def delete_users(self, userIds, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
userIds = split_list_sanitized(userIds)
try:
for userId in userIds:
try:
delUser = session.query(User).filter(User.id == userId).one()
session.delete(delUser)
for flFile in session.query(File).filter(File.owner_id == delUser.id):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by user %s has been deleted as a result of the owner being deleted. " % (flFile.name, flFile.id, delUser.id), "admin"))
session.add(AuditLog(user.id, Actions.DELETE_USER, "User with ID: \"%s\" deleted from system" % delUser.id, "admin"))
sMessages.append("Successfully deleted user %s" % userId)
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID:%s does not exist" % userId)
except Exception, e:
fMessages.append("Could not delete user: %s" % str(e))
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [delete_users] [Could not delete users: %s]" % (user.id, str(e)))
fMessages.append("Could not delete users: %s" % str(e))
def create_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
if self.validIPv4.match(hostIPv4):
hostIPv6 = ''
elif self.validIPv6.match(hostIPv6):
hostIPv4 = ''
else:
fMessages.append("No IP address specified.")
return fl_response(sMessages, fMessages, format)
CLIkeyGen = str(os.urandom(32).encode('hex'))[0:32]
try:
existingKey = session.query(CLIKey).filter(CLIKey.user_id==user.id).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one()
existingKey.value=CLIkeyGen
session.add(AuditLog(user.id, Actions.UPDATE_CLIKEY, "%s updated CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6)))
session.commit()
sMessages.append("Successfully updated key for host: %s%s." % (str(hostIPv4),str(hostIPv6)))
except sqlalchemy.orm.exc.NoResultFound, nrf:
newKey = CLIKey(user_id=strip_tags(user.id), host_ipv4=strip_tags(hostIPv4), host_ipv6=strip_tags(hostIPv6), value=CLIkeyGen)
session.add(newKey)
session.add(AuditLog(user.id, Actions.CREATE_CLIKEY, "%s created CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6)))
session.commit()
sMessages.append("Successfully added key for host: %s%s." % (str(hostIPv4),str(hostIPv6)))
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [create_clikey] [Problem creating key: %s]" % (user.id, str(e)))
fMessages.append("Problem creating key: %s" % str(e))
def update_user(self, userId, quota=None, email=None, firstName=None, lastName=None, password=None, confirmPassword=None, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
userId = strip_tags(userId)
if userId == user.id or AccountService.user_has_permission(user, "admin"):
updateUser = AccountService.get_user(userId) #This kind of implicitly enforces permissions
updateUser.email = strip_tags(email) if strip_tags(email) is not None else updateUser.email
updateUser.quota = int(strip_tags(quota)) if strip_tags(quota) is not None else updateUser.quota
updateUser.first_name = strip_tags(firstName) if strip_tags(firstName) is not None else updateUser.first_name
updateUser.last_name = strip_tags(lastName) if strip_tags(lastName) is not None else updateUser.last_name
if password != "" and password is not None and confirmPassword != "" and confirmPassword is not None:
if password == confirmPassword:
updateUser.set_password(password)
else:
fMessages.append("Passwords do not match, password has not been reset")
sMessages.append("Successfully updated user settings")
session.add(AuditLog(user.id, Actions.UPDATE_USER, "%s updated user account \"%s\"" % (user.id, userId), userId))
session.commit()
else:
fMessages.append("You do not have permission to update this user")
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [update_user] [Problem rupdating user: %s]" % (user.id, str(e)))
fMessages.append("Problem while updating user: %s" % str(e))
def grant_user_permission(self,
userId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
userId = strip_tags(userId)
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
flUser = session.query(User).filter(User.id == userId).one()
flUser.permissions.append(permission)
session.commit()
sMessages.append("User %s granted permission %s" %
(userId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID: %s does not exist" %
str(userId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [grant_user_permission] [Problem granting user a permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem granting a user permission: %s" % str(e))
def sign_tos(self, **kwargs):
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
if cherrypy.session.has_key("user") and cherrypy.session.get(
"user") is not None:
user = cherrypy.session.get("user")
if kwargs.has_key('action') and kwargs['action'] == "sign":
attachedUser = session.query(User).filter(
User.id == user.id).one()
attachedUser.date_tos_accept = datetime.datetime.now()
cherrypy.session['user'] = attachedUser.get_copy()
session.commit()
raise cherrypy.HTTPRedirect(config['root_url'])
else:
currentYear = datetime.date.today().year
footerText = str(
Template(file=get_template_file('footer_text.tmpl'),
searchList=[locals(), globals()]))
return str(
Template(file=get_template_file('tos.tmpl'),
searchList=[locals(), globals()]))
else:
raise cherrypy.HTTPRedirect(config['root_url'])
def update_server_config(self, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
for key in kwargs:
if key.startswith("config_name_"):
parameterName = key[12:]
# Parameter description should not be updated by client
#description = kwargs['config_desc_%s' % parameterName]
value = None
if parameterName.endswith("pass"): #Don't strip characters from passwords
value = kwargs[key]
else:
value = strip_tags(kwargs[key])
parameter = session.query(ConfigParameter).filter(ConfigParameter.name == parameterName).one()
# Parameter description should not be updated by client
#parameter.description = description
parameter.value = value
session.commit()
#TODO: Make sure this if phased out properly
#Filelocker.update_config(cherrypy.request.app.config)
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [update_server_config] [Could not update server config: %s]" % (user.id, str(e)))
fMessages.append("Unable to update config: %s" % str(e))
def remove_users_from_group(self, userIds, groupId, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
userIds = split_list_sanitized(userIds)
groupId = int(strip_tags(groupId))
