=data['position'],
                                         type=data['type']).first()
    if check_loc is not None:
        return bad_request('Location already exist with id: %s' % check_loc.id)

    location = Location()
    location.from_dict(data)

    db.session.add(location)
    db.session.commit()
    Audit().auditlog_new_post('location',
                              original_data=location.to_dict(),
                              record_name=location.longName())
    response = jsonify(location.to_dict())

    response.status_code = 201
    response.headers['Location'] = url_for('api.get_location', id=location.id)
    return response
Example #5
0
def create_service():
    data = request.get_json() or {}
    if 'name' not in data or 'color' not in data:
        return bad_request('must include name and color fields')

    check_service = Service.query.filter_by(name=data['name']).first()
    if check_service is not None:
        return bad_request('Service already exist with id: %s' %
                           check_service.id)

    service = Service()
    service.from_dict(data, new_service=True)

    db.session.add(service)
    db.session.commit()
    audit = Audit()
    audit.auditlog_new_post('service',
                            original_data=service.to_dict(),
                            record_name=service.name)

    response = jsonify(service.to_dict())

    response.status_code = 201
    response.headers['Location'] = url_for('api.get_service', id=service.id)
    return response
Example #6
0
def create_resource():
    data = request.get_json() or {}

    if 'serial' not in data:
        return bad_request('must include field: serial')

    hsm_pci_card = Resource.query.filter_by(serial=data['serial']).first()
    if hsm_pci_card is not None:
        msg = 'Card already exist: %s' % hsm_pci_card.id
        return bad_request(msg)

    resource = Resource()
    status = resource.from_dict(data)
    if status['success'] is False:
        return bad_request(status['msg'])

    db.session.add(resource)
    db.session.commit()

    Audit().auditlog_new_post('hsm_pci_card',
                              original_data=resource.to_dict(),
                              record_name=resource.name)

    response = jsonify(resource.to_dict())

    response.status_code = 201
    response.headers['Resource'] = url_for('api.get_resource', id=resource.id)
    return response
Example #7
0
def update_role(id):
    role = Role.query.get_or_404(id)
    original_data = role.to_dict()
    data = request.get_json() or {}
    role.from_dict(data, new_role=False)
    db.session.commit()
    Audit().auditlog_update_post('hsm_domain', original_data=original_data, updated_data=data)

    return jsonify(role.to_dict())
Example #8
0
def resource_edit():

    resourceid = request.args.get('resource')

    if 'cancel' in request.form:
        return redirect(request.referrer)
    if 'delete' in request.form:
        return redirect(url_for('main.resource_delete', resource=resourceid))
    if 'copy' in request.form:
        return redirect(
            url_for('main.resource_copy', copy_from_resource=resourceid))
    if 'logs' in request.form:
        return redirect(
            url_for('main.logs_list', module='resource', module_id=resourceid))
    if 'ports' in request.form:
        return redirect(url_for('main.resource_port_list',
                                resource=resourceid))

    resource = Resource.query.get(resourceid)
    original_data = resource.to_dict()

    if resource is None:
        render_template('service.html', title=_('Resource is not defined'))

    form = ResourceForm(formdata=request.form, obj=resource)

    if request.method == 'POST' and form.validate_on_submit():
        service = Service.query.get(form.service.data)
        if service is None:
            flash('Service is required')
            return redirect(request.referrer)

        resource.name = form.name.data
        resource.comment = form.comment.data
        resource.environment = form.environment.data
        resource.external_id = form.external_id.data
        resource.service = service

        db.session.commit()

        Audit().auditlog_update_post('resource',
                                     original_data=original_data,
                                     updated_data=resource.to_dict(),
                                     record_name=resource.name)
        flash(_('Your changes have been saved.'))

        return redirect(url_for('main.index'))

    else:

        form.name.data = resource.name
        form.comment.data = resource.comment
        form.external_id.data = resource.external_id
        form.service.data = resource.service_id
        return render_template('resource.html',
                               title=_('Edit Resource'),
                               form=form)
Example #9
0
def role_edit():

    roleid = request.args.get('role')

    if 'cancel' in request.form:
        return redirect(request.referrer)
    if 'delete' in request.form:
        return redirect(url_for('main.role_delete', role=roleid))

    role = Role.query.get(roleid)
    form = RoleForm(obj=role)

    if role is None:
        flash(_('Role not found'))
        return redirect(request.referrer)

    original_data = role.to_dict()

    if request.method == 'POST' and form.validate_on_submit():

        role.name = form.name.data
        role.description = form.description.data
        role.resources = []
        for r in form.resources.data:
            resource = Resource.query.get(r)
            print("Adding: Resource: {} to: {}".format(resource.name, role.name))
            role.resources.append(resource)

        from app.main.models import Service
        service = Service.query.filter_by(id=form.service.data).first_or_404()
        if service is None:
            flash(_('Service id not found'))
            return redirect(request.referrer)
        else:
            role.service = service

        role.comment = form.comment.data
        db.session.commit()

