def users_get_by_tenant_get_page(self, tenant_id, marker, limit, session=None): # This is broken. If a user has more than one role per project # shit hits the fan because we're limiting the wrong model. # Also the user lookup is nasty and potentially injectiable. if not session: session = get_session() user = aliased(models.User) if marker: users = session.query(user).\ filter_by(tenant_id = tenant_id).\ filter("id > :marker").params(\ marker='%s' % marker).order_by(user.id).\ limit(limit).\ all() else: users = session.query(user).\ filter_by(tenant_id = tenant_id).\ order_by(user.id).\ limit(limit).\ all() for usr in users: usr.tenant_roles = set() for role in usr.roles: if role.tenant_id == tenant_id: usr.tenant_roles.add(role.role_id) return users
def get_all(session=None): if not session: session = get_session() results = session.query(models.Credentials).all() return CredentialsAPI.to_model_list(results)
def get_page_markers(self, marker, limit, session=None): if not session: session = get_session() first = session.query(models.Role).order_by( models.Role.id).first() last = session.query(models.Role).order_by( models.Role.id.desc()).first() if first is None: return (None, None) if marker is None: marker = first.id next_page = session.query(models.Role).filter("id > :marker").params( marker='%s' % marker).order_by( models.Role.id).limit(int(limit)).all() prev_page = session.query(models.Role).filter("id < :marker").params( marker='%s' % marker).order_by( models.Role.id.desc()).limit(int(limit)).all() if not next_page: next_page = last else: next_page = next_page[-1] if not prev_page: prev_page = first else: prev_page = prev_page[-1] if prev_page.id == marker: prev_page = None else: prev_page = prev_page.id if next_page.id == last.id: next_page = None else: next_page = next_page.id return (prev_page, next_page)
def get_all(self, session=None): if not session: session = get_session() results = session.query(models.User) return UserAPI.to_model_list(results)
def rolegrant_delete(self, id, session=None): if not session: session = get_session() with session.begin(): rolegrant = self.rolegrant_get(id, session) session.delete(rolegrant)
def update(self, id, values, session=None): if not session: session = get_session() with session.begin(): tenant_ref = self.get(id, session) tenant_ref.update(values) tenant_ref.save(session=session)
def get_page_markers(self, marker, limit, session=None): if not session: session = get_session() first = session.query(models.Role).order_by(models.Role.id).first() last = session.query(models.Role).order_by( models.Role.id.desc()).first() if first is None: return (None, None) if marker is None: marker = first.id next_page = session.query(models.Role).filter("id > :marker").params( marker='%s' % marker).order_by(models.Role.id).limit( int(limit)).all() prev_page = session.query(models.Role).filter("id < :marker").params( marker='%s' % marker).order_by(models.Role.id.desc()).limit( int(limit)).all() if not next_page: next_page = last else: next_page = next_page[-1] if not prev_page: prev_page = first else: prev_page = prev_page[-1] if prev_page.id == marker: prev_page = None else: prev_page = prev_page.id if next_page.id == last.id: next_page = None else: next_page = next_page.id return (prev_page, next_page)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): token_ref = self._get(id, session) session.delete(token_ref)
def uid_to_id(uid, session=None): if uid is None: return None session = session or get_session() tenant = session.query(models.Tenant).filter_by(uid=uid).first() return tenant.id if tenant else None
def _get(id, session=None): if id is None: return None session = session or get_session() return session.query(models.Credentials).filter_by(id=id).first()
def get(self, id, session=None): if not session: session = get_session() result = session.query(models.Token).filter_by(id=id).first() return TokenAPI.to_model(result)
def _get(id, session=None): if not session: session = get_session() result = session.query(models.Token).filter_by(id=id).first() return result
def endpoint_delete(self, id, session=None): if not session: session = get_session() with session.begin(): endpoints = self.endpoint_get(id, session) if endpoints: session.delete(endpoints)
def get(self, id, session=None): if not session: session = get_session() result = session.query(models.User).filter_by(uid=id).first() return UserAPI.to_model(result)
def list_for_user_get_page(self, user_id, marker, limit, session=None): if not session: session = get_session() user = api.USER.get(user_id) if hasattr(api.USER, 'uid_to_id'): backend_user_id = api.USER.uid_to_id(user_id) else: backend_user_id = user_id ura = aliased(models.UserRoleAssociation) tenant = aliased(models.Tenant) q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ filter(ura.user_id == backend_user_id) if 'tenant_id' in user: if hasattr(api.TENANT, 'uid_to_id'): backend_tenant_id = api.TENANT.uid_to_id(user.tenant_id) else: backend_tenant_id = user.tenant_id q2 = session.query(tenant).filter(tenant.id == backend_tenant_id) q3 = q1.union(q2) else: q3 = q1 if marker: results = q3.filter("tenant.id>:marker").params(\ marker='%s' % marker).order_by(\ tenant.id.desc()).limit(limit).all() else: results = q3.order_by(tenant.id.desc()).limit(limit).all() return TenantAPI.to_model_list(results)
