def apply_rules_instances(user, args=None): q = Instance.query if not user.is_admin: q1 = q.filter_by(user_id=user.id) if is_group_manager( user ): # show only the instances of the blueprints which the group manager holds group_blueprints_id = get_group_blueprint_ids_for_instances( user, manager=True) q2 = q.filter(Instance.blueprint_id.in_(group_blueprints_id)) q = q1.union(q2) else: q = q1 if args is None or not args.get('show_deleted'): q = q.filter(Instance.state != Instance.STATE_DELETED) if args is not None: if 'instance_id' in args: q = q.filter_by(id=args.get('instance_id')) if args.get('show_only_mine'): q = q.filter_by(user_id=user.id) if 'offset' in args: q = q.offset(args.get('offset')) if 'limit' in args: q = q.limit(args.get('limit')) return q
def post(self): form = BlueprintForm() if not form.validate_on_submit(): logging.warn("validation error on create blueprint") return form.errors, 422 user = g.user blueprint = Blueprint() blueprint.name = form.name.data template_id = form.template_id.data template = BlueprintTemplate.query.filter_by(id=template_id).first() if not template: abort(422) blueprint.template_id = template_id group_id = form.group_id.data group = Group.query.filter_by(id=group_id).first() if not group: abort(422) if not user.is_admin and not is_group_manager(user, group): logging.warn("invalid group for the user") abort(403) blueprint.group_id = group_id if 'name' in form.config.data: form.config.data.pop('name', None) blueprint.config = form.config.data try: validate_max_lifetime_blueprint( blueprint) # Validate the maximum lifetime from config except ValueError: timeformat_error = { "timeformat error": "pattern should be [days]d [hours]h [minutes]m" } return timeformat_error, 422 db.session.add(blueprint) db.session.commit()
def login(user_info): eppn = user_info['eppn'] user = User.query.filter_by(email=eppn).first() if not user: user = create_user(eppn, password=uuid.uuid4().hex) if not user.is_active: user.is_active = True db.session.commit() if user.is_blocked: error_description = 'You have been blocked, contact your administrator' return render_template( 'error.html', error_title='User Blocked', error_description=error_description ) token = user.generate_auth_token(app.config['SECRET_KEY']) return render_template( 'login.html', token=token, username=eppn, is_admin=user.is_admin, is_group_owner=user.is_group_owner, is_group_manager=is_group_manager(user), userid=user.id )
def put(self, blueprint_id): form = BlueprintForm() if not form.validate_on_submit(): logging.warn("validation error on update blueprint config") return form.errors, 422 user = g.user blueprint = Blueprint.query.filter_by(id=blueprint_id).first() if not blueprint: abort(404) if not user.is_admin and not is_group_manager(user, blueprint.group): logging.warn("invalid group for the user") abort(403) blueprint.name = form.config.data.get('name') or form.name.data if 'name' in form.config.data: form.config.data.pop('name', None) blueprint.config = form.config.data if form.is_enabled.raw_data: blueprint.is_enabled = form.is_enabled.raw_data[0] else: blueprint.is_enabled = False try: validate_max_lifetime_blueprint( blueprint) # Validate the maximum lifetime from config except ValueError: timeformat_error = { "timeformat error": "pattern should be [days]d [hours]h [minutes]m" } return timeformat_error, 422 db.session.add(blueprint) db.session.commit()
def delete(self, instance_id): user = g.user query = Instance.query.filter_by(id=instance_id) if not user.is_admin and not is_group_manager(user): query = query.filter_by(user_id=user.id) instance = query.first() if not instance: abort(404) group = instance.blueprint.group if not user.is_admin and not is_group_manager(user, group) and instance.user_id != user.id: abort(403) instance.to_be_deleted = True instance.state = Instance.STATE_DELETING instance.deprovisioned_at = datetime.datetime.utcnow() db.session.commit() if not app.dynamic_config.get('SKIP_TASK_QUEUE'): run_update.delay(instance.id)
