def get(self, user_id=None):
# TODO: This handler needs broken down into smaller methods. No point cleaning
# this up until that is complete.
if self.request.get('user_info') is not '':
if self.request.get('user_info') == self.user.username or self.user.is_admin:
user = User.get_by_id(self.request.get('user_info'))
if not user:
raise HttpErrorException.bad_request('invalid user id')
self.write_json_response(user.to_dict(user=self.user))
elif self.request.get('user_perms') is not '':
user = User.get_by_id(self.request.get('user_perms'))
if not user:
raise HttpErrorException.bad_request('invalid username')
if not user.is_admin and not self.user == user:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Another User',
msg='User (%s) attemped to access user\'s (%s) data ' %
(self.user.key.id(), user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user,
request=self.request)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
user_perms_dict = {}
for group_key in user.groups:
group = group_key.get()
if group is None:
user.groups.remove(group_key)
user.put()
lr = tt_logging.construct_log(msg_short='Broken Group Key in User Group List',
msg='Found a broken group key (%s) in the user\'s group list\n'
'Key has been removed' %
str(group_key),
log_type=tt_logging.USER, request_user=self.user, affected_user=user,
request=self.request)
log.error(lr['dict_msg']['msg'], extra=lr)
elif (group.has_permission(self.user, 'set_user_perms') or
group.has_permission(self.user, 'remove_user_perms') or
user.key == self.user.key):
perms = user.get_group_perms_dict(group)
if perms is not None:
user_perms_dict[group.key.id()] = perms
self.write_json_response(user_perms_dict)
elif self.request.get('organization_users') is not '':
if self.request.get('organization_users') == 'all':
organization = Organization.get_by_id(self.request.get('organization_id'))
if organization.is_admin(self.user) or Group.get_by_id('super_admin').key in self.user.groups:
user_array = User.get_all_users(organization, request_user=self.user)
self.write_json_response(user_array)
else:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
msg='User (%s) attemped to access all Organization\'s users' %
(self.user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user,
request=self.request, artifact=organization)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
elif self.request.get('non_org') is not '':
if not self.user.is_super_admin:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
msg='User (%s) attemped to access all Organization\'s users' %
(self.user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user,
request=self.request)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
else:
users = User.query(User.organization == None).fetch()
users_dicts = []
for user in users:
users_dicts.append(user.to_dict())
self.write_json_response(users_dicts)