def endpoint_get_by_tenant_get_page(self, tenant_id, marker, limit, session=None): if not session: session = get_session() if hasattr(api.TENANT, 'uid_to_id'): tenant_id = api.TENANT.uid_to_id(tenant_id) if marker: results = session.query(models.Endpoints).\ filter(models.Endpoints.tenant_id == tenant_id).\ filter("id >= :marker").params( marker='%s' % marker).order_by( models.Endpoints.id).limit(int(limit)).all() else: results = session.query(models.Endpoints).\ filter(models.Endpoints.tenant_id == tenant_id).\ order_by(models.Endpoints.id).limit(int(limit)).all() if hasattr(api.TENANT, 'id_to_uid'): for result in results: result.tenant_id = api.TENANT.id_to_uid(result.tenant_id) return results
def tenant_group_delete(self, id, group_id, session=None): if not session: session = get_session() with session.begin(): usertenantgroup_ref = self.get_by_group(id, group_id, session) if usertenantgroup_ref is not None: session.delete(usertenantgroup_ref)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): group_ref = self.get(id, session) session.delete(group_ref)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): user_ref = session.query(models.User).filter_by(uid=id).first() session.delete(user_ref)
def get(self, id, session=None): if not session: session = get_session() result = session.query(models.Credentials).filter_by(id=id).first() return CredentialsAPI.to_model(result)
def rolegrant_get_page(self, marker, limit, user_id, tenant_id, session=None): if not session: session = get_session() if hasattr(api.USER, 'uid_to_id'): user_id = api.USER.uid_to_id(user_id) if hasattr(api.TENANT, 'uid_to_id'): tenant_id = api.TENANT.uid_to_id(tenant_id) query = session.query(models.UserRoleAssociation).\ filter_by(user_id=user_id) if tenant_id: query = query.filter_by(tenant_id=tenant_id) else: query = query.filter("tenant_id is null") if marker: results = query.filter("id>:marker").params( marker='%s' % marker).order_by( models.UserRoleAssociation.id.desc()).limit(limit).all() else: results = query.order_by( models.UserRoleAssociation.id.desc()).limit(limit).all() for result in results: if hasattr(api.USER, 'uid_to_id'): result.user_id = api.USER.id_to_uid(result.user_id) if hasattr(api.TENANT, 'uid_to_id'): result.tenant_id = api.TENANT.id_to_uid(result.tenant_id) return results
def update_instance(self, values, session=None): if not session: session = get_session() with session.begin(): user_ref = self.get_instance_bill(values.id, session) user_ref.update(values) user_ref.save(session=session)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): group_ref = self._get(id, session) session.delete(group_ref)
def update_secret(self, access, secret, session=None): if not session: session = get_session() with session.begin(): cred_ref = self.get_by_access(access, session) cred_ref.update(secret) cred_ref.save(session=session)
def rolegrant_get_page(self, marker, limit, user_id, tenant_id, session=None): if not session: session = get_session() if hasattr(api.USER, 'uid_to_id'): user_id = api.USER.uid_to_id(user_id) if hasattr(api.TENANT, 'uid_to_id'): tenant_id = api.TENANT.uid_to_id(tenant_id) query = session.query(models.UserRoleAssociation).\ filter_by(user_id=user_id) if tenant_id: query = query.filter_by(tenant_id=tenant_id) else: query = query.filter("tenant_id is null") if marker: results = query.filter("id>:marker").params( marker='%s' % marker).order_by( models.UserRoleAssociation.id.desc()).limit( int(limit)).all() else: results = query.order_by( models.UserRoleAssociation.id.desc()).limit( int(limit)).all() for result in results: if hasattr(api.USER, 'uid_to_id'): result.user_id = api.USER.id_to_uid(result.user_id) if hasattr(api.TENANT, 'uid_to_id'): result.tenant_id = api.TENANT.id_to_uid(result.tenant_id) return RoleAPI.to_ura_model_list(results)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): service_ref = session.query(models.Service).\ filter_by(id=id).first() session.delete(service_ref)
def user_roles_by_tenant(self, user_id, tenant_id, session=None): if not session: session = get_session() result = session.query(models.UserRoleAssociation).\ filter_by(user_id=user_id, tenant_id=tenant_id).\ options(joinedload('roles')) return result
def get_all(self, session=None): if not session: session = get_session() results = session.query(models.Tenant).all() return TenantAPI.to_model_list(results)
def uid_to_id(uid, session=None): if uid is None: return None session = session or get_session() user = session.query(models.User).filter_by(uid=str(uid)).first() return user.id if user else None
def get(self, id, session=None): if id is None: return None session = session or get_session() return ServiceAPI.to_model(session.query(models.Service). filter_by(id=id).first())
def get_by_name(self, name, session=None): if not session: session = get_session() result = session.query(models.User).filter_by(name=name).first() return UserAPI.to_model(result)
