Example #1
0
def dbRevokeRoleFromUser(db, role, targetUser, user):
    """Revoke a role from a user, i.e. ungrant it."""
    if userIsAdmin(db, user):
        grantedRoleKeys = {r.roleKey() for r in targetUser.roles}
        if role.roleKey() not in grantedRoleKeys:
            raise OstracionError('Role is not granted to user')
        else:
            # delicate checks: cannot remove 'admin' from self
            if (user.username == targetUser.username
                    and role.roleKey() == ('system', 'admin')):
                raise OstracionError('Cannot revoke "admin" role from self')
            else:
                dbDeleteRecordsByKey(
                    db,
                    'user_roles',
                    {
                        'username': targetUser.username,
                        'role_class': role.role_class,
                        'role_id': role.role_id,
                    },
                    dbTablesDesc=dbSchema,
                )
                db.commit()
    else:
        raise OstracionError('Insufficient permissions')
Example #2
0
def dbDeleteRole(db, roleClass, roleId, user):
    """ Delete a role from DB."""
    if userIsAdmin(db, user):
        role = dbGetRole(db, roleClass, roleId, user)
        if role.can_delete == 0:
            raise OstracionError('Role cannot be deleted')
        else:
            dbDeleteRecordsByKey(
                db,
                'box_role_permissions',
                {
                    'role_class': role.role_class,
                    'role_id': role.role_id
                },
                dbTablesDesc=dbSchema,
            )
            dbDeleteRecordsByKey(
                db,
                'roles',
                {
                    'role_class': role.role_class,
                    'role_id': role.role_id
                },
                dbTablesDesc=dbSchema,
            )
            db.commit()
    else:
        raise OstracionError('Insufficient permissions')
Example #3
0
def deleteLink(
        db, parentBox, link, user, fileStorageDirectory,
        skipCommit=False, accountDeletionInProgress=False):
    """ Delete a link (either because permissions allow it
        or the caller is working as part of an account deletion,
        in which case the caller is responsible for lifting
        permission checks).
        Returns the filesystem delete queue.
    """
    if (accountDeletionInProgress or
            userHasPermission(db, user, parentBox.permissions, 'w')):
        #
        fsDeleteQueue = (
            [
                fileIdToPath(
                    link.icon_file_id,
                    fileStorageDirectory=fileStorageDirectory,
                )
            ]
            if link.icon_file_id != '' else []
        )
        dbDeleteRecordsByKey(
            db,
            'links',
            {'link_id': link.link_id},
            dbTablesDesc=dbSchema,
        )
        if not skipCommit:
            db.commit()
        return fsDeleteQueue
    else:
        raise OstracionError('User has no write permission')
Example #4
0
def dbDeleteTicket(db, ticketId, user, mode, skipCommit=False):
    """ Remove a ticket from DB."""
    ticketDict = dbRetrieveRecordByKey(
        db,
        'tickets',
        {'ticket_id': ticketId},
        dbTablesDesc=dbSchema,
    )
    if (ticketDict is not None and
            ticketTargetTypeToModeNameMap[ticketDict['target_type']] == mode):
        ticket = Ticket(**ticketDict)
        if userIsAdmin(db, user) or user.username == ticket.username:
            #
            dbDeleteRecordsByKey(
                db,
                'tickets',
                {'ticket_id': ticketId},
                dbTablesDesc=dbSchema,
            )
            if not skipCommit:
                db.commit()
        else:
            raise OstracionError('Insufficient permissions')
    else:
        raise OstracionWarning('Ticket unavailable')
Example #5
0
def _recursiveBoxDeletion(
        db, box, parentBox, user,
        fileStorageDirectory, accountDeletionInProgress=False):
    """ Take care of deleting a box, invoking itself on children boxes
        and erasing contained files, joining the results (the delete queue)
        accumulated in the sub-deletions. Used internaly by deleteBox.