group = session.query(Group).filter(Group.id==groupId).one()
if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
for userId in userIds:
user = AccountService.get_user(userId)
group.members.remove(user)
session.add(AuditLog(user.id, Actions.UPDATE_GROUP, "%s user(s) removed from group \"%s\"(%s)" % (len(userIds), group.name, group.id)))
session.commit()
sMessages.append("Group members removed successfully")
else:
fMessages.append("You do not have permission to modify group with ID:%s" % str(groupId))
except ValueError:
fMessages.append("Invalid group Id")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Group with ID:%s could not be found" % str(groupId))
except Exception, e:
session.rollback()
fMessages.append("Couldn't remove members from group: %s" % str(e))
cherrypy.log.error("[%s] [remove_users_from_group] [Couldn't remove members from group: %s]" % (user.id, str(e)))
def delete_upload_request(self, ticketId, format="json", requestOrigin=""):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
ticketId = strip_tags(ticketId)
uploadRequest = session.query(UploadRequest).filter(
UploadRequest.id == ticketId).one()
if uploadRequest.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
session.delete(uploadRequest)
session.add(
AuditLog(
user.id, Actions.DELETE_UPLOAD_REQUEST,
"You deleted an upload request with ID: %s" %
uploadRequest.id))
session.commit()
sMessages.append("Upload request deleted")
else:
fMessages.append(
"You do not have permission to delete this upload request"
)
except Exception, e:
fMessages.append(str(e))
def update_file(self, fileId, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileId = strip_tags(fileId)
try:
flFile = session.query(File).filter(File.id == fileId).one()
if flFile.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
if kwargs.has_key("fileName"):
flFile.name = strip_tags(kwargs['fileName'])
if kwargs.has_key('notifyOnDownload'):
flFile.notify_on_download = True if kwargs[
'notifyOnDownload'].lower() == "true" else False
if kwargs.has_key('fileNotes'):
flFile.notes = strip_tags(kwargs['fileNotes'])
session.commit()
sMessages.append("Successfully updated file %s" %
flFile.name)
else:
fMessages.append(
"You do not have permission to update file with ID: %s"
% str(flFile.id))
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" %
str(fileId))
except Exception, e:
fMessages.append(str(e))
def delete_user_shares(self, fileIds, userId, format="json"):
user, role, sMessages, fMessages = (
cherrypy.session.get("user"), cherrypy.session.get("current_role"),
[], [])
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
try:
flFile = session.query(File).filter(File.id == fileId).one()
if (
role is not None and flFile.role_owner_id == role.id
) or flFile.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
ps = session.query(UserShare).filter(
and_(UserShare.user_id == userId,
UserShare.file_id == flFile.id)).scalar()
if ps is not None:
session.delete(ps)
session.add(
AuditLog(
user.id, Actions.DELETE_USER_SHARE,
"You stopped sharing file %s with %s" %
(flFile.name, userId), None,
role.id if role is not None else None))
session.commit()
sMessages.append("Share has been successfully deleted")
else:
fMessages.append("This share does not exist")
else:
fMessages.append(
"You do not have permission to modify shares for file with ID: %s"
% str(flFile.id))
except Exception, e:
session.rollback()
fMessages.append("Problem deleting share for file: %s" %
str(e))
def routine_maintenance(config):
from lib import AccountService
expiredFiles = session.query(File).filter(File.date_expires < datetime.datetime.now())
for flFile in expiredFiles:
try:
for share in flFile.user_shares:
session.delete(share)
for share in flFile.group_shares:
session.delete(share)
for share in flFile.public_shares:
session.delete(share)
for share in flFile.attribute_shares:
session.delete(share)
FileService.queue_for_deletion(flFile.id)
session.add(
AuditLog(
"admin",
Actions.DELETE_FILE,
"File %s (ID:%s) has expired and has been purged by the system." % (flFile.name, flFile.id),
flFile.owner_id,
)
)
session.delete(flFile)
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error("[system] [routine_maintenance] [Error while deleting expired file: %s]" % str(e))
def delete_roles(self, roleIds, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
roleIds = split_list_sanitized(roleIds)
for roleId in roleIds:
try:
role = session.query(Role).filter(Role.id == roleId).one()
session.delete(role)
for flFile in session.query(File).filter(
File.role_owner_id == role.id):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(
AuditLog(
user.id, Actions.DELETE_FILE,
"File %s (%s) owned by role %s has been deleted as a result of the role owner being deleted. "
% (flFile.name, flFile.id, role.id), "admin"))
session.add(
AuditLog(
user.id, Actions.DELETE_ROLE,
"%s deleted role \"%s\"(%s) from the system" %
(user.id, role.name, role.id), None))
sMessages.append("Successfully deleted roles%s." %
str(roleId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("The role ID: %s does not exist" %
str(roleId))
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [delete_roles] [Problem deleting roles: %s]" %
(user.id, str(e)))
fMessages.append("Problem deleting roles: %s" % str(e))
def bulk_create_user(self, quota, password, permissions, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"),[], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
permissions = split_list_sanitized(permissions)
line = cherrypy.request.body.readline()
count = 0
while line != "":
(userId, userFirstName, userLastName, userEmailAddress) = split_list_sanitized(line)
if session.query(User).filter(User.id==userId).scalar() is None:
newUser = User(first_name=userFirstName, last_name=userLastName, email=userEmailAddress.replace("\n",""), quota=quota, id=userId)
newUser.set_password(password)
session.add(newUser)
for permissionId in permissions:
permission = session.query(Permission).filter(Permission.id==permissionId).one()
newUser.permissions.append(permission)
session.commit()
count += 1
else:
fMessages.append("User %s already exists." % userId)
line = cherrypy.request.body.readline()
if len(fMessages) == 0:
sMessages.append("Created %s users" % count)
except ValueError, ve:
fMessages.append("CSV file not parsed correctly, possibly in wrong format.")
