def location_edit(): if 'cancel' in request.form: return redirect(request.referrer) locationid = request.args.get('location') location = Location.query.filter_by(id=locationid).first() original_data = location.to_dict() if location is None: render_template('location.html', title=_('Location is not defined')) form = LocationForm(formdata=request.form, obj=location) if request.method == 'POST' and form.validate_on_submit(): location.place = form.place.data location.area = form.area.data location.facillity = form.facillity.data location.position = form.position.data location.type = form.type.data db.session.commit() Audit().auditlog_update_post('location', original_data=original_data, updated_data=location.to_dict(), record_name=location.longName()) flash(_('Your changes have been saved.')) return redirect(url_for('main.location_list')) else: return render_template('location.html', title=_('Edit Location'), form=form)
def service_add(): if 'cancel' in request.form: return redirect(request.referrer) form = ServiceForm() if form.validate_on_submit(): service = Service(name=form.name.data, color=form.color.data) for u in form.users.data: user = User.query.filter_by(id=u).first() print("Adding: User: %s to: %s" % (user.username, service.name)) service.users.append(user) service.manager = User.query.filter_by(id=form.manager.data).first() db.session.add(service) db.session.commit() Audit().auditlog_new_post('service', original_data=service.to_dict(), record_name=service.name) flash(_('Service have been saved.')) return redirect(url_for('main.service_list')) else: return render_template('service.html', form=form)
def create_access(): data = request.get_json() or {} for field in ['name', 'status']: if field not in data: return bad_request('must include %s fields' % field) check_access = Access.query.filter_by(name=data['name']).first() if check_access is not None: return bad_request('Access already exist with id: %s' % check_access.id) access = Access() access.from_dict(data) db.session.add(access) db.session.commit() Audit().auditlog_new_post('access', original_data=access.to_dict(), record_name=access.name) response = jsonify(access.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('api.get_access', id=access.id) return response
def create_location(): data = request.get_json() or {} for field in ['place', 'facillity', 'area', 'position', 'type']: if field not in data: return bad_request('must include field: %s' % field) check_loc = Location.query.filter_by(place=data['place'], facillity=data['facillity'], area=data['area'], position=data['position'], type=data['type']).first() if check_loc is not None: return bad_request('Location already exist with id: %s' % check_loc.id) location = Location() location.from_dict(data) db.session.add(location) db.session.commit() Audit().auditlog_new_post('location', original_data=location.to_dict(), record_name=location.longName()) response = jsonify(location.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('api.get_location', id=location.id) return response
def create_service(): data = request.get_json() or {} if 'name' not in data or 'color' not in data: return bad_request('must include name and color fields') check_service = Service.query.filter_by(name=data['name']).first() if check_service is not None: return bad_request('Service already exist with id: %s' % check_service.id) service = Service() service.from_dict(data, new_service=True) db.session.add(service) db.session.commit() audit = Audit() audit.auditlog_new_post('service', original_data=service.to_dict(), record_name=service.name) response = jsonify(service.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('api.get_service', id=service.id) return response
def create_resource(): data = request.get_json() or {} if 'serial' not in data: return bad_request('must include field: serial') hsm_pci_card = Resource.query.filter_by(serial=data['serial']).first() if hsm_pci_card is not None: msg = 'Card already exist: %s' % hsm_pci_card.id return bad_request(msg) resource = Resource() status = resource.from_dict(data) if status['success'] is False: return bad_request(status['msg']) db.session.add(resource) db.session.commit() Audit().auditlog_new_post('hsm_pci_card', original_data=resource.to_dict(), record_name=resource.name) response = jsonify(resource.to_dict()) response.status_code = 201 response.headers['Resource'] = url_for('api.get_resource', id=resource.id) return response
def update_role(id): role = Role.query.get_or_404(id) original_data = role.to_dict() data = request.get_json() or {} role.from_dict(data, new_role=False) db.session.commit() Audit().auditlog_update_post('hsm_domain', original_data=original_data, updated_data=data) return jsonify(role.to_dict())
