def add_usergroup(self, usergroup: UserGroup): if not all([usergroup.id != ug.id for ug in self.usergroups]): return bean.get_db().execute( "INSERT INTO template_usergroup (template_id, usergroup_id) VALUES ((?), (?))", self.id, usergroup.id)
def do_update_user(): current_user = UserGroup(current_usergroup_id()) if current_user.privilege < 1: return redirect("users") u_id = request.form.get("u_id") name = request.form.get("name") password = request.form.get("password") privilege = request.form.get("privilege") usergroup = UserGroup(u_id) if name != usergroup.name: cur = bean.get_db().cursor() res = cur.execute("SELECT * FROM usergroup WHERE name = ?", [name]).fetchone() if res is not None: return redirect("edit_user?u_id={}".format(u_id)) usergroup.name = name if len(password) > 0: auth.update_password(usergroup, password) usergroup.privilege = privilege return redirect("users")
def remove_usergroup(usergroup): remove_session_by_usergroup(usergroup) cur = bean.get_db() cur.execute("DELETE FROM usergroup WHERE id = ?", [usergroup.id]) cur.commit()
def usergroups_by_template(template_id): cur = bean.get_db() result = cur.execute( "SELECT usergroup_id AS u_id " "FROM template_usergroup " "WHERE template_id = ?", [template_id]) return set([UserGroup(r["u_id"]) for r in result])
def is_authorized(auth_token: str): cursor = get_db() cleanup_old_sessions() res = cursor.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone() return res is not None
def templates_by_usergroup(usergroup_id): cur = bean.get_db() result = cur.execute( "SELECT template.id AS t_id " "FROM template JOIN template_usergroup " "ON template_id = template.id " "WHERE usergroup_id = ?", [usergroup_id]) return [Template(r["t_id"]) for r in result]
def mappings_by_template(template_id): cur = bean.get_db() res = cur.execute( "SELECT manglermapping.id AS m_id " "FROM manglermapping " "WHERE template_id = ?", [template_id]) return [ManglerMapping(r["m_id"]) for r in res]
def revoke_session(auth_token: str): cursor = get_db() try: cursor.execute("DELETE FROM session WHERE auth_token = ?", [auth_token]) cursor.commit() except: pass
def activity(auth_token: str): cursor = get_db() try: cursor.execute("UPDATE session SET last_active = ? WHERE auth_token = ?", [int(time.time()), auth_token]) cursor.commit() except: pass
def usergroup_by_auth_token(auth_token): cursor = get_db() try: row = cursor.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone() except: return None return UserGroup(row["usergroup_id"])
def current_usergroup_id(): if "auth_token" not in request.cookies: return -1 auth_token = request.cookies["auth_token"] db = bean.get_db() res = db.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone() return -1 if res is None else res["usergroup_id"]
def new_manglermapping(template_id, name): cur = bean.get_db().cursor() cur.execute( "INSERT INTO manglermapping " "(name, template_id, date_added, date_last_used, mappings_json) " "VALUES (?, ?, ?, ?, ?)", [name, template_id, util.today(), "", json.dumps(dict({}))]) return ManglerMapping(cur.lastrowid)
def usergroup_by_name(name): cursor = get_db() row = cursor.execute("SELECT * FROM usergroup WHERE name = ?", [name]).fetchone() if row is None: return None cursor.commit() return UserGroup(row["id"])
def new_template(name, path, owner): cur = bean.get_db().cursor() cur.execute( "INSERT INTO template (name, path, date_added, date_last_used, owner) VALUES (?, ?, ?, ?, ?)", [name, path, util.today(), "", owner]) template = Template(cur.lastrowid) owner_usergroup = UserGroup(owner) grant_access(owner_usergroup, template) return template
def delete_template(template_to_delete): for usergroup in usergroups_by_template(template_to_delete.id): revoke_access(usergroup, template_to_delete) for manglermapping in mappings_by_template(template_to_delete.id): delete_manglermapping(manglermapping) cur = bean.get_db().cursor() cur.execute("DELETE FROM template " "WHERE id = ?", [template_to_delete.id]) del template_to_delete
def cleanup_old_sessions(): cursor = get_db() rows = cursor.execute("SELECT * FROM session") t0 = int(time.time()) for row in rows: if t0 - row["last_active"] > 3 * 1440: try: cursor.execute("DELETE FROM session WHERE id = ?", [row["id"]]) except: pass cursor.commit()
def do_login(): username = request.form.get("username", type=str) password = request.form.get("password", type=str) cur = bean.get_db().cursor() res = cur.execute("SELECT COUNT(*) AS count FROM usergroup").fetchone() print(res["count"]) if res["count"] < 1: new_user = auth.register_usergroup(username, password) new_user.privilege = 1 try: token = auth.authorize(username, password) except Exception as e: print(e) return render_template("login.html", err=True) redirect_to_index = redirect('templates') response = current_app.make_response(redirect_to_index) response.set_cookie('auth_token', value=token) return response
def usergroups(self): #print(self.id, type(self.id)) results = bean.get_db().execute( "SELECT * FROM template_usergroup WHERE template_id = (?)", [self.id]) return [UserGroup(result["id"]) for result in results]
def delete_manglermapping(mapping): cur = bean.get_db().cursor() cur.execute("DELETE FROM manglermapping WHERE id = ?", [mapping.id])
def revoke_access(usergroup, template): cur = bean.get_db() cur.execute( "DELETE FROM template_usergroup WHERE template_id = ? AND usergroup_id = ?", [template.id, usergroup.id])
def grant_access(usergroup, template): cur = bean.get_db() cur.execute( "INSERT INTO template_usergroup (template_id, usergroup_id) VALUES (?, ?)", [template.id, usergroup.id])
def all_usergroups(): cur = bean.get_db().cursor() res = cur.execute("SELECT * FROM usergroup") return [UserGroup(r["id"]) for r in res]
def usergroups_by_template(template): cur = bean.get_db().cursor() res = cur.execute("SELECT * FROM template_usergroup WHERE template_id = ?", [template.id]) return [UserGroup(r["usergroup_id"]) for r in res]
def remove_usergroup(self, usergroup: UserGroup): bean.get_db().execute( "DELETE FROM template_usergroup WHERE template_id = (?) AND usergroup_id = (?)", self.id, usergroup.id)