except Exception, e:
cherrypy.log.error("[%s] [bulk_create_user] [Problem creating users in bulk: %s]" % (user.id, str(e)))
fMessages.append("Problem creating users in bulk: %s" % str(e))
def take_file(self, fileId, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
config = cherrypy.request.app.config['filelocker']
try:
flFile = session.query(File).filter(File.id == fileId).one()
if flFile.owner_id == user.id:
fMessages.append("You cannot take your own file")
elif flFile.shared_with(
user) or AccountService.user_has_permission(user, "admin"):
if (FileService.get_user_quota_usage_bytes(user) +
flFile.size) >= (user.quota * 1024 * 1024):
cherrypy.log.error(
"[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]"
% (user.id, flFile.name))
raise Exception(
"You may not copy this file because doing so would exceed your quota"
)
takenFile = flFile.get_copy()
takenFile.owner_id = user.id
takenFile.date_uploaded = datetime.datetime.now()
takenFile.notify_on_download = False
session.add(takenFile)
session.commit()
shutil.copy(os.path.join(config['vault'], str(flFile.id)),
os.path.join(config['vault'], str(takenFile.id)))
sMessages.append(
"Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. "
% flFile.name)
else:
fMessages.append(
"You do not have permission to take this file")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
def update_group(self,
groupId,
groupName=None,
groupScope="private",
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
groupId = strip_tags(groupId)
group = session.query(Group).filter(Group.id == groupId).one()
if group.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
group.name = strip_tags(groupName) if strip_tags(
groupName) is not None else group.name
group.scope = strip_tags(groupScope.lower(
)) if groupScope is not None else group.scope
session.add(
AuditLog(
user.id, Actions.UPDATE_GROUP,
"Group \"%s\"(%s) has been updated" %
(group.name, group.id)))
session.commit()
sMessages.append("Group updated")
else:
fMessages.append(
"You do not have permission to update this group")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find group with ID: %s" % str(groupId))
def take_file(self, fileId, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
config = cherrypy.request.app.config['filelocker']
try:
flFile = session.query(File).filter(File.id==fileId).one()
if flFile.owner_id == user.id:
fMessages.append("You cannot take your own file")
elif flFile.shared_with(user) or AccountService.user_has_permission(user, "admin"):
if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota*1024*1024):
cherrypy.log.error("[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name))
raise Exception("You may not copy this file because doing so would exceed your quota")
takenFile = flFile.get_copy()
takenFile.owner_id = user.id
takenFile.date_uploaded = datetime.datetime.now()
takenFile.notify_on_download = False
session.add(takenFile)
session.commit()
shutil.copy(os.path.join(config['vault'],str(flFile.id)), os.path.join(config['vault'],str(takenFile.id)))
sMessages.append("Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name)
else:
fMessages.append("You do not have permission to take this file")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
except Exception, e:
session.rollback()
fMessages.append(str(e))
def delete_files(self, fileIds, format="json", requestOrigin="", **kwargs):
user, role, sMessages, fMessages = (cherrypy.session.get("user"),cherrypy.session.get("current_role"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
try:
fileId = int(fileId)
flFile = session.query(File).filter(File.id == fileId).one()
if flFile.role_owner_id is not None and role is not None and flFile.role_owner_id == role.id:
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted by user %s. " % (flFile.name, flFile.id, role.name, user.id)))
session.commit()
sMessages.append("File %s deleted successfully" % flFile.name)
elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) has been deleted" % (flFile.name, flFile.id)))
session.commit()
sMessages.append("File %s deleted successfully" % flFile.name)
else:
fMessages.append("You do not have permission to delete file %s" % flFile.name)
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [delete_files] [Could not delete file: %s]" % (user.id, str(e)))
fMessages.append("File not deleted: %s" % str(e))
def delete_messages(self,
messageIds,
format="json",
requestOrigin="",
**kwargs):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
messageIdList = split_list_sanitized(messageIds)
for messageId in messageIdList:
message = session.query(Message).filter(
Message.id == messageId).scalar()
if (message.owner_id == user.id
or AccountService.user_has_permission(
