def handle_get(self, request, user, *args, **kwargs):
        """Treat requests GET to get Administrative Permission by the identifier.

        URL: aperms/get/<id_perm>/
        """

        try:

            self.log.info("Get Administrative Permission by the identifier")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION, AdminPermission.READ_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Valid Administrative Permission ID
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.', id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Find Administrative Permission by ID to check if it exist
            perm = PermissaoAdministrativa.get_by_pk(id_perm)

            perms_map = dict()
            perms_map['perm'] = model_to_dict(perm)

            return self.response(dumps_networkapi(perms_map))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)
def has_perm(user, perm_function, perm_oper, egroup_id=None, equip_id=None, equip_oper=None):
    '''
    @raise EGrupoNotFoundError: Grupo do equipamento nao cadastrado.

    @raise EquipamentoNotFoundError: Equipamento nao cadastrado.

    @raise GrupoError: Falha ao pesquisar os direitos do grupo-equipamento, ou as permissões administrativas, ou o grupo do equipamento.

    @raise EquipamentoError: Falha ao pesquisar o equipamento.
    '''
    if user is None:
        return False

    egroups = None
    if egroup_id is not None:
        egroup = EGrupo.get_by_pk(egroup_id)
        egroups = [egroup]
    elif equip_id is not None:
        equip = Equipamento.get_by_pk(equip_id, 'grupos')
        egroups = equip.grupos.all()
        if len(egroups) == 0:
            return False

    ugroups = user.grupos.all()
    for ugroup in ugroups:
        try:
            # perm = PermissaoAdministrativa().get_permission(perm_function, ugroup, perm_oper)
            PermissaoAdministrativa().get_permission(perm_function, ugroup, perm_oper)
            if (egroups is None) or (_has_equip_perm(ugroup, egroups, equip_oper)):
                return True
        except PermissaoAdministrativaNotFoundError:
            continue
    return False
Example #3
0
    def handle_delete(self, request, user, *args, **kwargs):
        """Treat requests DELETE to remove Administrative Permission.

        URL: perms/<id_perm>/
        """
        try:

            self.log.info("Remove Administrative Permission")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION,
                            AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Valid ID Administrative Permission
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.',
                    id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Find Permission by ID to check if it exist
            adm_perm = PermissaoAdministrativa.get_by_pk(id_perm)

            with distributedlock(LOCK_PERM % id_perm):

                try:
                    # Remove Administrative Permission
                    adm_perm.delete()
                except Exception, e:
                    self.log.error(u'Failed to remove the permission.')
                    raise GrupoError(e, u'Failed to remove the permission.')

                return self.response(dumps_networkapi({}))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)
    def handle_delete(self, request, user, *args, **kwargs):
        """Treat requests DELETE to remove Administrative Permission.

        URL: perms/<id_perm>/
        """
        try:

            self.log.info("Remove Administrative Permission")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION, AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Valid ID Administrative Permission
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.', id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Find Permission by ID to check if it exist
            adm_perm = PermissaoAdministrativa.get_by_pk(id_perm)

            with distributedlock(LOCK_PERM % id_perm):

                try:
                    # Remove Administrative Permission
                    adm_perm.delete()
                except Exception, e:
                    self.log.error(u'Failed to remove the permission.')
                    raise GrupoError(e, u'Failed to remove the permission.')

                return self.response(dumps_networkapi({}))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)
Example #5
0
    def handle_get(self, request, user, *args, **kwargs):
        """Treat requests GET to get Administrative Permission by the identifier.

        URL: aperms/get/<id_perm>/
        """

        try:

            self.log.info("Get Administrative Permission by the identifier")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION,
                            AdminPermission.READ_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Valid Administrative Permission ID
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.',
                    id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Find Administrative Permission by ID to check if it exist
            perm = PermissaoAdministrativa.get_by_pk(id_perm)

            perms_map = dict()
            perms_map['perm'] = model_to_dict(perm)

            return self.response(dumps_networkapi(perms_map))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)
Example #6
0
    def handle_put(self, request, user, *args, **kwargs):
        """Treat requests PUT to edit Administrative Permission.

