def create(self, request, role_guids=None): """ Creates a Client :param request: Raw request :type request: Request :param role_guids: The GUIDs of the roles where the client should get access to :type role_guids: str """ if 'role_guids' in request.DATA: del request.DATA['role_guids'] serializer = FullSerializer(Client, instance=Client(), data=request.DATA) client = serializer.deserialize() if client.user is not None: if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): client.grant_type = 'CLIENT_CREDENTIALS' client.client_secret = OAuth2Toolbox.create_hash(64) client.save() if not role_guids: roles = [junction.role for junction in client.user.group.roles] else: possible_role_guids = [junction.role_guid for junction in client.user.group.roles] roles = [Role(guid) for guid in role_guids if guid in possible_role_guids] for role in roles: roleclient = RoleClient() roleclient.client = client roleclient.role = role roleclient.save() return client raise HttpNotAcceptableException(error_description='A client must have a user', error='invalid_data')
def list(self, request, userguid=None, ovs_type=None): """ Lists all available Clients where the logged in user has access to :param request: Raw request :type request: Request :param userguid: User guid to filter the clients :type userguid: str :param ovs_type: Filter on the Client's ovs_type :type ovs_type: str """ if Toolbox.is_client_in_roles(request.client, ['manage']): client_list = ClientList.get_clients() else: if ovs_type is not None and ovs_type != 'INTERNAL': client_list = [ client for client in request.client.user.clients if client.ovs_type == ovs_type ] else: client_list = [ client for client in request.client.user.clients if client.ovs_type != 'INTERNAL' ] if userguid is not None: return [ client for client in client_list if client.user_guid == userguid ] return client_list
def list(self, request): """ Lists all available Users where the logged in user has access to :param request: The raw request :type request: Request """ if Toolbox.is_client_in_roles(request.client, ['manage']): return UserList.get_users() else: return [request.client.user]
def validate_access(self, albabackend, request): """ :param albabackend: The AlbaBackend to validate :param request: The raw request """ _ = self if not Toolbox.access_granted(request.client, user_rights=albabackend.backend.user_rights, client_rights=albabackend.backend.client_rights): raise HttpForbiddenException(error_description='The requesting client has no access to this AlbaBackend', error='no_ownership')
def retrieve(self, request, user): """ Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to load :type user: User """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): return user raise HttpForbiddenException(error_description='Fetching user information not allowed', error='no_ownership')
def validate_access(self, backend, request): """ :param backend: The Backend to validate :type backend: Backend :param request: The raw request :type request: Request """ _ = self if not Toolbox.access_granted(request.client, user_rights=backend.user_rights, client_rights=backend.client_rights): raise HttpForbiddenException(error_description='The requesting client has no access to this Backend', error='no_ownership')
def retrieve(self, request, user): """ Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to load :type user: User """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles( request.client, ['manage']): return user raise HttpForbiddenException( error_description='Fetching user information not allowed', error='no_ownership')
def list(self, request): """ Lists all available ALBA Backends: :param request: The raw request :type request: Request """ backends = AlbaBackendList.get_albabackends() allowed_backends = [] for alba_backend in backends: if Toolbox.access_granted(request.client, user_rights=alba_backend.backend.user_rights, client_rights=alba_backend.backend.client_rights): allowed_backends.append(alba_backend) return allowed_backends
def retrieve(self, request, client): """ Load information about a given Client Only the currently logged in User's Clients are accessible, or all if the logged in User has a system role :param request: Raw request :type request: Request :param client: Client to return :type client: Client """ _ = format if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']): return client raise HttpForbiddenException(error_description='Fetching client information not allowed', error='no_ownership')
def new_function(*args, **kw): """ Wrapped function """ request = _find_request(args) if not hasattr(request, 'user') or not hasattr(request, 'client'): raise HttpUnauthorizedException(error_description='Not authenticated', error='not_authenticated') user = UserList.get_user_by_username(request.user.username) if user is None: raise HttpUnauthorizedException(error_description='Not authenticated', error='not_authenticated') if not Toolbox.is_token_in_roles(request.token, roles): raise HttpForbiddenException(error_description='This call requires roles: {0}'.format(', '.join(roles)), error='invalid_roles') return f(*args, **kw)
def retrieve(self, request, client): """ Load information about a given Client Only the currently logged in User's Clients are accessible, or all if the logged in User has a system role :param request: Raw request :type request: Request :param client: Client to return :type client: Client """ _ = format if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles( request.client, ['manage']): return client raise HttpForbiddenException( error_description='Fetching client information not allowed', error='no_ownership')