        Audit().auditlog_update_post('role', original_data=original_data,
                                     updated_data=role.to_dict(), record_name=role.name)

        flash(_('Your changes to the role have been saved.'))

        return redirect(url_for('main.index'))

    else:
        pre_selected_resources = [(r.id) for r in role.resources]
        form = RoleForm(resources=pre_selected_resources)
        form.name.data = role.name
        form.comment.data = role.comment
        form.service.data = role.service_id
        form.description.data = role.description

        return render_template('role.html', title=_('Edit Role'),
                               form=form)
Example #10
0
def update_service(id):
    service = Service.query.get_or_404(id)
    original_data = service.to_dict()

    data = request.get_json() or {}
    service.from_dict(data, new_service=False)
    db.session.commit()
    Audit().auditlog_update_post('service',
                                 original_data=original_data,
                                 updated_data=service.to_dict(),
                                 record_name=service.name)
    return jsonify(service.to_dict())
Example #11
0
def update_location(id):
    location = Location.query.get_or_404(id)
    original_data = location.to_dict()

    data = request.get_json() or {}
    location.from_dict(data, new_location=False)
    db.session.commit()

    Audit().auditlog_update_post('location',
                                 original_data=original_data,
                                 updated_data=location.to_dict(),
                                 record_name=location.longName())

    return jsonify(location.to_dict())
Example #12
0
def update_access(id):
    access = Access.query.get_or_404(id)
    original_data = access.to_dict()

    data = request.get_json() or {}
    access.from_dict(data, new_access=False)
    db.session.commit()

    Audit().auditlog_update_post('access',
                                 original_data=original_data,
                                 updated_data=access.to_dict(),
                                 record_name=access.hostname)

    return jsonify(access.to_dict())
Example #13
0
def update_resource(id):
    resource = Resource.query.get_or_404(id)
    original_data = resource.to_dict()

    data = request.get_json() or {}
    resource.from_dict(data)
    db.session.commit()

    Audit().auditlog_update_post('hsm_pci_card',
                                 original_data=original_data,
                                 updated_data=data,
                                 record_name=resource.name)

    return jsonify(resource.to_dict())
Example #14
0
def assignment_add():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    form = AssignmentForm(formdata=request.form)

    if request.method == 'POST' and form.validate_on_submit():
        user = User.query.get(form.user.data)
        if user is None:
            flash('User is required')
            return redirect(request.referrer)

        role = Role.query.get(form.role.data)
        if role is None:
            flash('User is required')
            return redirect(request.referrer)

        print(f"logged in user {current_user.username}")
        requestor = User.query.filter_by(
            username=current_user.username).first_or_404()
        if requestor is None:
            flash('logged in user is required')
            return redirect(request.referrer)

        assignment = Assignment(comment=form.comment.data,
                                start=form.start.data,
                                stop=form.stop.data
                                )

        assignment.user = user
        assignment.role = role
        assignment.status = "requested"
        assignment.request_ts = datetime.now()
        print(f'requestor: {requestor.username}')
        assignment.requestor = requestor.username
        db.session.add(assignment)
        db.session.commit()

        Audit().auditlog_new_post('assignment', original_data=assignment.to_dict(),
                                  record_name=assignment.__tablename__)
        flash(_('New assignment is now requested!'))

        return redirect(url_for('main.index'))

    else:

        return render_template('assignment.html', title=_('Add Assignment'),
                               form=form)
Example #15
0
def update_user(id):
    user = User.query.get_or_404(id)
    original_data = user.to_dict()

    data = request.get_json() or {}
    if 'username' in data and data['username'] != user.username and \
            User.query.filter_by(username=data['username']).first():
        return bad_request('please use a different username')
    if 'email' in data and data['email'] != user.email and \
            User.query.filter_by(email=data['email']).first():
        return bad_request('please use a different email address')
    user.from_dict(data, new_user=False)
    db.session.commit()