        URL: perms/<id_perm>/
        """
        try:

            self.log.info("Edit Administrative Permission")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION,
                            AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Load XML data
            xml_map, attrs_map = loads(request.raw_post_data)

            # XML data format

            networkapi_map = xml_map.get('networkapi')
            if networkapi_map is None:
                return self.response_error(
                    3,
                    u'There is no value to the networkapi tag  of XML request.'
                )

            perm_map = networkapi_map.get('administrative_permission')
            if perm_map is None:
                return self.response_error(
                    3,
                    u'There is no value to the administrative_permission tag  of XML request.'
                )

            # Get XML data
            id_permission = perm_map.get('id_permission')
            id_group = perm_map.get('id_group')
            read = perm_map.get('read')
            write = perm_map.get('write')

            # Valid ID Administrative Permission
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.',
                    id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Valid ID Permission
            if not is_valid_int_greater_zero_param(id_permission):
                self.log.error(
                    u'The id_permission parameter is not a valid value: %s.',
                    id_permission)
                raise InvalidValueError(None, 'id_permission', id_permission)

            # Valid ID Group
            if not is_valid_int_greater_zero_param(id_group):
                self.log.error(
                    u'The id_group parameter is not a valid value: %s.',
                    id_group)
                raise InvalidValueError(None, 'id_group', id_group)

            # Valid Read
            if not is_valid_boolean_param(read):
                self.log.error(u'The read parameter is not a valid value: %s.',
                               read)
                raise InvalidValueError(None, 'read', read)

            # Valid Read
            if not is_valid_boolean_param(write):
                self.log.error(
                    u'The write parameter is not a valid value: %s.', write)
                raise InvalidValueError(None, 'write', write)

            # Find Permission by ID to check if it exist
            adm_perm = PermissaoAdministrativa.get_by_pk(id_perm)

            with distributedlock(LOCK_PERM % id_perm):

                # Find Permission by ID to check if it exist
                permission = Permission.get_by_pk(id_permission)

                # Find UGroup by ID to check if it exist
                ugroup = UGrupo.get_by_pk(id_group)

                try:
                    perm = PermissaoAdministrativa.get_permission_by_permission_ugroup(
                        id_permission, id_group)
                    if perm.id != int(id_perm):
                        raise PermissaoAdministrativaDuplicatedError(
                            None, permission.function)
                except PermissaoAdministrativaNotFoundError:
                    pass

                # set variables
                adm_perm.permission = permission
                adm_perm.ugrupo = ugroup
                adm_perm.leitura = convert_string_or_int_to_boolean(read)
                adm_perm.escrita = convert_string_or_int_to_boolean(write)

                try:
                    # update Administrative Permission
                    adm_perm.save()
                except Exception, e:
                    self.log.error(
                        u'Failed to update the administrative permission.')
                    raise PermissionError(
                        e, u'Failed to update the administrative permission.')

                return self.response(dumps_networkapi({}))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)
    def handle_post(self, request, user, *args, **kwargs):
        """Treat requests POST to add Administrative Permission.

        URL: aperms/
        """

        try:

            self.log.info('Add Administrative Permission')

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION, AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            # Load XML data
            xml_map, attrs_map = loads(request.raw_post_data)

            # XML data format
            networkapi_map = xml_map.get('networkapi')
            if networkapi_map is None:
                return self.response_error(3, u'There is no value to the networkapi tag  of XML request.')

            perm_map = networkapi_map.get('administrative_permission')
            if perm_map is None:
                return self.response_error(3, u'There is no value to the administrative_permission tag  of XML request.')