user, "admin")):
session.delete(message)
else:
fMessages.append(
"You do not have permission to delete message with ID: %s"
% messageId)
session.commit()
sMessages.append("Message(s) deleted")
except Exception, e:
cherrypy.log.error(
"[%s] [delete_messages] [Could not delete message: %s]" %
(user.id, str(e)))
fMessages.append("Could not delete message: %s" % str(e))
def read_message(self, messageId, format="json", **kwargs):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
try:
messageShare = session.query(MessageShare).filter(
MessageShare.message_id == messageId).one()
if messageShare.recipient_id == user.id:
messageShare.date_viewed = datetime.datetime.now()
session.add(
AuditLog(
user.id, "Read Message",
"%s read message sent by %s with subject \"%s\"" %
(user.id, messageShare.message.owner_id,
messageShare.message.subject),
messageShare.message.owner_id))
else:
fMessages.append(
"You do not have permission to read this message")
session.commit()
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Invalid message id")
except Exception, e:
cherrypy.log.error(
"[%s] [read_message] [Could not mark message as read: %s]" %
(user.id, str(e)))
fMessages.append("Could not mark message as read: %s" % str(e))
def CLI_login(self, CLIkey, userId, format="cli", **kwargs):
rootURL, local, sMessages, fMessages = cherrypy.request.app.config['filelocker']['root_url'], False, [], []
if session.query(ConfigParameter).filter(ConfigParameter.name == "cli_feature").one().value == 'Yes':
userId = strip_tags(userId)
CLIkey = strip_tags(CLIkey)
hostIP = Filelocker.get_client_address()
if(self.validIPv4.match(hostIP)):
hostIPv4 = hostIP
hostIPv6 = ""
elif(self.validIPv6.match(hostIP)):
hostIPv4 = ""
hostIPv6 = hostIP
self.directory = CLIDirectory.CLIDirectory()
if self.directory.authenticate(userId, CLIkey, hostIPv4, hostIPv6):
currentUser = AccountService.get_user(userId, True)
cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32]
if currentUser is not None:
session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address())))
session.commit()
sMessages.append(cherrypy.session['request-origin'])
else:
fMessages.append("Failure: Not Authorized!")
else:
fMessages.append("Failure: Not Authorized!")
else:
fMessages.append("Failure: CLI not supported by server!")
return fl_response(sMessages, fMessages, format)
def remove_users_from_group(self,
userIds,
groupId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
userIds = split_list_sanitized(userIds)
groupId = int(strip_tags(groupId))
group = session.query(Group).filter(Group.id == groupId).one()
if group.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
for userId in userIds:
user = AccountService.get_user(userId)
group.members.remove(user)
session.add(
AuditLog(
user.id, Actions.UPDATE_GROUP,
"%s user(s) removed from group \"%s\"(%s)" %
(len(userIds), group.name, group.id)))
session.commit()
sMessages.append("Group members removed successfully")
else:
fMessages.append(
"You do not have permission to modify group with ID:%s" %
str(groupId))
except ValueError:
fMessages.append("Invalid group Id")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Group with ID:%s could not be found" %
str(groupId))
def update_role(self,
roleId,
roleName,
email,
quota,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
roleId = strip_tags(roleId)
existingRole = session.query(Role).filter(Role.id == roleId).one()
existingRole.name = strip_tags(roleName)
existingRole.email = strip_tags(email)
existingRole.quota = int(quota)
session.add(
AuditLog(
user.id, Actions.UPDATE_ROLE,
"%s updated role \"%s\"(%s)" %
(user.id, existingRole.name, existingRole.id), None,
existingRole.id))
session.commit()
sMessages.append("Successfully updated a role named %s." %
str(roleName))
except ValueError:
fMessages.append("Quota must be a positive integer")
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Role with ID:%s could not be found to update." %
str(roleId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [update_role] [Problem creating role: %s]" %
(user.id, str(e)))
fMessages.append("Problem creating role: %s" % str(e))
def routine_maintenance(config):
from lib import AccountService
expiredFiles = session.query(File).filter(
File.date_expires < datetime.datetime.now())
for flFile in expiredFiles:
try:
for share in flFile.user_shares:
session.delete(share)
for share in flFile.group_shares:
session.delete(share)
for share in flFile.public_shares:
session.delete(share)
for share in flFile.attribute_shares:
session.delete(share)
FileService.queue_for_deletion(flFile.id)
session.add(
AuditLog(
"admin", Actions.DELETE_FILE,
"File %s (ID:%s) has expired and has been purged by the system."
