def default_sharing(self, id): """Change a user's default sharing. .. :quickref: User; Change default sharing When used on another user account, requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) groups = request.form.get('groups', '').split(',') for group in groups: if group in user['groups']: break else: flash('You have to at least keep one of your groups.', 'danger') return redirect({'user': clean_users(user)}, request.referrer) user.update_value('default_sharing', groups) return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id): """Get a user. .. :quickref: User; Get a user The user is returned in the ``user`` field. :param id: user id :>json ObjectId _id: user's ObjectId. :>json string name: full name. :>json string: email address. :>json boolean enabled: ``True`` if the user is enabled. :>json list groups: list of groups the user belongs to. :>json list default_sharing: list of groups used by the user as default sharing preferences. :>json list permissions: list of user's permissions """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) return render( { 'user': clean_users(user), 'permissions': dispatcher.permissions }, 'users/profile.html')
def update(self, id): """Update a user. .. :quickref: User; Update existing user Requires the `manage_users` permission. When succesful, the new user will be returned in the ``user`` field. Otherwise, an ``errors`` field will list errors. :form name: full name :form email: email address :form groups: comma-delimited list of groups :form permission_VALUE: specify a value different than ``0`` or ``False`` for all permissions the user should have. """ name = request.form.get('name') email = request.form.get('email').lower() groups = [g for g in request.form.get('groups', '').split(',') if g] user = User(get_or_404(User.get_collection(), _id=id)) if not self._valid_form(name, email, groups, user['email']): return validation_error() user['name'] = name user['email'] = email user['groups'] = groups user['permissions'] = self.get_permissions(user['permissions']) user.save() return redirect({'user': clean_users(user)}, url_for('UsersView:get', id=user['_id']))
def index(self): """Get the list of analyses. .. :quickref: Analysis; Get the list of analyses Response is paginated and will only contain 25 results. The most recent analyses appear first. :query page: page number. :type page: int :>json list analyses: list of analyses (see :http:get:`/analyses/(id)` for details on the format of an analysis). """ page = int(request.args.get('page', 1)) analyses = current_user.analyses.find().sort('_id', DESCENDING).limit(PER_PAGE).skip((page - 1) * PER_PAGE) pagination = Pagination(page=page, per_page=PER_PAGE, total=analyses.count(), css_framework='bootstrap3') analyses = {'analyses': clean_analyses(list(analyses))} for analysis in analyses['analyses']: file = current_user.files.find_one({'_id': analysis['file']}) analysis['file'] = clean_files(file) if 'analyst' in analysis: analyst = store.users.find_one({'_id': analysis['analyst']}) analysis['analyst'] = clean_users(analyst) return render(analyses, 'analyses/index.html', ctx={'data': analyses, 'pagination': pagination})
def return_file(file): analyses = list(current_user.analyses.find({'_id': {'$in': file['file']['analysis']}})) file['av_modules'] = [m.name for m in dispatcher.get_antivirus_modules()] for analysis in analyses: if 'analyst' in analysis: analyst = store.users.find_one({'_id': analysis['analyst']}) analysis['analyst'] = clean_users(analyst) file['file']['analysis'] = clean_analyses(analyses) return render(file, 'files/show.html', ctx={ 'data': file, 'options': dispatcher.options, 'comments_enabled': comments_enabled()})
def disable(self, id): """Disable a user. .. :quickref: User; Disable a user Requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ user = User(get_or_404(User.get_collection(), _id=id)) user.update_value('enabled', False) return redirect({'user': clean_users(user)}, url_for('UsersView:index'))
def reset_api(self, id): """Reset a user's API key. .. :quickref: User; Reset API key When used on another user account, requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) user.update_value('api_key', User.generate_api_key()) return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id): """Get the object with `id`. .. :quickref: File; Get an object Resulting object is in the ``file`` field. :param id: id of the object. :>json dict _id: ObjectId dict. :>json string md5: MD5 hash. :>json string sha1: SHA1 hash. :>json string sha256: SHA256 hash. :>json string type: FAME type. :>json string mime: mime type. :>json string detailed_type: detailed type. :>json list groups: list of groups (as strings) that have access to this file. :>json list owners: list of groups (as strings) that submitted this file. :>json list probable_names: list of probable names (as strings). :>json list analysis: list of analyses' ObjectIds. :>json list parent_analyses: list of analyses (as ObjectIds) that extracted this object. :>json dict antivirus: dict with antivirus names as keys. """ file = {'file': clean_files(get_or_404(current_user.files, _id=id))} analyses = list( current_user.analyses.find( {'_id': { '$in': file['file']['analysis'] }})) file['av_modules'] = [ m.name for m in dispatcher.get_antivirus_modules() ] for analysis in analyses: if 'analyst' in analysis: analyst = store.users.find_one({'_id': analysis['analyst']}) analysis['analyst'] = clean_users(analyst) file['file']['analysis'] = clean_analyses(analyses) return render(file, 'files/show.html', ctx={ 'data': file, 'options': dispatcher.options })
def index(self): """Get all users. .. :quickref: User; Get the list of users Requires the `manage_users` permission. The result is in the ``users`` field. :>jsonarr ObjectId _id: user's ObjectId. :>jsonarr string name: full name. :>jsonarr string: email address. :>jsonarr boolean enabled: ``True`` if the user is enabled. :>jsonarr list groups: list of groups the user belongs to. :>jsonarr list default_sharing: list of groups used by the user as default sharing preferences. :>jsonarr list permissions: list of user's permissions """ users = {"users": clean_users(list(User.find()))} return render(users, 'users/index.html')
def create(self): """Create a user. .. :quickref: User; Create new user Requires the `manage_users` permission. When succesful, the new user will be returned in the ``user`` field. Otherwise, an ``errors`` field will list errors. :form name: full name :form email: email address :form groups: comma-delimited list of groups :form permission_VALUE: specify a value different than ``0`` or ``False`` for all permissions the user should have. """ name = request.form.get('name') email = request.form.get('email').lower() groups = [g for g in request.form.get('groups', '').split(',') if g] if not self._valid_form(name, email, groups): return validation_error() user = User({ 'name': name, 'email': email.lower(), 'groups': groups, 'default_sharing': groups, 'permissions': self.get_permissions(), 'enabled': True }) if not auth_module.create_user(user): return validation_error() user.save() return redirect({'user': clean_users(user)}, url_for('UsersView:index'))
def return_file(file): analyses = list( current_user.analyses.find({"_id": { "$in": file["file"]["analysis"] }})) file["av_modules"] = [m.name for m in dispatcher.get_antivirus_modules()] for analysis in analyses: if "analyst" in analysis: analyst = store.users.find_one({"_id": analysis["analyst"]}) analysis["analyst"] = clean_users(analyst) file["file"]["analysis"] = clean_analyses(analyses) return render( file, "files/show.html", ctx={ "data": file, "options": dispatcher.options, "comments_enabled": comments_enabled() }, )