    """
    if box.box_id == '':
        raise OstracionError('Box cannot be deleted')
    else:
        if (accountDeletionInProgress or
                (
                    userHasPermission(db, user, box.permissions, 'w') and
                    userHasPermission(db, user, parentBox.permissions, 'c')
                )):
            fsDeleteQueue = ([fileIdToPath(
                box.icon_file_id,
                fileStorageDirectory=fileStorageDirectory,
            )]) if box.icon_file_id != '' else []
            allChildren = list(getBoxesFromParent(db, box, user))
            if any(c is None for c in allChildren):
                raise OstracionError('User is not allowed to delete box')
            #
            for c in allChildren:
                if c is not None:
                    fsDeleteQueue += _recursiveBoxDeletion(
                        db, c, box, user,
                        fileStorageDirectory=fileStorageDirectory,
                        accountDeletionInProgress=accountDeletionInProgress)
            allChildFiles = getFilesFromBox(db, box)
            for f in allChildFiles:
                fsDeleteQueue += deleteFile(
                    db, box, f, user,
                    fileStorageDirectory=fileStorageDirectory,
                    skipCommit=True,
                    accountDeletionInProgress=accountDeletionInProgress)
            # actual deletion
            dbDeleteRecordsByKey(
                db, 'box_role_permissions', {'box_id': box.box_id},
                dbTablesDesc=dbSchema)
            dbDeleteRecordsByKey(
                db, 'boxes', {'box_id': box.box_id},
                dbTablesDesc=dbSchema)
            return fsDeleteQueue
        else:
            raise OstracionError('User is not allowed to delete box')
Example #6
0
def dbDeleteBoxRolePermission(db,
                              boxId,
                              roleClass,
                              roleId,
                              user,
                              skipCommit=False):
    """Remove a permission set (i.e. for a role) from a box."""
    if boxId == '':
        raise OstracionError('Cannot delete root box permissions')
    else:
        if userIsAdmin(db, user):
            recordExists = len(
                list(
                    dbRetrieveRecordsByKey(
                        db,
                        'box_role_permissions',
                        {
                            'box_id': boxId,
                            'role_class': roleClass,
                            'role_id': roleId,
                        },
                        dbTablesDesc=dbSchema,
                    ))) != 0
            if recordExists:
                try:
                    dbDeleteRecordsByKey(
                        db,
                        'box_role_permissions',
                        {
                            'box_id': boxId,
                            'role_class': roleClass,
                            'role_id': roleId,
                        },
                        dbTablesDesc=dbSchema,
                    )
                    if not skipCommit:
                        db.commit()
                except Exception as e:
                    db.rollback()
                    raise e
            else:
                raise OstracionError('Box role permission does not exist')
        else:
            raise OstracionError('Insufficient permissions')
Example #7
0
def dbDeleteUser(db, username, user, fileStorageDirectory):
    """ Delete a user altogether. Return a fsDeletionQueue for deletions."""
    if username != '':
        if not userIsAdmin(db, dbGetUser(db, username)):
            try:
                if username == user.username or userIsAdmin(db, user):
                    fsDeleteQueue = []
                    # 1. cleanup of file system
                    rootBox = getRootBox(db)
                    fsDeleteQueue += _traverseForAccountDeletion(
                        db,
                        rootBox,
                        username,
                        user,
                        path=[''],
                        fileStorageDirectory=fileStorageDirectory,
                    )
                    # 2. deleting user-related data around
                    dbDeleteRecordsByKey(
                        db,
                        'user_roles',
                        {'username': username},
                        dbTablesDesc=dbSchema,
                    )
                    deleteeUser = dbGetUser(db, username)
                    if deleteeUser.icon_file_id != '':
                        fsDeleteQueue.append(fileIdToPath(
                            deleteeUser.icon_file_id,
                            fileStorageDirectory=fileStorageDirectory,
                        ))
                    dbDeleteRecordsByKey(
                        db,
                        'tickets',
                        {'username': username},
                        dbTablesDesc=dbSchema,
                    )
                    for u in dbGetAllUsers(db, user,
                                           accountDeletionInProgress=True):
                        if u.username != username:
                            if u.icon_file_id_username == username:
                                if u.icon_file_id != '':
                                    fsDeleteQueue.append(fileIdToPath(
                                        u.icon_file_id,
                                        fileStorageDirectory,
                                    ))
                                dbUpdateUser(
                                    db,
                                    User(**recursivelyMergeDictionaries(
                                        {
                                            'icon_file_id': '',
                                            'icon_file_id_username': '',
                                        },
                                        defaultMap=u.asDict(),
                                    )),
                                    user,
                                    skipCommit=True,
                                )
                    # 3. delete user-specific role association from boxes
                    dbDeleteRecordsByKey(
                        db,
                        'box_role_permissions',
                        {'role_class': 'user', 'role_id': username},
                        dbTablesDesc=dbSchema,
                    )
                    # 4. delete user-specific role
                    dbDeleteRecordsByKey(
                        db,
                        'roles',
                        {'role_class': 'user', 'role_id': username},
                        dbTablesDesc=dbSchema
                    )
                    # 5. finally, delete the user
                    dbDeleteRecordsByKey(
                        db,
                        'users',
                        {'username': username},
                        dbTablesDesc=dbSchema
                    )
                    db.commit()
                    return fsDeleteQueue
                else:
                    raise OstracionError('Insufficient permissions')
            except Exception as e:
                db.rollback()
                raise e
        else:
            raise OstracionError('Cannot delete an admin')
    else:
        raise OstracionError('Cannot alter system user')