% (flFile.name, flFile.id), flFile.owner_id))
session.delete(flFile)
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error(
"[system] [routine_maintenance] [Error while deleting expired file: %s]"
% str(e))
def revoke_role_permission(self,
roleId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
roleId = strip_tags(roleId)
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
role = session.query(Role).filter(Role.id == roleId).one()
role.permissions.remove(permission)
session.commit()
sMessages.append("Role %s no longer has permission %s" %
(roleId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Role with ID: %s does not exist" %
str(roleId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [revoke_role_permission] [Problem revoking a role permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem revoking a role permission: %s" % str(e))
def check_in_file(tempFileName, flFile):
config = cherrypy.request.app.config['filelocker']
filePath = os.path.join(config['vault'], tempFileName)
#Virus scanning if requested
avCommand = session.query(ConfigParameter).filter(ConfigParameter.name=="antivirus_command").one().value
if(avCommand):
avCommandList = avCommand.split(" ")
avCommandList.append(filePath)
scanFile = True
else:
scanFile = False
try:
if(scanFile):
p = subprocess.Popen(avCommandList, stdout=subprocess.PIPE)
output = p.communicate()[0]
if(p.returncode != 0):
cherrypy.log.error("[%s] [check_in_file] [File %s did not pass requested virus scan, return code: %s, output: %s]" % (flFile.owner_id, flFile.name, p.returncode, output))
queue_for_deletion(tempFileName)
flFile.passed_avscan = False
raise Exception('Virus found during scan!')
else:
flFile.passed_avscan = True
else:
flFile.passed_avscan = False
session.add(flFile)
session.commit()
except OSError, oe:
cherrypy.log.error("[%s] [check_in_file] [AVSCAN execution failed: %s]" % (flFile.owner_id, str(oe)))
flFile.passed_avscan = False
raise Exception('Virus scan failed!')
def process_login(self, username, password, **kwargs):
rootURL, local = cherrypy.request.app.config['filelocker']['root_url'], False
if kwargs.has_key("local") and kwargs['local'] == str(True):
local = True
username = strip_tags(username)
if password is None or password == "":
raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local)))
else:
directory = AccountService.ExternalDirectory(local)
if directory.authenticate(username, password):
cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32]
currentUser = AccountService.get_user(username, True) #if they are authenticated and local, this MUST return a user object
if currentUser is not None:
if not currentUser.authorized:
raise cherrypy.HTTPError(403, "You do not have permission to access this system")
session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address())))
session.commit()
raise cherrypy.HTTPRedirect(rootURL)
else: #This should only happen in the case of a user existing in the external directory, but having never logged in before
try:
newUser = directory.lookup_user(username)
AccountService.install_user(newUser)
currentUser = AccountService.get_user(username, True)
if currentUser is not None and currentUser.authorized != False:
raise cherrypy.HTTPRedirect(rootURL)
else:
raise cherrypy.HTTPError(403, "You do not have permission to access this system")
except Exception, e:
return "Unable to install user: %s" % str(e)
else:
def update_server_config(self, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
for key in kwargs:
if key.startswith("config_name_"):
parameterName = key[12:]
# Parameter description should not be updated by client
#description = kwargs['config_desc_%s' % parameterName]
value = None
if parameterName.endswith(
"pass"
): #Don't strip characters from passwords
value = kwargs[key]
else:
value = strip_tags(kwargs[key])
parameter = session.query(ConfigParameter).filter(
ConfigParameter.name == parameterName).one()
# Parameter description should not be updated by client
#parameter.description = description
parameter.value = value
session.commit()
#TODO: Make sure this if phased out properly
#Filelocker.update_config(cherrypy.request.app.config)
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [update_server_config] [Could not update server config: %s]"
% (user.id, str(e)))
fMessages.append("Unable to update config: %s" % str(e))
def purge_expired_nodes():
# Clean node table, check for master, if none run election
expirationTime = datetime.datetime.now() - datetime.timedelta(minutes=5)
expiredNodes = session.query(ClusterNode).filter(ClusterNode.last_seen_timestamp < expirationTime).all()
for node in expiredNodes:
session.delete(node)
session.commit()
def delete_public_share(self, shareId, format="json", **kwargs):
user, role, sMessages, fMessages = (
cherrypy.session.get("user"), cherrypy.session.get("current_role"),
[], [])
shareId = strip_tags(shareId)
try:
ps = session.query(PublicShare).filter(
PublicShare.id == shareId).one()
if role is not None and ps.role_owner_id == role.id:
session.delete(ps)
session.add(
AuditLog(
user.id, Actions.DELETE_PUBLIC_SHARE,
"Role %s stopped sharing files publicly via URL using share ID: %s"
% (role.name, str(ps.id)), None, role.id))
session.commit()
sMessages.append("Successfully unshared files")
elif ps.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
session.delete(ps)
session.add(
AuditLog(
user.id, Actions.DELETE_PUBLIC_SHARE,
"You stopped sharing files publicly via URL using share ID: %s"
% str(ps.id)))
session.commit()
sMessages.append("Successfully unshared files")
else:
fMessages.append(
"You do not have permission to modify share ID: %s" %
str(ps.id))
except Exception, e:
fMessages.append(str(e))
def revoke_user_permission(self,
userId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
flUser = session.query(User).filter(User.id == userId).one()
if flUser.id == user.id and permission.id == "admin":