def resource_edit(): resourceid = request.args.get('resource') if 'cancel' in request.form: return redirect(request.referrer) if 'delete' in request.form: return redirect(url_for('main.resource_delete', resource=resourceid)) if 'copy' in request.form: return redirect( url_for('main.resource_copy', copy_from_resource=resourceid)) if 'logs' in request.form: return redirect( url_for('main.logs_list', module='resource', module_id=resourceid)) if 'ports' in request.form: return redirect(url_for('main.resource_port_list', resource=resourceid)) resource = Resource.query.get(resourceid) original_data = resource.to_dict() if resource is None: render_template('service.html', title=_('Resource is not defined')) form = ResourceForm(formdata=request.form, obj=resource) if request.method == 'POST' and form.validate_on_submit(): service = Service.query.get(form.service.data) if service is None: flash('Service is required') return redirect(request.referrer) resource.name = form.name.data resource.comment = form.comment.data resource.environment = form.environment.data resource.external_id = form.external_id.data resource.service = service db.session.commit() Audit().auditlog_update_post('resource', original_data=original_data, updated_data=resource.to_dict(), record_name=resource.name) flash(_('Your changes have been saved.')) return redirect(url_for('main.index')) else: form.name.data = resource.name form.comment.data = resource.comment form.external_id.data = resource.external_id form.service.data = resource.service_id return render_template('resource.html', title=_('Edit Resource'), form=form)
def role_edit(): roleid = request.args.get('role') if 'cancel' in request.form: return redirect(request.referrer) if 'delete' in request.form: return redirect(url_for('main.role_delete', role=roleid)) role = Role.query.get(roleid) form = RoleForm(obj=role) if role is None: flash(_('Role not found')) return redirect(request.referrer) original_data = role.to_dict() if request.method == 'POST' and form.validate_on_submit(): role.name = form.name.data role.description = form.description.data role.resources = [] for r in form.resources.data: resource = Resource.query.get(r) print("Adding: Resource: {} to: {}".format(resource.name, role.name)) role.resources.append(resource) from app.main.models import Service service = Service.query.filter_by(id=form.service.data).first_or_404() if service is None: flash(_('Service id not found')) return redirect(request.referrer) else: role.service = service role.comment = form.comment.data db.session.commit() Audit().auditlog_update_post('role', original_data=original_data, updated_data=role.to_dict(), record_name=role.name) flash(_('Your changes to the role have been saved.')) return redirect(url_for('main.index')) else: pre_selected_resources = [(r.id) for r in role.resources] form = RoleForm(resources=pre_selected_resources) form.name.data = role.name form.comment.data = role.comment form.service.data = role.service_id form.description.data = role.description return render_template('role.html', title=_('Edit Role'), form=form)
def update_service(id): service = Service.query.get_or_404(id) original_data = service.to_dict() data = request.get_json() or {} service.from_dict(data, new_service=False) db.session.commit() Audit().auditlog_update_post('service', original_data=original_data, updated_data=service.to_dict(), record_name=service.name) return jsonify(service.to_dict())
def update_location(id): location = Location.query.get_or_404(id) original_data = location.to_dict() data = request.get_json() or {} location.from_dict(data, new_location=False) db.session.commit() Audit().auditlog_update_post('location', original_data=original_data, updated_data=location.to_dict(), record_name=location.longName()) return jsonify(location.to_dict())
def update_access(id): access = Access.query.get_or_404(id) original_data = access.to_dict() data = request.get_json() or {} access.from_dict(data, new_access=False) db.session.commit() Audit().auditlog_update_post('access', original_data=original_data, updated_data=access.to_dict(), record_name=access.hostname) return jsonify(access.to_dict())
def update_resource(id): resource = Resource.query.get_or_404(id) original_data = resource.to_dict() data = request.get_json() or {} resource.from_dict(data) db.session.commit() Audit().auditlog_update_post('hsm_pci_card', original_data=original_data, updated_data=data, record_name=resource.name) return jsonify(resource.to_dict())