def list(self, request, backend_type=None): """ Overview of all backends (from a certain type, if given) on the local node (or a remote one) :param request: The raw request :type request: Request :param backend_type: Optional BackendType code to filter :type backend_type: str """ if backend_type is None: possible_backends = BackendList.get_backends() else: possible_backends = BackendTypeList.get_backend_type_by_code(backend_type).backends backends = [] for backend in possible_backends: if Toolbox.access_granted(request.client, user_rights=backend.user_rights, client_rights=backend.client_rights): backends.append(backend) return backends
def create(self, request, role_guids=None): """ Creates a Client :param request: Raw request :type request: Request :param role_guids: The GUIDs of the roles where the client should get access to :type role_guids: str """ if 'role_guids' in request.DATA: del request.DATA['role_guids'] serializer = FullSerializer(Client, instance=Client(), data=request.DATA) client = serializer.deserialize() if client.user is not None: if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles( request.client, ['manage']): client.grant_type = 'CLIENT_CREDENTIALS' client.client_secret = OAuth2Toolbox.create_hash(64) client.save() if not role_guids: roles = [ junction.role for junction in client.user.group.roles ] else: possible_role_guids = [ junction.role_guid for junction in client.user.group.roles ] roles = [ Role(guid) for guid in role_guids if guid in possible_role_guids ] for role in roles: roleclient = RoleClient() roleclient.client = client roleclient.role = role roleclient.save() return client raise HttpNotAcceptableException( error_description='A client must have a user', error='invalid_data')
def set_password(self, request, user): """ Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to update the password from :type user: User """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): serializer = PasswordSerializer(data=request.DATA) user.password = hashlib.sha256(str(serializer.data['new_password'])).hexdigest() user.save() for client in user.clients: for token in client.tokens: for junction in token.roles: junction.delete() token.delete() return user raise HttpForbiddenException(error_description='Updating password not allowed', error='impossible_request')
def new_function(*args, **kw): """ Wrapped function """ request = _find_request(args) if not hasattr(request, 'user') or not hasattr(request, 'client'): raise HttpUnauthorizedException( error_description='Not authenticated', error='not_authenticated') user = UserList.get_user_by_username(request.user.username) if user is None: raise HttpUnauthorizedException( error_description='Not authenticated', error='not_authenticated') if not Toolbox.is_token_in_roles(request.token, roles): raise HttpForbiddenException( error_description='This call requires roles: {0}'.format( ', '.join(roles)), error='invalid_roles') return f(*args, **kw)
def list(self, request, userguid=None, ovs_type=None): """ Lists all available Clients where the logged in user has access to :param request: Raw request :type request: Request :param userguid: User guid to filter the clients :type userguid: str :param ovs_type: Filter on the Client's ovs_type :type ovs_type: str """ if Toolbox.is_client_in_roles(request.client, ['manage']): client_list = ClientList.get_clients() else: if ovs_type is not None and ovs_type != 'INTERNAL': client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type] else: client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL'] if userguid is not None: return [client for client in client_list if client.user_guid == userguid] return client_list
def destroy(self, request, client): """ Deletes a user :param request: Raw request :type request: Request :param client: The Client to be deleted :type client: Client :return: None :rtype: None """ if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): for token in client.tokens: for junction in token.roles.itersafe(): junction.delete() token.delete() for junction in client.roles.itersafe(): junction.delete() client.delete() else: return HttpForbiddenException(error_description='Deleting this client is now allowed', error='no_ownership')
def set_password(self, request, user): """ Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to update the password from :type user: User """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles( request.client, ['manage']): serializer = PasswordSerializer(data=request.DATA) user.password = hashlib.sha256(str( serializer.data['new_password'])).hexdigest() user.save() for client in user.clients: for token in client.tokens: for junction in token.roles: junction.delete() token.delete() return user raise HttpForbiddenException( error_description='Updating password not allowed', error='impossible_request')
def destroy(self, request, client): """ Deletes a user :param request: Raw request :type request: Request :param client: The Client to be deleted :type client: Client :return: None :rtype: None """ if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles( request.client, ['manage']): for token in client.tokens: for junction in token.roles.itersafe(): junction.delete() token.delete() for junction in client.roles.itersafe(): junction.delete() client.delete() else: return HttpForbiddenException( error_description='Deleting this client is now allowed', error='no_ownership')