def login(user_info): eppn = user_info['eppn'] user = User.query.filter_by(eppn=eppn).first() if not user: user = create_user(eppn, password=uuid.uuid4().hex, email_id=user_info['email_id']) if not user.email_id: user = update_email(eppn, email_id=user_info['email_id']) if not user.is_active: user.is_active = True db.session.commit() if user.is_blocked: error_description = 'You have been blocked, contact your administrator' return render_template( 'error.html', error_title='User Blocked', error_description=error_description ) if user.is_admin: icons = admin_icons elif user.is_group_owner: icons = group_owner_icons elif is_group_manager(user): icons = group_manager_icons else: icons = user_icons token = user.generate_auth_token(app.config['SECRET_KEY']) return render_template( 'login.html', token=token, username=eppn, is_admin=user.is_admin, is_group_owner=user.is_group_owner, is_group_manager=is_group_manager(user), userid=user.id, icon_value=icons )
def process_blueprint(blueprint): user = g.user template = blueprint.template blueprint.schema = template.blueprint_schema blueprint.form = template.blueprint_form # Due to immutable nature of config field, whole dict needs to be reassigned. # Issue #444 in github blueprint_config = blueprint.config blueprint_config['name'] = blueprint.name blueprint.config = blueprint_config blueprint.template_name = template.name blueprint.group_name = blueprint.group.name # rest of the code taken for refactoring from single blueprint GET query blueprint.plugin = blueprint.template.plugin if user.is_admin or is_group_manager(user, blueprint.group): blueprint.manager = True return blueprint
def put(self, blueprint_id): user = g.user blueprint = Blueprint.query.get_or_404(blueprint_id) if blueprint.current_status == 'archived': abort(422) if not user.is_admin and not is_group_manager(user, blueprint.group): logging.warn( "user is {} not group manager for blueprint {}".format( user.id, blueprint.group.id)) abort(403) db.session.expunge(blueprint) make_transient(blueprint) blueprint.id = uuid.uuid4().hex blueprint.name = format("%s - %s" % (blueprint.name, 'Copy')) db.session.add(blueprint) db.session.commit()
def post(self): form = SessionCreateForm() if not form.validate_on_submit(): logging.warn("validation error on user login") return form.errors, 422 user = User.query.filter_by(email=form.email.data).first() if user and user.check_password(form.password.data): return marshal({ 'token': user.generate_auth_token(app.config['SECRET_KEY']), 'is_admin': user.is_admin, 'is_group_owner': user.is_group_owner, 'is_group_manager': is_group_manager(user), 'user_id': user.id }, token_fields) logging.warn("invalid login credentials for %s" % form.email.data) return { 'message': 'Unauthorized', 'status': 401 }, 401
def get(self): user = g.user results = [] group_user_query = (GroupUserAssociation.query.filter_by( user_id=user.id, owner=False).order_by(GroupUserAssociation.manager.desc())) group_user_objs = group_user_query.all() for group_user_obj in group_user_objs: group = group_user_obj.group if re.match('^System.+', group.name): # Do not show system level groups continue group.config = {} group.user_config = {} role = 'user' if is_group_manager(user, group): role = 'manager' group.role = role results.append(group) return results
def apply_rules_instances(user, args=None): q = Instance.query if not user.is_admin: q1 = q.filter_by(user_id=user.id) if is_group_manager(user): # show only the instances of the blueprints which the group manager holds group_blueprints_id = get_group_blueprint_ids_for_instances(user, manager=True) q2 = q.filter(Instance.blueprint_id.in_(group_blueprints_id)) q = q1.union(q2) else: q = q1 if args is None or not args.get('show_deleted'): q = q.filter(Instance.state != Instance.STATE_DELETED) if args is not None: if 'instance_id' in args: q = q.filter_by(id=args.get('instance_id')) if args.get('show_only_mine'): q = q.filter_by(user_id=user.id) if 'offset' in args: q = q.offset(args.get('offset')) if 'limit' in args: q = q.limit(args.get('limit')) return q