fMessages.append(
"You cannot remove admin permissions from your own account"
)
else:
flUser.permissions.remove(permission)
session.commit()
sMessages.append("User %s no longer has permission %s" %
(userId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID: %s does not exist" %
str(userId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [revoke_user_permission] [Problem revoking a user permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem revoking a user permission: %s" % str(e))
def create_role(self, roleId, roleName, email, quota, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
roleId = strip_tags(roleId)
existingRole = session.query(Role).filter(Role.id == roleId).scalar()
if existingRole is None:
roleName = strip_tags(roleName)
email = strip_tags(email)
quota = int(quota)
newRole = Role(id=roleId, name=roleName, email=email, quota=quota)
session.add(newRole)
session.add(AuditLog(user.id, Actions.CREATE_ROLE, "%s added a role to the system named \"%s\"" % (user.id, newRole.name), None))
session.commit()
sMessages.append("Successfully created a role named %s. Other users who are added to this role may act on behalf of this role now." % str(roleName))
else:
fMessages.append("A role with role ID: %s already exists" % str(roleId))
except ValueError:
fMessages.append("Quota must be a positive integer")
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [create_role] [Problem creating role: %s]" % (user.id, str(e)))
fMessages.append("Problem creating role: %s" % str(e))
def secure_delete(config, fileName):
import errno
vault = config['filelocker']['vault']
deleteConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('delete_%')).all())
deleteCommand = deleteConfig['delete_command']
deleteArguments = deleteConfig['delete_arguments']
deleteList = [deleteCommand]
for argument in deleteArguments.split(" "):
deleteList.append(argument)
deleteList.append(os.path.join(vault,fileName))
try:
p = subprocess.Popen(deleteList, stdout=subprocess.PIPE)
output = p.communicate()[0]
if(p.returncode != 0):
cherrypy.log.error("[%s] [secure_delete] [The command to delete the file returned a failure code of %s: %s]" % ("admin", p.returncode, output))
else:
deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar()
if deletedFile is not None:
session.delete(deletedFile)
session.commit()
except OSError, oe:
if oe.errno == errno.ENOENT:
cherrypy.log.error("[admin] [secure_delete] [Couldn't delete because the file was not found (dequeing): %s]" % str(oe))
deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar()
if deletedFile is not None:
session.delete(deletedFile)
session.commit()
else:
cherrypy.log.error("[admin] [secure_delete] [Generic system error while deleting file: %s" % str(oe))
def purge_expired_nodes():
#Clean node table, check for master, if none run election
expirationTime = datetime.datetime.now() - datetime.timedelta(minutes=5)
expiredNodes = session.query(ClusterNode).filter(
ClusterNode.last_seen_timestamp < expirationTime).all()
for node in expiredNodes:
session.delete(node)
session.commit()
def queue_for_deletion(filePath):
try:
if session.query(DeletedFile).filter(DeletedFile.file_name==filePath).scalar() is None:
session.add(DeletedFile(file_name=filePath))
session.commit()
except Exception, e:
cherrypy.log.error("Unable to queue file for deletion: %s" % str(e))
session.rollback()
def install_user(user):
if user is not None:
if user.quota is None:
user.quota = int(session.query(ConfigParameter).filter(ConfigParameter.name=="default_quota").one().value)
session.add(user)
session.add(AuditLog(user.id, "Install User", "User %s (%s) installed" % (user.display_name, user.id)))
session.commit()
else:
raise Exception("User %s doesn't exist in directory" % user.id)
def unhide_all_shares(self, format="json"):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
session.query(HiddenShare).filter(
HiddenShare.owner_id == user.id).delete()
session.commit()
sMessages.append("Successfully unhid shares")
except Exception, e:
fMessages.append(str(e))
def unhide_all_shares(self, format="json", requestOrigin=""):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete()
session.commit()
sMessages.append("Successfully unhid shares")
except Exception, e:
fMessages.append(str(e))
def unhide_shares(self, format="json", requestOrigin="",**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete(synchronize_session=False)
session.commit()
sMessages.append("All shares have been unhidden")
except Exception, e:
fMessages.append("Could not unhide shares: %s" % str(e))
cherrypy.log.error("[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def create_database_tables(dburi):
engine = create_engine(dburi, echo=True)
Base.metadata.create_all(engine)
Session = sessionmaker(bind=engine)
session = Session()
from Filelocker import __version__
initialConfigList = [("org_name", "Name of your organization.", "text", "My Company"),
("version", "Currently running version of Filelocker", "text", str(__version__)),
("org_url", "Home page of your organization.", "text", "http://www.mycompany.com"),
("admin_email", "Public email address of the Filelocker Administrator.", "text", "*****@*****.**"),
("max_file_life_days", "Max number of days a file can exist on the system. After this time, the file will be securely erased along with any shares it was associated with.", "number", "7"),
("user_inactivity_expiration", "Max number of days of inactivity permitted on a user account before the account is deleted from the system.", "number", "90"),
("delete_command", "Command used by the operating system that Filelocker is installed on to securely erase a file. This does not include arguments to the command (e.g. 'rm' not 'rm -p')", "text", "rm"),
("delete_arguments", "Any parameters needed by the delete command (in an additive fashion, such as -P, -fP, -fPq, etc)", "text", "-f"),
