def users_get_by_tenant_get_page(self, tenant_id, marker, limit,
session=None):
# This is broken. If a user has more than one role per project
# shit hits the fan because we're limiting the wrong model.
# Also the user lookup is nasty and potentially injectiable.
if not session:
session = get_session()
user = aliased(models.User)
if marker:
users = session.query(user).\
filter_by(tenant_id = tenant_id).\
filter("id > :marker").params(\
marker='%s' % marker).order_by(user.id).\
limit(limit).\
all()
else:
users = session.query(user).\
filter_by(tenant_id = tenant_id).\
order_by(user.id).\
limit(limit).\
all()
for usr in users:
usr.tenant_roles = set()
for role in usr.roles:
if role.tenant_id == tenant_id:
usr.tenant_roles.add(role.role_id)
return users
def get_all(session=None):
if not session:
session = get_session()
results = session.query(models.Credentials).all()
return CredentialsAPI.to_model_list(results)
def get_page_markers(self, marker, limit, session=None):
if not session:
session = get_session()
first = session.query(models.Role).order_by(
models.Role.id).first()
last = session.query(models.Role).order_by(
models.Role.id.desc()).first()
if first is None:
return (None, None)
if marker is None:
marker = first.id
next_page = session.query(models.Role).filter("id > :marker").params(
marker='%s' % marker).order_by(
models.Role.id).limit(int(limit)).all()
prev_page = session.query(models.Role).filter("id < :marker").params(
marker='%s' % marker).order_by(
models.Role.id.desc()).limit(int(limit)).all()
if not next_page:
next_page = last
else:
next_page = next_page[-1]
if not prev_page:
prev_page = first
else:
prev_page = prev_page[-1]
if prev_page.id == marker:
prev_page = None
else:
prev_page = prev_page.id
if next_page.id == last.id:
next_page = None
else:
next_page = next_page.id
return (prev_page, next_page)
def get_all(self, session=None):
if not session:
session = get_session()
results = session.query(models.User)
return UserAPI.to_model_list(results)
def rolegrant_delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
rolegrant = self.rolegrant_get(id, session)
session.delete(rolegrant)
def update(self, id, values, session=None):
if not session:
session = get_session()
with session.begin():
tenant_ref = self.get(id, session)
tenant_ref.update(values)
tenant_ref.save(session=session)
def get_page_markers(self, marker, limit, session=None):
if not session:
session = get_session()
first = session.query(models.Role).order_by(models.Role.id).first()
last = session.query(models.Role).order_by(
models.Role.id.desc()).first()
if first is None:
return (None, None)
if marker is None:
marker = first.id
next_page = session.query(models.Role).filter("id > :marker").params(
marker='%s' % marker).order_by(models.Role.id).limit(
int(limit)).all()
prev_page = session.query(models.Role).filter("id < :marker").params(
marker='%s' % marker).order_by(models.Role.id.desc()).limit(
int(limit)).all()
if not next_page:
next_page = last
else:
next_page = next_page[-1]
if not prev_page:
prev_page = first
else:
prev_page = prev_page[-1]
if prev_page.id == marker:
prev_page = None
else:
prev_page = prev_page.id
if next_page.id == last.id:
next_page = None
else:
next_page = next_page.id
return (prev_page, next_page)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
token_ref = self._get(id, session)
session.delete(token_ref)
def uid_to_id(uid, session=None):
if uid is None:
return None
session = session or get_session()
tenant = session.query(models.Tenant).filter_by(uid=uid).first()
return tenant.id if tenant else None
def _get(id, session=None):
if id is None:
return None
session = session or get_session()
return session.query(models.Credentials).filter_by(id=id).first()
def get_all(session=None):
if not session:
session = get_session()
results = session.query(models.Credentials).all()
return CredentialsAPI.to_model_list(results)
def rolegrant_delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
rolegrant = self.rolegrant_get(id, session)
session.delete(rolegrant)
def get(self, id, session=None):
if not session:
session = get_session()
result = session.query(models.Token).filter_by(id=id).first()
return TokenAPI.to_model(result)
def _get(id, session=None):
if not session:
session = get_session()
result = session.query(models.Token).filter_by(id=id).first()
return result
def endpoint_delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
endpoints = self.endpoint_get(id, session)
if endpoints:
session.delete(endpoints)
def get(self, id, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(uid=id).first()
return UserAPI.to_model(result)
def list_for_user_get_page(self, user_id, marker, limit, session=None):
if not session:
session = get_session()
user = api.USER.get(user_id)
if hasattr(api.USER, 'uid_to_id'):
backend_user_id = api.USER.uid_to_id(user_id)
else:
backend_user_id = user_id
ura = aliased(models.UserRoleAssociation)
tenant = aliased(models.Tenant)
q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\
filter(ura.user_id == backend_user_id)
if 'tenant_id' in user:
if hasattr(api.TENANT, 'uid_to_id'):
backend_tenant_id = api.TENANT.uid_to_id(user.tenant_id)
else:
backend_tenant_id = user.tenant_id
q2 = session.query(tenant).filter(tenant.id == backend_tenant_id)
q3 = q1.union(q2)
else:
q3 = q1
if marker:
results = q3.filter("tenant.id>:marker").params(\
