def setup_DB(): """ Called when the DB is to be initialized. Should only be called once. """ event_log = EventLog() sc = _SiteConfig() userDB = UserDB() roleDB = RoleDB() mainDB.create_all() event_log.add('db_setup', -1, True) default_group = userDB.add_group(mainApp.config['DEFAULT_GROUP'], mainApp.config['DEFAULT_GROUP_DESC']) default_acts = get_activity_dict(False) default_acts.update(mainApp.config['DEFAULT_ROLE_ACTIVITIES']) dummy = roleDB.add_role( mainApp.config['DEFAULT_ROLE_NAME'], mainApp.config['DEFAULT_ROLE_DESC'], default_acts) user = userDB.add(mainApp.config['ADMIN_USER'], mainApp.config["ADMIN_PASSWD"], mainApp.config['ADMIN_FULLNAME']) admin_group = userDB.add_group(mainApp.config['ADMIN_GROUP'], mainApp.config['ADMIN_GROUP_DESC'], user.id) if not userDB.update_primary(user, admin_group): raise SetupError( 'Could not assign the admin user "{0}" primary group to the ' \ 'admin group "{1}"!'.format(user, admin_group)) # By default, the admin is part of the top level group as well as default dummy = userDB.add_group(mainApp.config['TOP_LEVEL_GROUP'], mainApp.config['TOP_LEVEL_GROUP_DESC'], user.id) userDB.add_to_group(user, default_group) admin_role = get_activity_dict(True) role = roleDB.add_role( mainApp.config['ADMIN_ROLE_NAME'], mainApp.config['ADMIN_ROLE_DESC'], admin_role) roleDB.assign_role(user, mainApp.config['ADMIN_GROUP'], role) roleDB.assign_role(user, mainApp.config['TOP_LEVEL_GROUP'], role) roleDB.assign_role(user, mainApp.config['DEFAULT_GROUP'], role) sc.add(mainApp.noink_version, mainApp.config['SITE_NAME'], mainApp.config['SITE_ADMIN_EMAIL']) event_log.add('db_finish', -1, True)
def add_role(self, name, description, activities=None): """ Add a new role to the DB. @param name: Short, descriptive name of the role. Must be unique. @param description: Longer description of the role. @param activities: An activity dict defining the role's activities. If parameter is omitted, then a default dict is used. """ try: exists = self.find_role_by_name(name) except: exists = False if exists: raise DuplicateRole("{0} already exists as a role with id " "'{1}'".format(name, str(exists))) if activities is None: activities = get_activity_dict(False) now = datetime.datetime.now() pact = pickle(activities) role = Role(name, description, pact, now) mainDB.session.add(role) mainDB.session.commit() blob = pickle({"id": role.id}) # XXX - Do we want to use the user ID of the person adding this role? self.eventLog.add("add_role", -1, True, blob, role.name) return role
def test_AssignRole(self): user_db = UserDB() role_db = RoleDB() u = user_db.add("jontest", "pass", "Jon Q. Testuser") g = user_db.add_group('test_group') user_db.add_to_group(u, g) r = role_db.add_role('test_role', 'test role', get_activity_dict(True)) role_db.assign_role(u, g, r) all_roles = set(rm.role for rm in role_db.get_roles(u)) self.assertTrue(r in all_roles)
def test_AssignRole(self): user_db = UserDB() role_db = RoleDB() u = user_db.add("jontest", "pass", "Jon Q. Testuser") g = user_db.add_group('test_group') user_db.add_to_group(u, g) r = role_db.add_role('test_role', 'test role', get_activity_dict(True)) role_db.assign_role(u, g, r) all_roles_1st = set(rm.role for rm in role_db.get_roles(u)) was_in_before = r in all_roles_1st role_db.revoke_role(u, g, r) all_roles_2nd = set(rm.role for rm in role_db.get_roles(u)) not_in_after = r not in all_roles_2nd self.assertTrue(was_in_before and not_in_after)
def admin_new_role(): """ Renders the new role page """ role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): all_activities = set() for m in role_db.get_roles(current_user): acts = role_db.get_activities(m.role_id) for act in acts: if acts[act]: all_activities.add(act) if 'new_role' in all_activities: role = role_db.create_temp_empty_role() if 'cancel' in request.form: return redirect(url_for('admin_role.admin_role_page')) elif 'submit' in request.form: rname = request.form.get('role_name', None) role.name = rname role.description = request.form.get('description', None) updated_acts = request.form.getlist('activities') ract = get_activity_dict(False) for a in updated_acts: ract[a] = True role = role_db.update_temp_role_activities(role, ract) if rname is not None and rname != '': r = role_db.get_role(rname) if r is None: try: role = role_db.add_role(role.name, role.description, ract) flash(_('Role "{0}" added.'.format(rname))) return redirect(url_for( 'admin_role.admin_role_page')) except DuplicateRole: flash(_('Role name "{0}" is already in use!'.format( rname)), 'error') return render_template('admin_role.html', role=role, state=get_state(), title=_('Edit Role'), cancel_button=_('Cancel'), submit_button=_('Submit'), can_edit_roles=True, activities=activities) else: return _not_auth() else: return _not_auth()
def create_temp_empty_role(self): """ Returns a temporary, empty role object. """ pact = pickle(get_activity_dict(False)) return Role(None, None, pact, None)
def admin_role_page(rid): """ Renders the role admin page """ user_db = UserDB() role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): is_admin = user_db.in_group(current_user, mainApp.config['ADMIN_GROUP']) all_activities = set() for m in role_db.get_roles(current_user): acts = role_db.get_activities(m.role_id) for act in acts: if acts[act]: all_activities.add(act) can_view_roles = 'view_roles' in all_activities can_edit_roles = 'edit_roles' in all_activities if is_admin or can_view_roles: if rid is None: if request.method == 'POST': if 'delete' in request.form: rids = request.form.getlist('select') for rid in rids: try: role_db.delete_role(int(rid)) flash(_('Role with ID "{0}" deleted'.format( rid))) except RoleNotFound: flash(_('"{0}" role id not found!'.format( rid)), 'error') elif 'new' in request.form: return redirect(url_for('admin_role.admin_new_role')) roles = role_db.get_all_roles() return render_template('list_roles.html', roles=roles, state=get_state(), can_view_roles=can_view_roles, can_edit_roles=can_edit_roles, title=_('All Roles'), delete_button=_('Delete'), new_button=_('New'), cancel_button=_('Cancel'), activities=activities, del_title=_('Delete Roles(s)'), del_warn=_('Deleting roles is a permanent action. '\ 'Are you sure?')) else: if request.method == "POST": if 'cancel' in request.form: return redirect(url_for('admin_role.admin_role_page')) elif 'submit' in request.form: role = role_db.get_role(rid) if role is not None: role.name = request.form.get('role_name', role.name) role.description = request.form.get('description', role.description) updated_acts = request.form.getlist('activities') ract = get_activity_dict(False) for a in updated_acts: ract[a] = True role = role_db.update_temp_role_activities( role, ract) role_db.update_role(role) return redirect(url_for( 'admin_role.admin_role_page')) role = role_db.get_role(rid) if role is not None: return render_template('admin_role.html', role=role, state=get_state(), title=_('Edit Role'), cancel_button=_('Cancel'), submit_button=_('Submit'), can_edit_roles=True, activities=activities) else: return _not_auth() else: return _not_auth()
def test_AddRole(self): role_db = RoleDB() r1 = role_db.add_role("test_role", "A test role", get_activity_dict(True)) r2 = role_db.get_role("test_role") self.assertEqual(r1.id, r2.id)