("antivirus_command", "Command to execute a virus scan of a file on the operating system on which Filelocker is installed.", "text", "clamscan"),
("file_command", "Command which returns information about a file's type. On most *nix systems, this will be the 'file -b' command", "text", "file -b"),
("max_file_size", "Maximum size (in Megabytes) for a single file on the system. Individual user quotas will ultimately override this if a user has less space available than this value.(DVD: 4812, CD: 700)","number", "4812"),
("default_quota", "Default quota (in Megabytes) assigned to each user. This can be changed by an administrator","number", "750"),
("smtp_sender", "This is the email address that Filelocker will send email notifications as.","text", "*****@*****.**"),
("smtp_server", "The server that Filelocker will use to send mail","text", ""),
("smtp_start_tls", "Should Filelocker use StartTLS when connection the SMTP server?","boolean", "No"),
("smtp_port", "SMTP Port","number", "25"),
("smtp_auth_required", "Does this SMTP server require authentication?","boolean", "No"),
("smtp_user", "If SMTP server requires authentication, what username should be used to connect (leave blank if no auth required)?","text", ""),
("smtp_pass", "If SMTP server requires authentication, what password should be used (leave blank if no auth required)?","text", ""),
("smtp_obscure_links", """Would you like for links in emails to obscured by adding spaces between periods and stripping off http:// and https://?""","boolean", "Yes"),
("auth_type", "Authentication mechanism Filelocker should use (e.g. LDAP, CAS, Local)","text", "local"),
("directory_type", "Type of directory to use (e.g. local, ldap)","text", "local"),
("cas_url", "URL of CAS server","text", ""),
("ldap_host", "URI of LDAP directory","text", ""),
("ldap_bind_dn", "LDAP Bind DN (e.g. ou=ped,dc=purdue,dc=edu)","text", ""),
("ldap_bind_user", "Account to use when binding to LDAP for searching (anonymous if blank)?", "text", ""),
("ldap_bind_pass", "Password to use when binding to LDAP for searching (anonymous if blank)?", "text", ""),
("ldap_is_active_directory", "Is this LDAP server and Active Directory server?", "boolean", "No"),
("ldap_domain_name", "Active Directory will not authenticate a bind unless you use the FQDN", "text", ""),
("ldap_user_name_attr", "LDAP username attribute","text", "uid"),
("ldap_last_name_attr", "LDAP last name attribute","text", "sn"),
("ldap_first_name_attr", "LDAP first name attribute","text", "givenName"),
("ldap_displayname_attr", "LDAP display name attribute, if one is to be used","text", "displayName"),
("ldap_email_attr", "LDAP email address attribute","text", "mail"),
("banner", "Message displayed to all users upon login", "text", ""),
("geotagging", "Should users be allowed to geotag Filelocker uploads?", "boolean", "No"),
("cli_feature", "Allow use of the CLI features in Filelocker", "boolean", "Yes"),
("use_x_forwarded_for", "Should FileLocker get clients IP address from \"X-Forwarded-For\" header param?", "boolean", "No")]
for cTuple in initialConfigList:
confParameter = ConfigParameter(name=cTuple[0], description=cTuple[1], type=cTuple[2], value=cTuple[3])
session.add(confParameter)
adminPerm = Permission(id="admin", name="Administrator")
expirationExemptPerm = Permission(id="expiration_exempt", name="User may have files that don't expire")
session.add(adminPerm)
session.add(expirationExemptPerm)
session.commit()
def hide_shares(self, fileIds, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
session.add(HiddenShare(file_id=fileId, owner_id=user.id))
session.commit()
sMessages.append("Share has been hidden")
except Exception, e:
fMessages.append("Could not hide share: %s" % str(e))
cherrypy.log.error(
"[%s] [unhide_shares] [Could not unhide shares: %s]" %
(user.id, str(e)))
def hide_share(self, fileIds, format="json", requestOrigin=""):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
try:
session.add(HiddenShare(file_id=fileId, owner_id=user.id))
except Exception, e:
fMessages.append(str(e))
sMessages.append("Successfully hid shares. Unhide shares in Account Settings.")
session.commit()
def install_user(user):
if user is not None:
if user.quota is None:
user.quota = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == "default_quota").one().value)
session.add(user)
session.add(
AuditLog(user.id, "Install User",
"User %s (%s) installed" % (user.display_name, user.id)))
session.commit()
else:
raise Exception("User %s doesn't exist in directory" % user.id)
def cluster_elections(config):
try:
currentNodeId = int(config["filelocker"]["cluster_member_id"])
currentNode = session.query(ClusterNode).filter(ClusterNode.member_id == currentNodeId).scalar()
if currentNode is None: # This node isn't in the DB yet, check in
import socket
currentNode = ClusterNode(
member_id=currentNodeId,
hostname=socket.gethostname(),
is_master=False,
last_seen_timestamp=datetime.datetime.now(),
)
session.add(currentNode)
session.commit()
else: # In the DB, update last seen to avoid purging
currentNode.last_seen_timestamp = datetime.datetime.now()
session.commit()
currentMaster = session.query(ClusterNode).filter(ClusterNode.is_master == True).scalar()
# If this is default master node and another node has assumed master, reset and force election
if currentNodeId == 0 and currentNode.is_master == False and currentMaster is not None:
for node in session.query(ClusterNode).all():
node.is_master = False
session.commit()
# This isn't the default master, there is one, but it's expired
elif currentMaster is not None and currentMaster.last_seen_timestamp < datetime.datetime.now() - datetime.timedelta(
minutes=5
): # master is expired
session.delete(currentMaster)
session.commit()
# No master, hold election
elif currentMaster is None: # No master nodes found, become master if eligible
purge_expired_nodes()