marker='%s' % marker).order_by(\
tenant.id.desc()).limit(limit).all()
else:
results = q3.order_by(tenant.id.desc()).limit(limit).all()
return TenantAPI.to_model_list(results)
def endpoint_get_by_tenant_get_page(self,
tenant_id,
marker,
limit,
session=None):
if not session:
session = get_session()
if hasattr(api.TENANT, 'uid_to_id'):
tenant_id = api.TENANT.uid_to_id(tenant_id)
if marker:
results = session.query(models.Endpoints).\
filter(models.Endpoints.tenant_id == tenant_id).\
filter("id >= :marker").params(
marker='%s' % marker).order_by(
models.Endpoints.id).limit(int(limit)).all()
else:
results = session.query(models.Endpoints).\
filter(models.Endpoints.tenant_id == tenant_id).\
order_by(models.Endpoints.id).limit(int(limit)).all()
if hasattr(api.TENANT, 'id_to_uid'):
for result in results:
result.tenant_id = api.TENANT.id_to_uid(result.tenant_id)
return results
def tenant_group_delete(self, id, group_id, session=None):
if not session:
session = get_session()
with session.begin():
usertenantgroup_ref = self.get_by_group(id, group_id, session)
if usertenantgroup_ref is not None:
session.delete(usertenantgroup_ref)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
group_ref = self.get(id, session)
session.delete(group_ref)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = session.query(models.User).filter_by(uid=id).first()
session.delete(user_ref)
def get(self, id, session=None):
if not session:
session = get_session()
result = session.query(models.Credentials).filter_by(id=id).first()
return CredentialsAPI.to_model(result)
def rolegrant_get_page(self,
marker,
limit,
user_id,
tenant_id,
session=None):
if not session:
session = get_session()
if hasattr(api.USER, 'uid_to_id'):
user_id = api.USER.uid_to_id(user_id)
if hasattr(api.TENANT, 'uid_to_id'):
tenant_id = api.TENANT.uid_to_id(tenant_id)
query = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id)
if tenant_id:
query = query.filter_by(tenant_id=tenant_id)
else:
query = query.filter("tenant_id is null")
if marker:
results = query.filter("id>:marker").params(
marker='%s' % marker).order_by(
models.UserRoleAssociation.id.desc()).limit(limit).all()
else:
results = query.order_by(
models.UserRoleAssociation.id.desc()).limit(limit).all()
for result in results:
if hasattr(api.USER, 'uid_to_id'):
result.user_id = api.USER.id_to_uid(result.user_id)
if hasattr(api.TENANT, 'uid_to_id'):
result.tenant_id = api.TENANT.id_to_uid(result.tenant_id)
return results
def update(self, id, values, session=None):
if not session:
session = get_session()
with session.begin():
tenant_ref = self.get(id, session)
tenant_ref.update(values)
tenant_ref.save(session=session)
def _get(id, session=None):
if id is None:
return None
session = session or get_session()
return session.query(models.Credentials).filter_by(id=id).first()
def update_instance(self, values, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = self.get_instance_bill(values.id, session)
user_ref.update(values)
user_ref.save(session=session)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
group_ref = self._get(id, session)
session.delete(group_ref)
def update_secret(self, access, secret, session=None):
if not session:
session = get_session()
with session.begin():
cred_ref = self.get_by_access(access, session)
cred_ref.update(secret)
cred_ref.save(session=session)
def rolegrant_get_page(self, marker, limit, user_id, tenant_id,
session=None):
if not session:
session = get_session()
if hasattr(api.USER, 'uid_to_id'):
user_id = api.USER.uid_to_id(user_id)
if hasattr(api.TENANT, 'uid_to_id'):
tenant_id = api.TENANT.uid_to_id(tenant_id)
query = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id)
if tenant_id:
query = query.filter_by(tenant_id=tenant_id)
else:
query = query.filter("tenant_id is null")
if marker:
results = query.filter("id>:marker").params(
marker='%s' % marker).order_by(
models.UserRoleAssociation.id.desc()).limit(
int(limit)).all()
else:
results = query.order_by(
models.UserRoleAssociation.id.desc()).limit(
int(limit)).all()
for result in results:
if hasattr(api.USER, 'uid_to_id'):
result.user_id = api.USER.id_to_uid(result.user_id)
if hasattr(api.TENANT, 'uid_to_id'):
result.tenant_id = api.TENANT.id_to_uid(result.tenant_id)
return RoleAPI.to_ura_model_list(results)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
service_ref = session.query(models.Service).\
filter_by(id=id).first()
session.delete(service_ref)
def update_secret(self, access, secret, session=None):
if not session:
session = get_session()
with session.begin():
cred_ref = self.get_by_access(access, session)
cred_ref.update(secret)
cred_ref.save(session=session)
def user_roles_by_tenant(self, user_id, tenant_id, session=None):
if not session:
session = get_session()
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id, tenant_id=tenant_id).\
options(joinedload('roles'))
return result
def get_all(self, session=None):
if not session:
session = get_session()
results = session.query(models.Tenant).all()
return TenantAPI.to_model_list(results)
def uid_to_id(uid, session=None):
if uid is None:
return None
session = session or get_session()
user = session.query(models.User).filter_by(uid=str(uid)).first()
return user.id if user else None
def get(self, id, session=None):
if id is None:
return None
session = session or get_session()
return ServiceAPI.to_model(session.query(models.Service).