def get_by_name_and_type(self, name, type, session=None): if not session: session = get_session() return session.query(models.Service).\ filter_by(name=name).\ filter_by(type=type).\ first()
def get_by_email(self, email, session=None): if not session: session = get_session() result = session.query(models.User).filter_by(email=email).first() return UserAPI.to_model(result)
def rolegrant_get_by_ids(self, user_id, role_id, tenant_id, session=None): if not session: session = get_session() if hasattr(api.USER, 'uid_to_id'): user_id = api.USER.uid_to_id(user_id) if hasattr(api.TENANT, 'uid_to_id'): tenant_id = api.TENANT.uid_to_id(tenant_id) if tenant_id is None: result = session.query(models.UserRoleAssociation).\ filter_by(user_id=user_id).filter("tenant_id is null").\ filter_by(role_id=role_id).first() else: result = session.query(models.UserRoleAssociation).\ filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).\ filter_by(role_id=role_id).first() if result: result['role_id'] = str(result['role_id']) if hasattr(api.USER, 'uid_to_id'): result.user_id = api.USER.id_to_uid(result.user_id) if hasattr(api.TENANT, 'uid_to_id'): result.tenant_id = api.TENANT.id_to_uid(result.tenant_id) return RoleAPI.to_ura_model(result)
def users_get_by_tenant_get_page(self, tenant_id, marker, limit, session=None): # This is broken. If a user has more than one role per project # shit hits the fan because we're limiting the wrong model. # Also the user lookup is nasty and potentially injectiable. if not session: session = get_session() user = aliased(models.UserRoleAssociation) if marker: rv = session.query(user).\ filter("tenant_id = :tenant_id").\ params(tenant_id='%s' % tenant_id).\ filter("id>=:marker").\ params(marker='%s' % marker).\ order_by("id").\ limit(limit).\ all() else: rv = session.query(user).\ filter("tenant_id = :tenant_id").\ params(tenant_id='%s' % tenant_id).\ order_by("id").\ limit(limit).\ all() user_ids = set([str(assoc.user_id) for assoc in rv]) users = session.query(models.User).\ filter("id in ('%s')" % "','".join(user_ids)).\ all() for usr in users: usr.tenant_roles = set() for role in usr.roles: if role.tenant_id == tenant_id: usr.tenant_roles.add(role.role_id) return users
def list_for_user_get_page(self, user_id, marker, limit, session=None): if not session: session = get_session() user = api.USER.get(user_id) if hasattr(api.USER, 'uid_to_id'): backend_user_id = api.USER.uid_to_id(user_id) else: backend_user_id = user_id ura = aliased(models.UserRoleAssociation) tenant = aliased(models.Tenant) q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\ filter(ura.user_id == backend_user_id) if 'tenant_id' in user: if hasattr(api.TENANT, 'uid_to_id'): backend_tenant_id = api.TENANT.uid_to_id(user.tenant_id) else: backend_tenant_id = user.tenant_id q2 = session.query(tenant).filter(tenant.id == backend_tenant_id) q3 = q1.union(q2) else: q3 = q1 if marker: results = q3.filter("tenant.id>:marker").params( marker='%s' % marker).order_by( tenant.id.desc()).limit(int(limit)).all() else: results = q3.order_by(tenant.id.desc()).limit(int(limit)).all() return TenantAPI.to_model_list(results)
def delete(self, id, session=None): if not session: session = get_session() with session.begin(): token_ref = self.get(id, session) session.delete(token_ref)
def get(self, id, session=None): if id is None: return None session = session or get_session() return RoleAPI.to_model( session.query(models.Role).filter_by(id=id).first())
def endpoint_get_by_endpoint_template( self, endpoint_template_id, session=None): if not session: session = get_session() result = session.query(models.Endpoints).\ filter_by(endpoint_template_id=endpoint_template_id).all() return result
def users_get_by_tenant_get_page(self, tenant_id, marker, limit, session=None): # This is broken. If a user has more than one role per project # shit hits the fan because we're limiting the wrong model. # Also the user lookup is nasty and potentially injectiable. if not session: session = get_session() user = aliased(models.UserRoleAssociation) if marker: rv = session.query(user).\ filter("tenant_id = :tenant_id").\ params(tenant_id='%s' % tenant_id).\ filter("id>=:marker").\ params(marker='%s' % marker).\ order_by("id").\ limit(limit).\ all() else: rv = session.query(user).\ filter("tenant_id = :tenant_id").\ params(tenant_id='%s' % tenant_id).\ order_by("id").\ limit(limit).\ all() user_ids = set([assoc.user_id for assoc in rv]) users = session.query(models.User).\ filter("id in ('%s')" % "','".join(user_ids)).\ all() for usr in users: usr.tenant_roles = set() for role in usr.roles: if role.tenant_id == tenant_id: usr.tenant_roles.add(role.role_id) return users
def get_for_user_by_tenant(self, user_id, tenant_id, session=None): if not session: session = get_session() result = session.query(models.Token).\ filter_by(user_id=user_id, tenant_id=tenant_id).\ order_by("expires desc").\ first() return result
def rolegrant_delete(self, id, session=None): if not session: session = get_session() with session.begin(): rolegrant = session.query(models.UserRoleAssociation).\ filter_by(id=id).first() session.delete(rolegrant)