def users_get():
    if not PermissionCache.user_has_permissions(session['current_user']['id'], ['View Users'], g.uow) and \
            not PermissionCache.user_has_permissions(session['current_user']['id'], ['Manage Users'], g.uow):
        return ""
    query_parameters = QueryParameters(parseqs.parse(request.query_string))
    query_result = g.uow.users.get_all(query_parameters)
    return jsonify(query_result.to_dict())
def user_delete(id):
    try:
        g.uow.users.delete_user(id)
        # Remove user from the permission cache
        PermissionCache.remove_user_from_cache(id)
        return ""
    except:
        raise
def user_put(id, model):
    model.id = id
    if not model.username:
        response = jsonify({"message": "Username is required."})
        response.status_code = 400
        return response

    if not model.primary_group_id:
        response = jsonify({"message": "Primary group is required."})
        response.status_code = 400
        return response

    # check duplicate username
    if g.uow.users.user_exists_with_id(model.username, model.id):
        response = jsonify({"message": "The specified username is already taken."})
        response.status_code = 409
        return response

    if model.password:
        # password has changed
        salt = bcrypt.gensalt()
        model.password = bcrypt.hashpw(str(model.password), salt)

    # try to parse the expiration date
    if model.expiration_date:
        try:
            model.expiration_date = pytz.UTC.localize(
                datetime.fromtimestamp(mktime(strptime(model.expiration_date[:10], "%Y-%m-%d"))))
        except:
            response = jsonify({"message": "There was an error parsing the expiration date."})
            response.status_code = 500
            return response
    else:
        response = jsonify({"message": "The expiration date is required."})
        response.status_code = 400
        return response

    # update user
    current_user = session['current_user']
    g.uow.users.update_user(current_user['id'], model)

    roles = g.uow.users.get_users_roles(model.id)
    permission_list = map(lambda record: record['permissions'], roles)
    # flatten out permission_list by going through all sublists of permission_list and returning the item
    permissions = list(set([item for sublist in permission_list for item in sublist]))

    # check the users permissions against the PermissionCache
    if permissions != PermissionCache.get_permissions_for_user(model.id, g.uow):
        # rebuild permission cache for user
        PermissionCache.update_user_permission_cache(model.id, g.uow)
    return ""
def role_put(id, role):
    if not role.name:
        response = jsonify({"message": "Name is required."})
        response.status_code = 403
        return response

    # check to make sure the role does not already exist
    if g.uow.roles.role_exists(role.name) and g.uow.roles.get_role_by_id(id).name != role.name:
        # role already exists
        response = jsonify({"message": "A role with that name already exists."})
        response.status_code = 409
        return response

    current_user = session['current_user']

    g.uow.roles.update(role, current_user['id'])

    # Permission cache is no longer valid because of the role update, so we clear the permission cache
    PermissionCache.clear_permission_cache()
    # Cache will rebuild itself
    return ""
def get_permissions(user_id):
    perms = PermissionCache.get_permissions_for_user(user_id, g.uow)
    return json.dumps(perms)
Exemple #6
0
 def wrapped(*args, **kwargs):
     current_user = session['current_user']
     if not PermissionCache.user_has_any_permission(current_user['id'], permissions, g.uow):
         abort(403)
         return
     return f(*args, **kwargs)