def assignment_add(): if 'cancel' in request.form: return redirect(request.referrer) form = AssignmentForm(formdata=request.form) if request.method == 'POST' and form.validate_on_submit(): user = User.query.get(form.user.data) if user is None: flash('User is required') return redirect(request.referrer) role = Role.query.get(form.role.data) if role is None: flash('User is required') return redirect(request.referrer) print(f"logged in user {current_user.username}") requestor = User.query.filter_by( username=current_user.username).first_or_404() if requestor is None: flash('logged in user is required') return redirect(request.referrer) assignment = Assignment(comment=form.comment.data, start=form.start.data, stop=form.stop.data ) assignment.user = user assignment.role = role assignment.status = "requested" assignment.request_ts = datetime.now() print(f'requestor: {requestor.username}') assignment.requestor = requestor.username db.session.add(assignment) db.session.commit() Audit().auditlog_new_post('assignment', original_data=assignment.to_dict(), record_name=assignment.__tablename__) flash(_('New assignment is now requested!')) return redirect(url_for('main.index')) else: return render_template('assignment.html', title=_('Add Assignment'), form=form)
def update_user(id): user = User.query.get_or_404(id) original_data = user.to_dict() data = request.get_json() or {} if 'username' in data and data['username'] != user.username and \ User.query.filter_by(username=data['username']).first(): return bad_request('please use a different username') if 'email' in data and data['email'] != user.email and \ User.query.filter_by(email=data['email']).first(): return bad_request('please use a different email address') user.from_dict(data, new_user=False) db.session.commit() Audit().auditlog_update_post('user', original_data=original_data, updated_data=user.to_dict(), record_name=user.username) return jsonify(user.to_dict())
def service_edit(): if 'cancel' in request.form: return redirect(request.referrer) servicename = request.args.get('name') service = Service.query.filter_by(name=servicename).first() original_data = service.to_dict() if service is None: render_template('service.html', title=_('Service is not defined')) if 'delete' in request.form: return redirect(url_for('main.service_delete', service=service.id)) form = ServiceForm(formdata=request.form, obj=service) if request.method == 'POST' and form.validate_on_submit(): # TODO remove not selected users ... service.users = [] for u in form.users.data: user = User.query.filter_by(id=u).first() print("Adding: User: %s to: %s" % (user.username, service.name)) service.users.append(user) service.manager = User.query.filter_by(id=form.manager.data).first() service.name = form.name.data service.color = form.color.data db.session.commit() Audit().auditlog_update_post('service', original_data=original_data, updated_data=service.to_dict(), record_name=service.name) flash(_('Your changes have been saved.')) return redirect(url_for('main.service_list')) else: pre_selected_users = [(su.id) for su in service.users] form = ServiceForm(users=pre_selected_users) form.manager.data = service.manager_id form.name.data = service.name form.color.data = service.color return render_template('service.html', title=_('Edit Service'), form=form)
def service_delete(): serviceid = request.args.get('service') service = Service.query.get(serviceid) if service is None: flash(_('Service was not deleted, id not found!')) return redirect(url_for('main.index')) deleted_msg = 'Service deleted: %s\n' % (service.name) flash(deleted_msg) db.session.delete(service) db.session.commit() Audit().auditlog_delete_post('service', data=service.to_dict(), record_name=service.name) return redirect(url_for('main.index'))
def role_delete(): roleid = request.args.get('role') role = Role.query.get(roleid) if role is None: flash(_('Role was not deleted, id not found!')) return redirect(url_for('main.index')) deleted_msg = f'Role deleted: {role.name} {role.comment}' db.session.delete(role) db.session.commit() Audit().auditlog_delete_post('role', data=role.to_dict(), record_name=role.name) flash(deleted_msg) return redirect(url_for('main.index'))
def change_password(): form = ChangePasswordForm() if request.method == 'POST' and form.validate_on_submit(): user = User.query.filter_by(username=current_user.username).first() original_data = user.to_dict() user.set_password(form.password.data) db.session.add(user) db.session.commit() Audit().auditlog_new_post('user', original_data=original_data, updated_data=user.to_dict(), record_name=user.username) flash(_('Password changed')) return redirect(url_for('main.index')) return render_template('auth/change_password.html', form=form)
