def decroated(self, data, req_info, curs): auth = Authenticator() session_id = data.get('session_id') session = auth.get_session(session_id) f = UserFilter(session, {'id': session.user_id}, {}, {}) user = f.filter_one_obj(curs) try: if user.environment_id != session.environment_id: raise HelixauthError('User and session from different environments') if not user.is_active: raise UserInactive() auth.check_access(session, Service.TYPE_AUTH, method.__name__, req_info) data.pop('session_id', None) custom_actor_info = data.pop('custom_actor_info', None) try: result = method(self, data, req_info, session, curs) except Exception, e: data['environment_id'] = session.environment_id _add_log_info(data, session, custom_actor_info) raise e _add_log_info(data, session, custom_actor_info) return result
def check_user_exist(self, data, req_info, session, curs=None): f = UserFilter(session, {'id': data['id']}, {}, None) exist = False try: f.filter_one_obj(curs) exist = True except UserNotFound: pass return response_ok(exist=exist)
def get_user_self(self, data, req_info, session, curs=None): f_params = {'id': session.user_id} f = UserFilter(session, f_params, {}, None) user = f.filter_one_obj(curs) f = GroupFilter(session.environment_id, {}, {}, None) groups = f.filter_objs(curs) g_ids = [g.id for g in groups] result = user.to_dict() result.pop('password') result.pop('salt') result.pop('environment_id') result['groups_ids'] = filter(lambda x: x in g_ids, result['groups_ids']) return response_ok(user=result)
def get_users(self, data, req_info, session, curs=None): f = UserFilter(session, data['filter_params'], data['paging_params'], data.get('ordering_params')) users, total = f.filter_counted(curs) f = GroupFilter(session.environment_id, {}, {}, None) groups = f.filter_objs(curs) g_ids = [g.id for g in groups] def viewer(obj): result = obj.to_dict() result.pop('password') result.pop('salt') result.pop('environment_id') result['groups_ids'] = filter(lambda x: x in g_ids, result['groups_ids']) return result return response_ok(users=self.objects_info(users, viewer), total=total)
def modify_users(self, data, req_info, session, curs=None): u_ids = data['ids'] f = UserFilter(session, {'roles': [User.ROLE_SUPER]}, {}, None) su = f.filter_one_obj(curs) if su.id in u_ids: raise SuperUserModificationDenied() groups_ids = data.get('new_groups_ids', []) filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids) data['new_groups_ids'] = filtered_g_ids if 'new_password' in data: a = Authenticator() salt = a.salt() data['new_password'] = a.encrypt_password(data['new_password'], salt) data['new_salt'] = salt f = UserFilter(session, {'ids': u_ids}, {}, None) loader = partial(f.filter_objs, curs, for_update=True) self.update_objs(curs, data, loader) return response_ok()
def modify_user_self(self, data, req_info, session, curs=None): f = UserFilter(session, {'id': session.user_id}, {}, None) user = f.filter_one_obj(curs) old_password = data.get('old_password') new_password = data.get('new_password') d = {} if 'new_lang' in data: d['new_lang'] = data['new_lang'] if old_password is not None: if new_password is None or len(new_password) == 0: raise UserNewPasswordNotSet("Empty new password can't be set") a = Authenticator() if user.password != a.encrypt_password(old_password, user.salt): raise UserWrongOldPassword() salt = a.salt() d['new_salt'] = salt d['new_password'] = a.encrypt_password(data['new_password'], salt) loader = partial(f.filter_one_obj, curs, for_update=True) self.update_obj(curs, d, loader) return response_ok()