            # Get XML data
            id_permission = perm_map.get('id_permission')
            id_group = perm_map.get('id_group')
            read = perm_map.get('read')
            write = perm_map.get('write')

            # Valid ID Permission
            if not is_valid_int_greater_zero_param(id_permission):
                self.log.error(
                    u'The id_permission parameter is not a valid value: %s.', id_permission)
                raise InvalidValueError(None, 'id_permission', id_permission)

            # Valid ID Group
            if not is_valid_int_greater_zero_param(id_group):
                self.log.error(
                    u'The id_group parameter is not a valid value: %s.', id_group)
                raise InvalidValueError(None, 'id_group', id_group)

            # Valid Read
            if not is_valid_boolean_param(read):
                self.log.error(
                    u'The read parameter is not a valid value: %s.', read)
                raise InvalidValueError(None, 'read', read)

            # Valid Read
            if not is_valid_boolean_param(write):
                self.log.error(
                    u'The write parameter is not a valid value: %s.', write)
                raise InvalidValueError(None, 'write', write)

            # Find Permission by ID to check if it exist
            permission = Permission.get_by_pk(id_permission)

            # Find UGroup by ID to check if it exist
            ugroup = UGrupo.get_by_pk(id_group)

            try:
                PermissaoAdministrativa.get_permission_by_permission_ugroup(
                    id_permission, id_group)
                raise PermissaoAdministrativaDuplicatedError(
                    None, permission.function)
            except PermissaoAdministrativaNotFoundError:
                pass

            adm_perm = PermissaoAdministrativa()

            # set variables
            adm_perm.permission = permission
            adm_perm.ugrupo = ugroup
            adm_perm.leitura = convert_string_or_int_to_boolean(read)
            adm_perm.escrita = convert_string_or_int_to_boolean(write)

            try:
                # save Administrative Permission
                adm_perm.save()
            except Exception, e:
                self.log.error(
                    u'Failed to save the administrative permission.')
                raise GrupoError(
                    e, u'Failed to save the administrative permission.')

            perm_map = dict()
            perm_map['perm'] = model_to_dict(
                adm_perm, exclude=['permission', 'leitura', 'escrita', 'ugrupo'])

            return self.response(dumps_networkapi(perm_map))
    def handle_post(self, request, user, *args, **kwargs):
        """Treat POST request to add new user group.

        URL: ugroup/
        """
        try:
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION, AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            xml_map, attrs_map = loads(request.raw_post_data)
            self.log.debug('XML_MAP: %s', xml_map)

            networkapi_map = xml_map.get('networkapi')
            if networkapi_map is None:
                return self.response_error(3, u'There is no networkapi tag in request XML.')

            ugroup_map = networkapi_map.get('user_group')
            if ugroup_map is None:
                return self.response_error(3, u'There is no user_group tag in request XML.')

            # Valid name
            name = ugroup_map.get('nome')
            if not is_valid_string_minsize(name, 3) or not is_valid_string_maxsize(name, 100) or not is_valid_text(name):
                self.log.error(u'Parameter name is invalid. Value: %s', name)
                raise InvalidValueError(None, 'name', name)

            read = ugroup_map.get('leitura')
            if not is_valid_yes_no_choice(read):
                self.log.error(u'Parameter read is invalid. Value: %s', read)
                raise InvalidValueError(None, 'read', read)

            write = ugroup_map.get('escrita')
            if not is_valid_yes_no_choice(write):
                self.log.error(u'Parameter write is invalid. Value: %s', write)
                raise InvalidValueError(None, 'write', write)

            edit = ugroup_map.get('edicao')
            if not is_valid_yes_no_choice(edit):
                self.log.error(u'Parameter edit is invalid. Value: %s', edit)
                raise InvalidValueError(None, 'edit', edit)

            remove = ugroup_map.get('exclusao')
            if not is_valid_yes_no_choice(remove):
                self.log.error(
                    u'Parameter remove is invalid. Value: %s', remove)
                raise InvalidValueError(None, 'remove', remove)

            ugroup = UGrupo()
            ugroup.nome = name
            ugroup.leitura = read
            ugroup.escrita = write
            ugroup.edicao = edit
            ugroup.exclusao = remove

            try:
                UGrupo.objects.get(nome__iexact=ugroup.nome)
                raise UGrupoNameDuplicatedError(
                    None, u'User group with name %s already exists' % name)
            except UGrupo.DoesNotExist:
                pass

            try:
                # save user group
                ugroup.save()

                adm_perm = PermissaoAdministrativa()

                if ASSOCIATE_PERMISSION_AUTOMATICALLY:
                    # Automatically associate 'authenticate' permission for
                    # this group
                    adm_perm.permission = Permission.get_by_pk(
                        ID_AUTHENTICATE_PERMISSION)
                    adm_perm.ugrupo = ugroup
                    adm_perm.leitura = False
                    adm_perm.escrita = True
                    adm_perm.save()

            except Exception, e:
                self.log.error(u'Failed to save the GroupUser.')
                raise GrupoError(e, u'Failed to save the GroupUser.')