filter_by(id=id).first())
def get_by_name(self, name, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(name=name).first()
return UserAPI.to_model(result)
def get_by_name_and_type(self, name, type, session=None):
if not session:
session = get_session()
return session.query(models.Service).\
filter_by(name=name).\
filter_by(type=type).\
first()
def get_by_email(self, email, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(email=email).first()
return UserAPI.to_model(result)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
service_ref = session.query(models.Service).\
filter_by(id=id).first()
session.delete(service_ref)
def rolegrant_get_by_ids(self, user_id, role_id, tenant_id, session=None):
if not session:
session = get_session()
if hasattr(api.USER, 'uid_to_id'):
user_id = api.USER.uid_to_id(user_id)
if hasattr(api.TENANT, 'uid_to_id'):
tenant_id = api.TENANT.uid_to_id(tenant_id)
if tenant_id is None:
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id).filter("tenant_id is null").\
filter_by(role_id=role_id).first()
else:
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).\
filter_by(role_id=role_id).first()
if result:
result['role_id'] = str(result['role_id'])
if hasattr(api.USER, 'uid_to_id'):
result.user_id = api.USER.id_to_uid(result.user_id)
if hasattr(api.TENANT, 'uid_to_id'):
result.tenant_id = api.TENANT.id_to_uid(result.tenant_id)
return RoleAPI.to_ura_model(result)
def users_get_by_tenant_get_page(self, tenant_id, marker, limit,
session=None):
# This is broken. If a user has more than one role per project
# shit hits the fan because we're limiting the wrong model.
# Also the user lookup is nasty and potentially injectiable.
if not session:
session = get_session()
user = aliased(models.UserRoleAssociation)
if marker:
rv = session.query(user).\
filter("tenant_id = :tenant_id").\
params(tenant_id='%s' % tenant_id).\
filter("id>=:marker").\
params(marker='%s' % marker).\
order_by("id").\
limit(limit).\
all()
else:
rv = session.query(user).\
filter("tenant_id = :tenant_id").\
params(tenant_id='%s' % tenant_id).\
order_by("id").\
limit(limit).\
all()
user_ids = set([str(assoc.user_id) for assoc in rv])
users = session.query(models.User).\
filter("id in ('%s')" % "','".join(user_ids)).\
all()
for usr in users:
usr.tenant_roles = set()
for role in usr.roles:
if role.tenant_id == tenant_id:
usr.tenant_roles.add(role.role_id)
return users
def get_all(self, session=None):
if not session:
session = get_session()
results = session.query(models.User)
return UserAPI.to_model_list(results)
def get(self, id, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(uid=id).first()
return UserAPI.to_model(result)
def get_by_email(self, email, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(email=email).first()
return UserAPI.to_model(result)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = session.query(models.User).filter_by(uid=id).first()
session.delete(user_ref)
def rolegrant_get_by_ids(self, user_id, role_id, tenant_id, session=None):
if not session:
session = get_session()
if hasattr(api.USER, 'uid_to_id'):
user_id = api.USER.uid_to_id(user_id)
if hasattr(api.TENANT, 'uid_to_id'):
tenant_id = api.TENANT.uid_to_id(tenant_id)
if tenant_id is None:
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id).filter("tenant_id is null").\
filter_by(role_id=role_id).first()
else:
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id).filter_by(tenant_id=tenant_id).\
filter_by(role_id=role_id).first()
if result:
result['role_id'] = str(result['role_id'])
if hasattr(api.USER, 'uid_to_id'):
result.user_id = api.USER.id_to_uid(result.user_id)
if hasattr(api.TENANT, 'uid_to_id'):
result.tenant_id = api.TENANT.id_to_uid(result.tenant_id)
return RoleAPI.to_ura_model(result)
def get_by_name(self, name, session=None):
if not session:
session = get_session()
result = session.query(models.User).filter_by(name=name).first()
return UserAPI.to_model(result)
def list_for_user_get_page(self, user_id, marker, limit, session=None):