highestPriority = currentNode.member_id
for node in session.query(ClusterNode).all():
if node.member_id < highestPriority:
highestPriority = node.member_id
break
if (
highestPriority == currentNode.member_id
): # Current node has lowest node id, thus highest priority, assume master
currentNode.is_master = True
session.commit()
return True
except sqlalchemy.orm.exc.ConcurrentModificationError, cme:
cherrypy.log.error(
"[system] [cluster_elections] [Concurrency error during elections. This can occur if locks on the DB inhibit normal cluster elections. If this error occurs infrequently, it can usually be disregarded. Full Error: %s]"
% str(cme)
)
session.rollback()
return False
def create_admin_user(dburi, password):
engine = create_engine(dburi, echo=False)
Session = sessionmaker(bind=engine)
session = Session()
adminUser = session.query(User).filter(User.id=="admin").scalar()
if adminUser is None:
adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now())
session.add(adminUser)
session.commit()
adminUser.set_password(password)
adminPermission = session.query(Permission).filter(Permission.id == "admin").one()
if adminPermission not in adminUser.permissions:
adminUser.permissions.append(adminPermission)
session.commit()
def hide_shares(self, fileIds, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
session.add(HiddenShare(file_id=fileId, owner_id=user.id))
session.commit()
sMessages.append("Share has been hidden")
except Exception, e:
fMessages.append("Could not hide share: %s" % str(e))
cherrypy.log.error("[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def get_upload_ticket_by_password(ticketId, password):
uploadRequest = session.query(UploadRequest).filter(UploadRequest.id == ticketId)
if uploadRequest is None:
raise Exception("Invalid Upload Request ID")
if password is None and uploadRequest.password is None:
return uploadRequest
else:
isValid = lib.Encryption.compare_password_hash(password, uploadRequest.password)
if isValid and len(uploadRequest.password) == 32:
newHash = lib.Encryption.hash_password(password)
uploadRequest.password = newHash
session.commit() #New has stored in the db
return uploadRequest
else:
raise Exception("You must enter the correct password to access this upload request.")
def delete_upload_request(self, ticketId, format="json", requestOrigin=""):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
ticketId = strip_tags(ticketId)
uploadRequest = session.query(UploadRequest).filter(UploadRequest.id == ticketId).one()
if uploadRequest.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
session.delete(uploadRequest)
session.add(AuditLog(user.id, Actions.DELETE_UPLOAD_REQUEST, "You deleted an upload request with ID: %s" % uploadRequest.id))
session.commit()
sMessages.append("Upload request deleted")
else:
fMessages.append("You do not have permission to delete this upload request")
except Exception, e:
fMessages.append(str(e))
def sign_tos(self, **kwargs):
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
if cherrypy.session.has_key("user") and cherrypy.session.get("user") is not None:
user = cherrypy.session.get("user")
if kwargs.has_key('action') and kwargs['action']=="sign":
attachedUser = session.query(User).filter(User.id == user.id).one()
attachedUser.date_tos_accept = datetime.datetime.now()
cherrypy.session['user'] = attachedUser.get_copy()
session.commit()
raise cherrypy.HTTPRedirect(config['root_url'])
else:
currentYear = datetime.date.today().year
footerText = str(Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(),globals()]))
return str(Template(file=get_template_file('tos.tmpl'), searchList=[locals(),globals()]))
else:
raise cherrypy.HTTPRedirect(config['root_url'])
def delete_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
clikey = session.query(CLIKey).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one()
if clikey.user_id == user.id or AccountService.user_has_permission(user, "admin"):
session.delete(clikey)
sMessages.append("Key %s deleted successfully" % clikey.value)
session.add(AuditLog(user.id, Actions.DELETE_CLIKEY, "%s deleted CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6)))
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find key for host: %s%s" % str(hostIPv4), str(hostIPv6))
session.commit()
except Exception, e:
session.rollback()
fMessages.append("Could not delete Key: %s" % str(e))
cherrypy.log.error("[%s] [delete_clikey] [Could not delete key: %s]" % (user.id, str(e)))
def delete_attributes(self, attributeIds, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
attributeIdList = split_list_sanitized(attributeIds)
for attributeId in attributeIdList:
try:
delAttribute = session.query(Attribute).filter(Attribute.id==attributeId).one()
session.delete(delAttribute)
sMessages.append("Successfully deleted attribute: %s" % attributeId)
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Attribute with ID: %s does not exist" % str(attributeId))
session.commit()
except Exception, e:
cherrypy.log.error("[%s] [delete_attributes] [Could not delete attributes: %s]" % (user.id, str(e)))
fMessages.append("Unable to delete attribute: %s" % str(e))
def delete_messages(self, messageIds, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
if requestOrigin != cherrypy.session["request-origin"]:
fMessages.append("Missing request key!!")
else:
try:
messageIdList = split_list_sanitized(messageIds)
for messageId in messageIdList:
message = session.query(Message).filter(Message.id == messageId).scalar()
if message.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
session.delete(message)
else:
fMessages.append("You do not have permission to delete message with ID: %s" % messageId)
session.commit()
sMessages.append("Message(s) deleted")
except Exception, e:
cherrypy.log.error("[%s] [delete_messages] [Could not delete message: %s]" % (user.id, str(e)))
fMessages.append("Could not delete message: %s" % str(e))