            return self.response(dumps_networkapi({'user_group': {'id': ugroup.id}}))
    def handle_put(self, request, user, *args, **kwargs):
        """Treat requests PUT to edit Administrative Permission.

        URL: perms/<id_perm>/
        """
        try:

            self.log.info("Edit Administrative Permission")

            # User permission
            if not has_perm(user, AdminPermission.USER_ADMINISTRATION, AdminPermission.WRITE_OPERATION):
                self.log.error(
                    u'User does not have permission to perform the operation.')
                raise UserNotAuthorizedError(None)

            id_perm = kwargs.get('id_perm')

            # Load XML data
            xml_map, attrs_map = loads(request.raw_post_data)

            # XML data format

            networkapi_map = xml_map.get('networkapi')
            if networkapi_map is None:
                return self.response_error(3, u'There is no value to the networkapi tag  of XML request.')

            perm_map = networkapi_map.get('administrative_permission')
            if perm_map is None:
                return self.response_error(3, u'There is no value to the administrative_permission tag  of XML request.')

            # Get XML data
            id_permission = perm_map.get('id_permission')
            id_group = perm_map.get('id_group')
            read = perm_map.get('read')
            write = perm_map.get('write')

            # Valid ID Administrative Permission
            if not is_valid_int_greater_zero_param(id_perm):
                self.log.error(
                    u'The id_perm parameter is not a valid value: %s.', id_perm)
                raise InvalidValueError(None, 'id_perm', id_perm)

            # Valid ID Permission
            if not is_valid_int_greater_zero_param(id_permission):
                self.log.error(
                    u'The id_permission parameter is not a valid value: %s.', id_permission)
                raise InvalidValueError(None, 'id_permission', id_permission)

            # Valid ID Group
            if not is_valid_int_greater_zero_param(id_group):
                self.log.error(
                    u'The id_group parameter is not a valid value: %s.', id_group)
                raise InvalidValueError(None, 'id_group', id_group)

            # Valid Read
            if not is_valid_boolean_param(read):
                self.log.error(
                    u'The read parameter is not a valid value: %s.', read)
                raise InvalidValueError(None, 'read', read)

            # Valid Read
            if not is_valid_boolean_param(write):
                self.log.error(
                    u'The write parameter is not a valid value: %s.', write)
                raise InvalidValueError(None, 'write', write)

            # Find Permission by ID to check if it exist
            adm_perm = PermissaoAdministrativa.get_by_pk(id_perm)

            with distributedlock(LOCK_PERM % id_perm):

                # Find Permission by ID to check if it exist
                permission = Permission.get_by_pk(id_permission)

                # Find UGroup by ID to check if it exist
                ugroup = UGrupo.get_by_pk(id_group)

                try:
                    perm = PermissaoAdministrativa.get_permission_by_permission_ugroup(
                        id_permission, id_group)
                    if perm.id != int(id_perm):
                        raise PermissaoAdministrativaDuplicatedError(
                            None, permission.function)
                except PermissaoAdministrativaNotFoundError:
                    pass

                # set variables
                adm_perm.permission = permission
                adm_perm.ugrupo = ugroup
                adm_perm.leitura = convert_string_or_int_to_boolean(read)
                adm_perm.escrita = convert_string_or_int_to_boolean(write)

                try:
                    # update Administrative Permission
                    adm_perm.save()
                except Exception, e:
                    self.log.error(
                        u'Failed to update the administrative permission.')
                    raise PermissionError(
                        e, u'Failed to update the administrative permission.')

                return self.response(dumps_networkapi({}))

        except InvalidValueError, e:
            return self.response_error(269, e.param, e.value)