if not session:
session = get_session()
user = api.USER.get(user_id)
if hasattr(api.USER, 'uid_to_id'):
backend_user_id = api.USER.uid_to_id(user_id)
else:
backend_user_id = user_id
ura = aliased(models.UserRoleAssociation)
tenant = aliased(models.Tenant)
q1 = session.query(tenant).join((ura, ura.tenant_id == tenant.id)).\
filter(ura.user_id == backend_user_id)
if 'tenant_id' in user:
if hasattr(api.TENANT, 'uid_to_id'):
backend_tenant_id = api.TENANT.uid_to_id(user.tenant_id)
else:
backend_tenant_id = user.tenant_id
q2 = session.query(tenant).filter(tenant.id == backend_tenant_id)
q3 = q1.union(q2)
else:
q3 = q1
if marker:
results = q3.filter("tenant.id>:marker").params(
marker='%s' % marker).order_by(
tenant.id.desc()).limit(int(limit)).all()
else:
results = q3.order_by(tenant.id.desc()).limit(int(limit)).all()
return TenantAPI.to_model_list(results)
def update_instance(self, values, session=None):
if not session:
session = get_session()
with session.begin():
user_ref = self.get_instance_bill(values.id, session)
user_ref.update(values)
user_ref.save(session=session)
def uid_to_id(uid, session=None):
if uid is None:
return None
session = session or get_session()
tenant = session.query(models.Tenant).filter_by(uid=uid).first()
return tenant.id if tenant else None
def get_all(self, session=None):
if not session:
session = get_session()
results = session.query(models.Tenant).all()
return TenantAPI.to_model_list(results)
def delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
token_ref = self.get(id, session)
session.delete(token_ref)
def get(self, id, session=None):
if not session:
session = get_session()
result = session.query(models.Token).filter_by(id=id).first()
return TokenAPI.to_model(result)
def get(self, id, session=None):
if id is None:
return None
session = session or get_session()
return RoleAPI.to_model(
session.query(models.Role).filter_by(id=id).first())
def user_roles_by_tenant(self, user_id, tenant_id, session=None):
if not session:
session = get_session()
result = session.query(models.UserRoleAssociation).\
filter_by(user_id=user_id, tenant_id=tenant_id).\
options(joinedload('roles'))
return result
def endpoint_get_by_endpoint_template(
self, endpoint_template_id, session=None):
if not session:
session = get_session()
result = session.query(models.Endpoints).\
filter_by(endpoint_template_id=endpoint_template_id).all()
return result
def users_get_by_tenant_get_page(self, tenant_id, marker, limit,
session=None):
# This is broken. If a user has more than one role per project
# shit hits the fan because we're limiting the wrong model.
# Also the user lookup is nasty and potentially injectiable.
if not session:
session = get_session()
user = aliased(models.UserRoleAssociation)
if marker:
rv = session.query(user).\
filter("tenant_id = :tenant_id").\
params(tenant_id='%s' % tenant_id).\
filter("id>=:marker").\
params(marker='%s' % marker).\
order_by("id").\
limit(limit).\
all()
else:
rv = session.query(user).\
filter("tenant_id = :tenant_id").\
params(tenant_id='%s' % tenant_id).\
order_by("id").\
limit(limit).\
all()
user_ids = set([assoc.user_id for assoc in rv])
users = session.query(models.User).\
filter("id in ('%s')" % "','".join(user_ids)).\
all()
for usr in users:
usr.tenant_roles = set()
for role in usr.roles:
if role.tenant_id == tenant_id:
usr.tenant_roles.add(role.role_id)
return users
def endpoint_delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
endpoints = self.endpoint_get(id, session)
if endpoints:
session.delete(endpoints)
def get_for_user_by_tenant(self, user_id, tenant_id, session=None):
if not session:
session = get_session()
result = session.query(models.Token).\
filter_by(user_id=user_id, tenant_id=tenant_id).\
order_by("expires desc").\
first()
return result
def rolegrant_delete(self, id, session=None):
if not session:
session = get_session()
with session.begin():
rolegrant = session.query(models.UserRoleAssociation).\
filter_by(id=id).first()
session.delete(rolegrant)
