def __call__(self):
warnings = []
enabled_event_id = AuditLogEventType.by_name('UserEnabled').id
disabled_event_id = AuditLogEventType.by_name('UserDisabled').id
for user in User.get_all():
last_enabled_entry = AuditLogEntry.get_all(
security=False,
filter_by={
'event_type_id': enabled_event_id,
'user_id': user.id
},
order_by='timestamp'
).first()
last_disabled_entry = AuditLogEntry.get_all(
security=False,
filter_by={
'event_type_id': disabled_event_id,
'user_id': user.id
},
order_by='timestamp'
).first()
if user.enabled:
if not last_enabled_entry:
warnings.append(
'User {} ({}) is enabled, '
'but has no UserEnabled entry.'.format(
user.email, user.id))
elif last_disabled_entry and (
last_enabled_entry.timestamp < last_disabled_entry.timestamp): # noqa
warnings.append(
'User {} ({}) is enabled, '
'but has an UserDisabled entry '
'after UserEnabled entry.'.format(
user.email, user.id))
else:
if not last_disabled_entry:
warnings.append(
'User {} ({}) is disabled, '
'but has no UserDisabled entry.'.format(
user.email, user.id))
elif last_enabled_entry and (
last_disabled_entry.timestamp < last_enabled_entry.timestamp): # noqa
warnings.append(
'User {} ({}) is disabled, '
'but has an UserEnabled entry '
'after UserDisabled entry.'.format(
user.email, user.id))
return warnings
def _make_enabled_entry(self):
from pyramid_bimt.models import AuditLogEventType
from pyramid_bimt.tests.test_auditlog_model import _make_entry
_make_entry(
user=self.user,
event_type=AuditLogEventType.by_name('UserEnabled'),
)
def add_demo_auditlog_entries():
"""Add a dummy audit-log entry."""
with transaction.manager:
read = AuditLogEntry(
user=User.by_email('*****@*****.**'),
event_type_id=AuditLogEventType.by_name(u'UserChangedPassword').id,
comment=u'read entry',
read=True,
)
Session.add(read)
unread = AuditLogEntry(
user=User.by_email('*****@*****.**'),
event_type_id=AuditLogEventType.by_name(u'UserChangedPassword').id,
comment=u'unread entry',
read=False,
)
Session.add(unread)
def expire_subscriptions():
"""Find all outstanding subscriptions and expire them."""
with transaction.manager:
for user in User.get_all():
if user.enabled:
if user.valid_to < date.today():
user.disable()
msg = u'Disabled user {} ({}) because its valid_to ({}) ' \
'has expired.'.format(
user.email, user.id, user.valid_to)
Session.add(
AuditLogEntry(
user_id=user.id,
event_type_id=AuditLogEventType.by_name(
'UserDisabled').id,
comment=msg,
))
logger.info(msg)
continue
# handle addons
for prop in user.properties:
if not prop.key.startswith('addon_'):
continue
if not prop.key.endswith('_valid_to'):
continue
valid_to = datetime.strptime(prop.value, '%Y-%m-%d').date()
if valid_to >= date.today():
continue
group = Group.by_product_id(
prop.key.split('addon_')[1].split('_valid_to')[0])
user.groups.remove(group)
msg = u'Addon "{}" disabled for user {} ({}) because ' \
'its valid_to ({}) has expired.'.format(
group.name, user.email, user.id, prop.value)
Session.add(
AuditLogEntry(
user_id=user.id,
event_type_id=AuditLogEventType.by_name(
'UserDisabled').id,
comment=msg,
))
def log_event(self, comment=None, read=False):
from pyramid_bimt.models import AuditLogEntry
from pyramid_bimt.models import AuditLogEventType
event_type = AuditLogEventType.by_name(name=self.__class__.__name__)
entry = AuditLogEntry(
user_id=self.user.id,
event_type_id=event_type.id,
comment=comment,
read=read,
)
Session.add(entry)
def default_audit_log_event_types():
"""Return a list of all default Audit log event types.
This is normally used in scripts that populate DB with initial data.
:return: All default Audit log event types.
:rtype: list of AuditLogEventType objects
"""
types = []
for name, obj in inspect.getmembers(events, inspect.isclass):
if (issubclass(obj, events.PyramidBIMTEvent)
and name != 'PyramidBIMTEvent'):
types.append(
AuditLogEventType(
name=name,
title=u' '.join(re.findall('[A-Z][^A-Z]*', name)),
description=unicode(obj.__doc__),
))
return types
def test_audit_log_read_all(self):
from pyramid_bimt.models import AuditLogEventType
from pyramid_bimt.views.auditlog import audit_log_read_all
import transaction
self.config.testing_securitypolicy(userid='*****@*****.**',
permissive=True)
request = self.request
request.user = User(id=1, email='*****@*****.**')
entry = AuditLogEntry(
user_id=1,
event_type_id=AuditLogEventType.by_name('UserCreated').id,
)
Session.add(entry)
transaction.commit()
self.assertFalse(AuditLogEntry.get_all(request=request).first().read)
resp = audit_log_read_all(request)
self.assertIn('/activity/', resp.location)
self.assertTrue(AuditLogEntry.get_all(request=request).first().read)
def test_audit_log_delete(self):
from pyramid_bimt.models import AuditLogEventType
from pyramid_bimt.views.auditlog import audit_log_delete
import transaction
self.config.testing_securitypolicy(userid='*****@*****.**',
permissive=True)
request = self.request
request.user = User(id=1, email='*****@*****.**')
entry = AuditLogEntry(
user_id=1,
event_type_id=AuditLogEventType.by_name('UserCreated').id,
)
Session.add(entry)
request.context = entry
transaction.commit()
resp = audit_log_delete(request)
self.assertIn('/activity/', resp.location)
self.assertEqual(len(handler.records), 1)
self.assertEqual(
handler.records[0].message,
'User <User:1 (email=\'[email protected]\')> removing auditlog entry '
'<AuditLogEntry:3 (user=u\'[email protected]\', type=u\'UserCreated\')>.' # noqa
)