    Audit().auditlog_update_post('user', original_data=original_data, updated_data=user.to_dict(), record_name=user.username)

    return jsonify(user.to_dict())
Example #16
0
def service_edit():
    if 'cancel' in request.form:
        return redirect(request.referrer)
    servicename = request.args.get('name')
    service = Service.query.filter_by(name=servicename).first()
    original_data = service.to_dict()
    if service is None:
        render_template('service.html', title=_('Service is not defined'))

    if 'delete' in request.form:
        return redirect(url_for('main.service_delete', service=service.id))

    form = ServiceForm(formdata=request.form, obj=service)

    if request.method == 'POST' and form.validate_on_submit():
        # TODO remove not selected users ...
        service.users = []
        for u in form.users.data:
            user = User.query.filter_by(id=u).first()
            print("Adding: User: %s to: %s" % (user.username, service.name))
            service.users.append(user)
        service.manager = User.query.filter_by(id=form.manager.data).first()
        service.name = form.name.data
        service.color = form.color.data

        db.session.commit()

        Audit().auditlog_update_post('service',
                                     original_data=original_data,
                                     updated_data=service.to_dict(),
                                     record_name=service.name)

        flash(_('Your changes have been saved.'))
        return redirect(url_for('main.service_list'))

    else:

        pre_selected_users = [(su.id) for su in service.users]
        form = ServiceForm(users=pre_selected_users)
        form.manager.data = service.manager_id
        form.name.data = service.name
        form.color.data = service.color
        return render_template('service.html',
                               title=_('Edit Service'),
                               form=form)
Example #17
0
def service_delete():
    serviceid = request.args.get('service')
    service = Service.query.get(serviceid)

    if service is None:
        flash(_('Service was not deleted, id not found!'))
        return redirect(url_for('main.index'))

    deleted_msg = 'Service deleted: %s\n' % (service.name)
    flash(deleted_msg)
    db.session.delete(service)
    db.session.commit()

    Audit().auditlog_delete_post('service',
                                 data=service.to_dict(),
                                 record_name=service.name)

    return redirect(url_for('main.index'))
Example #18
0
def role_delete():

    roleid = request.args.get('role')
    role = Role.query.get(roleid)

    if role is None:
        flash(_('Role was not deleted, id not found!'))
        return redirect(url_for('main.index'))

    deleted_msg = f'Role deleted: {role.name} {role.comment}'

    db.session.delete(role)
    db.session.commit()

    Audit().auditlog_delete_post('role', data=role.to_dict(), record_name=role.name)
    flash(deleted_msg)

    return redirect(url_for('main.index'))
Example #19
0
def change_password():
    form = ChangePasswordForm()
    if request.method == 'POST' and form.validate_on_submit():
        user = User.query.filter_by(username=current_user.username).first()
        original_data = user.to_dict()

        user.set_password(form.password.data)
        db.session.add(user)
        db.session.commit()

        Audit().auditlog_new_post('user',
                                  original_data=original_data,
                                  updated_data=user.to_dict(),
                                  record_name=user.username)

        flash(_('Password changed'))
        return redirect(url_for('main.index'))

    return render_template('auth/change_password.html', form=form)
Example #20
0
def assignment_delete():

    assignmentid = request.args.get('assignment')
    assignment = Assignment.query.get(assignmentid)

    if assignment is None:
        flash(_('assignment was not deleted, id not found!'))
        return redirect(url_for('main.index'))

    # check if pyraadmin
    deleted_msg = f'assignment deleted for: {assignment.user.username} to: {assignment.role.name}\n'
    flash(deleted_msg)
    db.session.delete(assignment)
    db.session.commit()

    Audit().auditlog_delete_post('access', data=assignment.to_dict(),
                                 record_name=assignment.__class__.__name__.lower())

    return redirect(url_for('main.index'))
Example #21
0
def reset_password(token):
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
    user = User.verify_reset_password_token(token)
    original_data = user.to_dict()

    if not user:
        return redirect(url_for('main.index'))
    form = ResetPasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        db.session.commit()
        Audit().auditlog_new_post('user',
                                  original_data=original_data,
                                  updated_data=user.to_dict(),
                                  record_name=user.username)

        flash(_('Your password has been reset.'))
        return redirect(url_for('auth.login'))
    return render_template('auth/reset_password.html', form=form)
Example #22
0
def access_delete():

    accessid = request.args.get('access')
    access = Access.query.get(accessid)

    if access is None:
        flash(_('Access was not deleted, id not found!'))
        return redirect(url_for('main.index'))

