def is_app_admin(self, app, user):
'''
used to determine app administrator membership
necessary because splunkd auth does not advertise inherited roles
'''
sub_roles = []
admin_list = app.entity['eai:acl']['perms']['write']
if '*' in admin_list:
return True
for role in auth.getUser(name=user)['roles']:
if role in admin_list:
return True
sub_roles.append(role)
for role in sub_roles:
for irole in auth.getRole(name=role)['imported_roles']:
if irole in admin_list:
return True
return False
def is_app_admin(self, app, user):
'''
used to determine app administrator membership
necessary because splunkd auth does not advertise inherited roles
'''
sub_roles = []
admin_list = app.entity['eai:acl']['perms']['write']
if '*' in admin_list:
return True
for role in auth.getUser(name=user)['roles']:
if role in admin_list:
return True
sub_roles.append(role)
for role in sub_roles:
for irole in auth.getRole(name=role)['imported_roles']:
if irole in admin_list:
return True
return False
#can throw this error if we try and show a non-existent config
displayResourceError(cmd=cmd,
obj=obj,
uri=restArgList['name'],
serverContent=None)
return
#show:default-index has already been done for us, reuse it
elif '%s:%s' % (cmd, obj) == 'show:default-index':
defIndexList = []
try:
#first get the role associated with this user
roles = auth.getUser(auth.getCurrentUser()['name'],
sessionKey=sessionKey)['roles']
#get details of each role
for role in roles:
indexes = auth.getRole(
role, sessionKey=sessionKey)['srchIndexesDefault']
for index in indexes:
defIndexList.append(index)
except:
pass
DISPLAY_CHARS[endpoint](cmd=cmd,
obj=obj,
sessionKey=sessionKey,
defIndex=defIndexList)
#handle sync/async search
elif cmd in ['search', 'dispatch']:
if not restArgList['terms'].strip():
displayGenericError(cmd=cmd, terms='')
return
if restArgList.has_key('detach') and restArgList['detach'] == 'true':
elif '%s:%s' % (cmd,obj) == 'show:config':
try:
return handleShowConf(restArgList['name'], sessionKey, namespace, owner)
except splunk.ResourceNotFound:
#can throw this error if we try and show a non-existent config
displayResourceError(cmd=cmd, obj=obj, uri=restArgList['name'], serverContent=None)
return
#show:default-index has already been done for us, reuse it
elif '%s:%s' % (cmd,obj) == 'show:default-index':
defIndexList = []
try:
#first get the role associated with this user
roles = auth.getUser(auth.getCurrentUser()['name'], sessionKey=sessionKey)['roles']
#get details of each role
for role in roles:
indexes = auth.getRole(role, sessionKey=sessionKey)['srchIndexesDefault']
for index in indexes:
defIndexList.append(index)
except:
pass
DISPLAY_CHARS[endpoint](cmd=cmd, obj=obj, sessionKey=sessionKey, defIndex=defIndexList)
#handle sync/async search
elif cmd in ['search', 'dispatch']:
if not restArgList['terms'].strip():
displayGenericError(cmd=cmd, terms='')
return
if restArgList.has_key('detach') and restArgList['detach'] == 'true':
return handleAsyncSearch(restArgList['terms'], sessionKey, namespace, owner, restArgList, dotSplunk)
else:
return handleSyncSearch(restArgList['terms'], sessionKey, namespace, owner, restArgList)
