def groupsInApp(self, currentuser, fullyQualifiedAppName):
app=self.getApp(currentuser, fullyQualifiedAppName)
# permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser),
# "Only owner of app %s or systemuser can get groups" % app.fqin)
authorize_context_owner(False, self, currentuser, None, app)
groups=app.applicationgroups
return [e.info() for e in groups]
def removeGroup(self,currentuser, fqgn):
remgrp=self.getGroup(currentuser, fqgn)
authorize_context_owner(False, self, currentuser, None, remgrp)
#BUG: group deletion is very fraught. Once someone else is in there
#the semantics go crazy
remgrp.delete(safe=True)
return OK
def changeOwnershipOfLibrary(self, currentuser, fqln, newowner, groupmode=False):
libq=Library.objects(basic__fqin=fqln)
if groupmode:
try:
groupq=Group.objects(basic__fqin=newowner)
group=groupq.get()
newowner=group.basic.fqin
except:
#make sure target exists.
doabort('BAD_REQ', "No such group %s" % newowner)
authorize_context_member(False, self, currentuser, None, group)
else:
try:
userq= User.objects(nick=newowner)
newowner=userq.get().nick
except:
#make sure target exists.
doabort('BAD_REQ', "No such user %s" % newowner)
try:
lib=libq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqtn)
authorize_context_owner(False, self, currentuser, None, lib)
try:
oldownernick=lib.owner
if groupmode:
lib.update(safe_update=True, set__owner = newowner, push__members=newowner)
else:
lib.update(safe_update=True, set__owner = newowner, push__members=newowner, pull__members=oldownernick)
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for lib %s" % (oldownernick, newowner, fqln))
return newowner
def usersInApp(self, currentuser, fullyQualifiedAppName):
app=self.getApp(currentuser, fullyQualifiedAppName)
#owner gets users here as its a bigger context
authorize_context_owner(False, self, currentuser, None, app)
# permit(self.isMemberOfApp(currentuser, app) or self.isSystemUser(currentuser),
# "Only member of app %s or systemuser can get users" % app.fqin)
users=app.applicationusers
return [e.info() for e in users]
def removeUserFromGroup(self, currentuser, fullyQualifiedGroupName, usertoberemoved):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertoberemoved.groupsin.remove(grp)
except:
doabort('BAD_REQ', "Failed removing user %s from group %s" % (usertoberemoved.nick, grp.fqin))
return OK
def inviteUserToApp(self, currentuser, fullyQualifiedAppName, usertobeadded, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
#permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, app)
try:
usertobeadded.applicationsinvitedto.append(app)
except:
doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, app.fqin))
return usertobeaded
def removeUserFromApp(self, currentuser, fullyQualifiedAppName, usertoberemoved):
app=self.getApp(currentuser, fullyQualifiedAppName)
#permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, app)
try:
usertoberemoved.applicationsin.remove(app)
except:
doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemoved.nick, app.fqin))
return OK
def inviteUserToApp(self, currentuser, fqan, usertobeaddednick):
app=self.getApp(currentuser, fqan)
userq= User.objects(nick=usertobeaddednick)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, push__appsinvitedto=fqan)
except:
doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, fqan))
return usertobeaddednick
def inviteUserToGroup(self, currentuser, fullyQualifiedGroupName, usertobeadded, authspec):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertobeadded.groupsinvitedto.append(grp)
except:
doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, grp.fqin))
return usertobeadded
def inviteUserToGroup(self, currentuser, fqgn, usertobeaddednick):
grp=self.getGroup(currentuser, fqgn)
userq= User.objects(nick=usertobeaddednick)
authorize_context_owner(False, self, currentuser, None, grp)
try:
userq.update(safe_update=True, push__groupsinvitedto=fqgn)
except:
doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, fqgn))
#print "IIIII", userq.get().groupsinvitedto
return usertobeaddednick
def addUserToGroup(self, currentuser, grouporfullyQualifiedGroupName, usertobeadded, authspec):
grp=_group(currentuser, self, grouporfullyQualifiedGroupName)
if grp.fqin!='[email protected]/group:public':
#special case so any user can add themselves to public group
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertobeadded.groupsin.append(grp)
except:
doabort('BAD_REQ', "Failed adding user %s to group %s" % (usertobeadded.nick, grp.fqin))
return usertobeadded
def removeApp(self,currentuser, fullyQualifiedAppName):
remapp=self.getApp(currentuser, fullyQualifiedAppName)
authorize_context_owner(False, self, currentuser, None, remapp)
# permit(self.isOwnerOfApp(currentuser, remapp) or self.isSystemUser(currentuser),
# "Only owner of app %s or systemuser can remove app" % remapp.fqin)
#How will the cascades work? removing users? should we not archive?