    # check if pyraadmin
    deleted_msg = f'Access deleted for: {access.user.username} to: {access.resource.name}\n'
    flash(deleted_msg)
    db.session.delete(access)
    db.session.commit()

    Audit().auditlog_delete_post('access',
                                 data=access.to_dict(),
                                 record_name=access.__class__.__name__.lower())

    return redirect(url_for('main.index'))
Example #23
0
def create_role():
    data = request.get_json() or {}
    for field in ['name', 'service_id']:
        if field not in data:
            return bad_request('must include field: %s' % field)

    check_role = Role.query.filter_by(name=data['name']).first()
    if check_role is not None:
        return bad_request('HSM Domain already exist with id: %s' % check_role.id)

    role = Role()
    role.from_dict(data)

    db.session.add(role)
    db.session.commit()

    Audit().auditlog_new_post('hsm_domain', original_data=role.to_dict(), record_name=role.name)

    response = jsonify(role.to_dict())

    response.status_code = 201
    response.headers['Role'] = url_for('api.get_role', id=role.id)
    return response
Example #24
0
def register():

    if current_app.config['OPEN_REGISTRATION'] is False:
        if not current_user.is_authenticated:
            flash(
                _('Registration is not open, contact admin to get an account'))
            return redirect(url_for('main.index'))

    form = RegistrationForm()
    if form.validate_on_submit():
        user = User(username=form.username.data, email=form.email.data)
        user.set_password(form.password.data)
        db.session.add(user)
        db.session.commit()

        Audit().auditlog_new_post('user',
                                  original_data=user.to_dict(),
                                  record_name=user.username)
        flash(_('Congratulations, you are now a registered user!'))
        return redirect(url_for('auth.login'))
    return render_template('auth/register.html',
                           title=_('Register'),
                           form=form)
Example #25
0
def resource_add():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    form = ResourceForm(formdata=request.form)

    ip = request.args.get('ip')
    if ip:
        form.ipaddress.data = ip

    if request.method == 'POST' and form.validate_on_submit():
        service = Service.query.get(form.service.data)
        if service is None:
            flash('Service is required')
            return redirect(request.referrer)

        resource = Resource(name=form.name.data,
                            comment=form.comment.data,
                            environment=form.environment.data,
                            external_id=form.external_id.data)

        resource.service = service
        db.session.add(resource)
        db.session.commit()

        Audit().auditlog_new_post('resource',
                                  original_data=resource.to_dict(),
                                  record_name=resource.name)
        flash(_('New resource is now posted!'))

        return redirect(url_for('main.index'))

    else:

        return render_template('resource.html',
                               title=_('Add Resource'),
                               form=form)
Example #26
0
def role_add():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    form = RoleForm(formdata=request.form)

    if request.method == 'POST' and form.validate_on_submit():

        role = Role(name=form.name.data)
        for r in form.resources.data:
            resource = Resource.query.get(r)
            print("Adding: Resource: {} to: {}".format(resource.name, role.name))
            role.resources.append(resource)

        from app.main.models import Service
        service = Service.query.filter_by(id=form.service.data).first_or_404()
        if service is None:
            flash(_('Service id not found'))
            return redirect(request.referrer)
        else:
            role.service = service

        role.comment = form.comment.data
        role.description = form.description.data
        db.session.add(role)
        db.session.commit()

        Audit().auditlog_new_post('role', original_data=role.to_dict(), record_name=role.name)

        flash(_('New Role is now posted!'))

        return redirect(url_for('main.index'))

    else:

        return render_template('role.html', title=_('Role'),
                               form=form)
Example #27
0
def location_add():
    if 'cancel' in request.form:
        return redirect(request.referrer)

    form = LocationForm()

    if form.validate_on_submit():
        location = Location()
        location.place = form.place.data
        location.area = form.area.data
        location.facillity = form.facillity.data
        location.position = form.position.data
        location.type = form.type.data
        db.session.add(location)
        db.session.commit()