def assignment_delete(): assignmentid = request.args.get('assignment') assignment = Assignment.query.get(assignmentid) if assignment is None: flash(_('assignment was not deleted, id not found!')) return redirect(url_for('main.index')) # check if pyraadmin deleted_msg = f'assignment deleted for: {assignment.user.username} to: {assignment.role.name}\n' flash(deleted_msg) db.session.delete(assignment) db.session.commit() Audit().auditlog_delete_post('access', data=assignment.to_dict(), record_name=assignment.__class__.__name__.lower()) return redirect(url_for('main.index'))
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('main.index')) user = User.verify_reset_password_token(token) original_data = user.to_dict() if not user: return redirect(url_for('main.index')) form = ResetPasswordForm() if form.validate_on_submit(): user.set_password(form.password.data) db.session.commit() Audit().auditlog_new_post('user', original_data=original_data, updated_data=user.to_dict(), record_name=user.username) flash(_('Your password has been reset.')) return redirect(url_for('auth.login')) return render_template('auth/reset_password.html', form=form)
def access_delete(): accessid = request.args.get('access') access = Access.query.get(accessid) if access is None: flash(_('Access was not deleted, id not found!')) return redirect(url_for('main.index')) # check if pyraadmin deleted_msg = f'Access deleted for: {access.user.username} to: {access.resource.name}\n' flash(deleted_msg) db.session.delete(access) db.session.commit() Audit().auditlog_delete_post('access', data=access.to_dict(), record_name=access.__class__.__name__.lower()) return redirect(url_for('main.index'))
def create_role(): data = request.get_json() or {} for field in ['name', 'service_id']: if field not in data: return bad_request('must include field: %s' % field) check_role = Role.query.filter_by(name=data['name']).first() if check_role is not None: return bad_request('HSM Domain already exist with id: %s' % check_role.id) role = Role() role.from_dict(data) db.session.add(role) db.session.commit() Audit().auditlog_new_post('hsm_domain', original_data=role.to_dict(), record_name=role.name) response = jsonify(role.to_dict()) response.status_code = 201 response.headers['Role'] = url_for('api.get_role', id=role.id) return response
def register(): if current_app.config['OPEN_REGISTRATION'] is False: if not current_user.is_authenticated: flash( _('Registration is not open, contact admin to get an account')) return redirect(url_for('main.index')) form = RegistrationForm() if form.validate_on_submit(): user = User(username=form.username.data, email=form.email.data) user.set_password(form.password.data) db.session.add(user) db.session.commit() Audit().auditlog_new_post('user', original_data=user.to_dict(), record_name=user.username) flash(_('Congratulations, you are now a registered user!')) return redirect(url_for('auth.login')) return render_template('auth/register.html', title=_('Register'), form=form)
def resource_add(): if 'cancel' in request.form: return redirect(request.referrer) form = ResourceForm(formdata=request.form) ip = request.args.get('ip') if ip: form.ipaddress.data = ip if request.method == 'POST' and form.validate_on_submit(): service = Service.query.get(form.service.data) if service is None: flash('Service is required') return redirect(request.referrer) resource = Resource(name=form.name.data, comment=form.comment.data, environment=form.environment.data, external_id=form.external_id.data) resource.service = service db.session.add(resource) db.session.commit() Audit().auditlog_new_post('resource', original_data=resource.to_dict(), record_name=resource.name) flash(_('New resource is now posted!')) return redirect(url_for('main.index')) else: return render_template('resource.html', title=_('Add Resource'), form=form)
def role_add(): if 'cancel' in request.form: return redirect(request.referrer) form = RoleForm(formdata=request.form) if request.method == 'POST' and form.validate_on_submit(): role = Role(name=form.name.data) for r in form.resources.data: resource = Resource.query.get(r) print("Adding: Resource: {} to: {}".format(resource.name, role.name)) role.resources.append(resource) from app.main.models import Service service = Service.query.filter_by(id=form.service.data).first_or_404() if service is None: flash(_('Service id not found')) return redirect(request.referrer) else: role.service = service role.comment = form.comment.data role.description = form.description.data db.session.add(role) db.session.commit() Audit().auditlog_new_post('role', original_data=role.to_dict(), record_name=role.name) flash(_('New Role is now posted!')) return redirect(url_for('main.index')) else: return render_template('role.html', title=_('Role'), form=form)