#from an ORM perspective its like groups should be added to a new table ArchivedGroup,
#or perhaps just flagged "archived"
self.session.delete(remapp)
return OK
def changeOwnershipOfGroup(self, currentuser, fullyQualifiedGroupName, usertobenewowner):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
permit(self.isMemberOfGroup(usertobenewowner, grp), " User %s must be member of grp %s" % (currentuser.nick, grp.fqin))
try:
oldownernick=grp.owner.nick
grp.owner = usertobenewowner
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for group %s" % (oldownernick, usertobenewowner.nick, grp.fqin))
return usertobenewowner
def removeGroupFromApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName):
app=self.getApp(currentuser, fullyQualifiedAppName)
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp), "User %s must be owner of group %s" % (currentuser.nick, grp.fqin))
#permit(self.isMemberOfApp(currentuser, app), "User %s must be member of app %s" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
authorize_context_member(False, self, currentuser, None, app)
try:
grp.applicationsin.remove(app)
#pubsub depending on what we want to do to delete
except:
doabort('BAD_REQ', "Failed removing group %s from app %s" % (grp.fqin, app.fqin))
return OK
def removeUserFromApp(self, currentuser, fqan, usertoberemovednick):
appq=App.objects(basic__fqin=fqan)
userq= User.objects(nick=usertoberemovednick)
try:
app=appq.get()
except:
doabort('BAD_REQ', "No such app %s" % fqan)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, pull_groupsin=fqan)
appq.update(safe_update=True, pull__members=usertoberemovednick)
except:
doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemovednick, fqan))
return OK
def addGroupToApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#You must be owner of the group and member of the app
#no useras stuff here?
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
#permit(self.isMemberOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be member of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
authorize_context_member(False, self, currentuser, None, app)
try:
grp.applicationsin.append(app)
#pubsub must add the individual users. BUG is that how we want to do it?
except:
doabort('BAD_REQ', "Failed adding group %s to app %s" % (grp.fqin, app.fqin))
return grp
def addUserToApp(self, currentuser, fqan, usertobeaddednick):
appq=App.objects(basic__fqin=fqan)
userq= User.objects(nick=usertobeaddednick)
try:
app=appq.get()
except:
doabort('BAD_REQ', "No such app %s" % fqan)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, push__appsin=fqan)
appq.update(safe_update=True, push__members=usertobeaddednick)
except:
doabort('BAD_REQ', "Failed adding user %s to app %s" % (usertobeaddednick, fqan))
return usertobeaddednick
def addUserToGroup(self, currentuser, fqgn, usertobeaddednick):
grpq=Group.objects(basic__fqin=fqgn)
userq= User.objects(nick=usertobeaddednick)
try:
grp=grpq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqgn)
if fqgn!='adsgut/group:public':
#special case so any user can add themselves to public group
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
userq.update(safe_update=True, push__groupsin=fqgn)
grpq.update(safe_update=True, push__members=usertobeaddednick)
except:
doabort('BAD_REQ', "Failed adding user %s to group %s" % (usertobeaddednick, fqgn))
return usertobeaddednick
def changeOwnershipOfGroup(self, currentuser, fqgn, usertobenewownernick):
grpq=Group.objects(basic__fqin=fqgn)
userq= User.objects(nick=usertobenewownernick)
try:
usertobenewowner=userq.get()
except:
doabort('BAD_REQ', "No such user %s" % usertobenewownernick)
try:
grp=grpq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqgn)
authorize_context_owner(False, self, currentuser, None, grp)
permit(self.isMemberOfGroup(usertobenewowner, grp), " User %s must be member of grp %s" % (currentuser.nick, fqgn))
try:
oldownernick=grp.owner
grp.update(safe_update=True, set__owner = usertobenewownernick)
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for group %s" % (oldownernick, usertobenewowner.nick, fqgn))
return usertobenewownernick
def changeOwnershipOfType(self, currentuser, fqtypen, typetype, newowner, groupmode=False):
if typetype=="itemtype":
typeo=ItemType
elif typrtype=="tagtype":
typeo=TagType
typq=typeo.objects(basic__fqin=fqtypen)
if groupmode:
try:
groupq=Group.objects(basic__fqin=newowner)
group=groupq.get()
newowner=group.basic.fqin
except:
#make sure target exists.
doabort('BAD_REQ', "No such group %s" % newowner)
authorize_context_member(False, self, currentuser, None, group)
else:
try:
userq= User.objects(nick=newowner)
newowner=userq.get().nick
except:
#make sure target exists.
doabort('BAD_REQ', "No such user %s" % newowner)
try:
typ=typq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqtypen)
authorize_context_owner(False, self, currentuser, None, typ)
try:
oldownernick=typ.owner
if groupmode:
typ.update(safe_update=True, set__owner = newowner)
else:
typ.update(safe_update=True, set__owner = newowner)
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for type %s" % (oldownernick, newowner, fqtypen))
return newowner
def usersInApp(self, currentuser, fqan):
app=self.getApp(currentuser, fqan)
#owner gets users here as its a bigger context
authorize_context_owner(False, self, currentuser, None, app)
users=app.members
return users
def removeApp(self,currentuser, fqan):
remapp=self.getApp(currentuser, fqan)
authorize_context_owner(False, self, currentuser, None, remapp)
#BUG: app deletion, just like group deletion, is fraught.
remapp.delete(safe=True)
return OK