        Audit().auditlog_new_post('location',
                                  original_data=location.to_dict(),
                                  record_name=location.longName())
        flash(_('Location have been saved.'))
        return redirect(url_for('main.location_list'))

    else:
        return render_template('location.html', form=form)
Example #28
0
def access_edit():

    accessid = request.args.get('access')

    if 'cancel' in request.form:
        return redirect(request.referrer)
    if 'delete' in request.form:
        return redirect(url_for('main.access_delete', access=accessid))
    if 'logs' in request.form:
        return redirect(
            url_for('main.logs_list', module='access', module_id=accessid))

    access = Access.query.get(accessid)
    original_data = access.to_dict()

    if access is None:
        render_template('service.html', title=_('Access is not defined'))

    print(f"logged in user {current_user.username}")
    requestor = User.query.filter_by(
        username=current_user.username).first_or_404()
    if requestor is None:
        flash('logged in user is required')
        return redirect(request.referrer)

    form = AccessForm(formdata=request.form, obj=access)

    if request.method == 'POST' and form.validate_on_submit():

        access.comment = form.comment.data
        user = User.query.get(form.user.data)
        if user is None:
            flash('User is required')
            return redirect(request.referrer)

        resource = Resource.query.get(form.resource.data)
        if resource is None:
            flash('resource is required')
            return redirect(request.referrer)

        access.comment = form.comment.data
        access.start = form.start.data
        access.stop = form.stop.data
        access.user = user
        access.resource = resource
        access.status = "requested"
        access.request_ts = datetime.now()
        print(f'requestor: {requestor.username}')
        access.requestor = requestor.username
        db.session.commit()

        Audit().auditlog_update_post('access',
                                     original_data=original_data,
                                     updated_data=access.to_dict(),
                                     record_name=access.__tablename__)
        flash(_('Your changes have been saved.'))

        return redirect(url_for('main.index'))

    else:
        form.user.data = access.user_id
        form.resource.data = access.resource_id
        return render_template('access.html',
                               title=_('Edit Access'),
                               form=form)
Example #29
0
def access_implement():

    accessid = request.args.get('access')

    if 'cancel' in request.form:
        return redirect(request.referrer)
    if 'logs' in request.form:
        return redirect(
            url_for('main.logs_list', module='access', module_id=accessid))

    access = Access.query.get(accessid)
    original_data = access.to_dict()

    if access is None:
        flash(_('Access is not found'))
        return redirect(url_for('main.index'))

    if 'view_resource' in request.form:
        return redirect(
            url_for('main.resource_view', resource=access.resource_id))
    if 'view_user' in request.form:
        return redirect(url_for('main.user', username=access.user.username))


# todo add admin check

    form = ImplementAccessForm(formdata=request.form, obj=access)

    if request.method == 'POST' and form.validate_on_submit():

        if 'deny' in request.form:
            access.status = "denied-by-implementer"
            access.implementer = current_user.username
            db.session.commit()
            flash(
                f"Pending Access to resource: {access.resource.name} for: {access.user.username} was denied"
            )
        elif 'approve' in request.form:
            access.status = "implemented"
            access.approver = current_user.username
            db.session.commit()
            flash(
                f"Pending Access to resource: {access.resource.name} for: {access.user.username} was implemented"
            )
        elif 'postpone' in request.form:
            access.status = "postponed-by-implementer"
            access.approver = current_user.username
            flash(
                f"Pending Access to resource: {access.resource.name} for: {access.user.username} was postponed"
            )
            return redirect(request.referrer)

        Audit().auditlog_update_post('access',
                                     original_data=original_data,
                                     updated_data=access.to_dict(),
                                     record_name=access.__tablename__)
        return redirect(url_for('main.index'))

    else:
        form.user.data = access.user.username
        form.resource.data = access.resource.name
        form.approve_ts.data = access.approve_ts
        return render_template(
            'access.html',
            title=_('Implement Approved Access to resource'),
            form=form)
Example #30
0
from flask_babel import Babel, lazy_gettext as _l
from config import Config

db = SQLAlchemy()
migrate = Migrate()
login = LoginManager()
login.login_view = 'auth.login'
login.login_message = _l('Please log in to access this page.')
mail = Mail()
bootstrap = Bootstrap()
moment = Moment()
babel = Babel()
migrate = Migrate()

from app.main.models import Audit
audit = Audit()


def create_app(config_class=Config):
    app = Flask(__name__)
    app.config.from_object(config_class)

    db.init_app(app)
    migrate.init_app(app, db)
    login.init_app(app)
    mail.init_app(app)
    bootstrap.init_app(app)
    moment.init_app(app)
    babel.init_app(app)
    migrate.init_app(app, db, render_as_batch=True)