def location_add(): if 'cancel' in request.form: return redirect(request.referrer) form = LocationForm() if form.validate_on_submit(): location = Location() location.place = form.place.data location.area = form.area.data location.facillity = form.facillity.data location.position = form.position.data location.type = form.type.data db.session.add(location) db.session.commit() Audit().auditlog_new_post('location', original_data=location.to_dict(), record_name=location.longName()) flash(_('Location have been saved.')) return redirect(url_for('main.location_list')) else: return render_template('location.html', form=form)
def access_edit(): accessid = request.args.get('access') if 'cancel' in request.form: return redirect(request.referrer) if 'delete' in request.form: return redirect(url_for('main.access_delete', access=accessid)) if 'logs' in request.form: return redirect( url_for('main.logs_list', module='access', module_id=accessid)) access = Access.query.get(accessid) original_data = access.to_dict() if access is None: render_template('service.html', title=_('Access is not defined')) print(f"logged in user {current_user.username}") requestor = User.query.filter_by( username=current_user.username).first_or_404() if requestor is None: flash('logged in user is required') return redirect(request.referrer) form = AccessForm(formdata=request.form, obj=access) if request.method == 'POST' and form.validate_on_submit(): access.comment = form.comment.data user = User.query.get(form.user.data) if user is None: flash('User is required') return redirect(request.referrer) resource = Resource.query.get(form.resource.data) if resource is None: flash('resource is required') return redirect(request.referrer) access.comment = form.comment.data access.start = form.start.data access.stop = form.stop.data access.user = user access.resource = resource access.status = "requested" access.request_ts = datetime.now() print(f'requestor: {requestor.username}') access.requestor = requestor.username db.session.commit() Audit().auditlog_update_post('access', original_data=original_data, updated_data=access.to_dict(), record_name=access.__tablename__) flash(_('Your changes have been saved.')) return redirect(url_for('main.index')) else: form.user.data = access.user_id form.resource.data = access.resource_id return render_template('access.html', title=_('Edit Access'), form=form)
def access_implement(): accessid = request.args.get('access') if 'cancel' in request.form: return redirect(request.referrer) if 'logs' in request.form: return redirect( url_for('main.logs_list', module='access', module_id=accessid)) access = Access.query.get(accessid) original_data = access.to_dict() if access is None: flash(_('Access is not found')) return redirect(url_for('main.index')) if 'view_resource' in request.form: return redirect( url_for('main.resource_view', resource=access.resource_id)) if 'view_user' in request.form: return redirect(url_for('main.user', username=access.user.username)) # todo add admin check form = ImplementAccessForm(formdata=request.form, obj=access) if request.method == 'POST' and form.validate_on_submit(): if 'deny' in request.form: access.status = "denied-by-implementer" access.implementer = current_user.username db.session.commit() flash( f"Pending Access to resource: {access.resource.name} for: {access.user.username} was denied" ) elif 'approve' in request.form: access.status = "implemented" access.approver = current_user.username db.session.commit() flash( f"Pending Access to resource: {access.resource.name} for: {access.user.username} was implemented" ) elif 'postpone' in request.form: access.status = "postponed-by-implementer" access.approver = current_user.username flash( f"Pending Access to resource: {access.resource.name} for: {access.user.username} was postponed" ) return redirect(request.referrer) Audit().auditlog_update_post('access', original_data=original_data, updated_data=access.to_dict(), record_name=access.__tablename__) return redirect(url_for('main.index')) else: form.user.data = access.user.username form.resource.data = access.resource.name form.approve_ts.data = access.approve_ts return render_template( 'access.html', title=_('Implement Approved Access to resource'), form=form)
from flask_babel import Babel, lazy_gettext as _l from config import Config db = SQLAlchemy() migrate = Migrate() login = LoginManager() login.login_view = 'auth.login' login.login_message = _l('Please log in to access this page.') mail = Mail() bootstrap = Bootstrap() moment = Moment() babel = Babel() migrate = Migrate() from app.main.models import Audit audit = Audit() def create_app(config_class=Config): app = Flask(__name__) app.config.from_object(config_class) db.init_app(app) migrate.init_app(app, db) login.init_app(app) mail.init_app(app) bootstrap.init_app(app) moment.init_app(app) babel.init_app(app) migrate.init_app(app, db, render_as_batch=True)