Exemple #1
0
    def filter_editable_entries(self, entries):
        if config.user.may("wato.edit_all_passwords"):
            return entries

        user_groups = userdb.contactgroups_of_user(config.user.id)
        return dict([(k, v) for k, v in entries.items()
                     if v["owned_by"] in user_groups])
Exemple #2
0
def _get_permitted_inventory_paths():
    """
    Returns either a list of permitted paths or
    None in case the user is allowed to see the whole tree.
    """

    user_groups = [] if user.id is None else userdb.contactgroups_of_user(
        user.id)

    if not user_groups:
        return None

    forbid_whole_tree = False
    permitted_paths = []
    for user_group in user_groups:
        inventory_paths = config.multisite_contactgroups.get(
            user_group, {}).get("inventory_paths")
        if inventory_paths is None:
            # Old configuration: no paths configured means 'allow_all'
            return None

        if inventory_paths == "allow_all":
            return None

        if inventory_paths == "forbid_all":
            forbid_whole_tree = True
            continue

        permitted_paths.extend(inventory_paths[1])

    if forbid_whole_tree and not permitted_paths:
        return []

    return permitted_paths
Exemple #3
0
    def filter_editable_entries(self, entries):
        if user.may("wato.edit_all_passwords"):
            return entries

        assert user.id is not None
        user_groups = userdb.contactgroups_of_user(user.id)
        return {k: v for k, v in entries.items() if v["owned_by"] in user_groups}
    def filter_editable_entries(self, entries):
        if config.user.may("wato.edit_all_predefined_conditions"):
            return entries

        assert config.user.id is not None
        user_groups = userdb.contactgroups_of_user(config.user.id)
        return dict([(k, v) for k, v in entries.items()
                     if v["owned_by"] in user_groups])
Exemple #5
0
    def filter_usable_entries(self, entries):
        if user.may("wato.edit_all_passwords"):
            return entries

        assert user.id is not None
        user_groups = userdb.contactgroups_of_user(user.id)

        passwords = self.filter_editable_entries(entries)
        passwords.update({k: v for k, v in entries.items() if v["shared_with"] in user_groups})
        return passwords
Exemple #6
0
    def filter_usable_entries(self, entries):
        if config.user.may("wato.edit_all_passwords"):
            return entries

        user_groups = userdb.contactgroups_of_user(config.user.id)

        passwords = self.filter_editable_entries(entries)
        passwords.update(
            dict([(k, v) for k, v in entries.items() if v["shared_with"] in user_groups]))
        return passwords
Exemple #7
0
    def _contact_group_choices(self, only_own=False):
        contact_groups = load_contact_group_information()

        if only_own:
            user_groups = userdb.contactgroups_of_user(config.user.id)
        else:
            user_groups = []

        entries = [(c, g['alias']) for c, g in contact_groups.items()
                   if not only_own or c in user_groups]
        return sorted(entries, key=lambda x: x[1])
Exemple #8
0
def contact_group_choices(only_own=False):
    contact_groups = load_contact_group_information()

    if only_own:
        assert user.id is not None
        user_groups = userdb.contactgroups_of_user(user.id)
    else:
        user_groups = []

    entries = [(c, g['alias']) for c, g in contact_groups.items()
               if not only_own or c in user_groups]
    return entries
    def filter_usable_entries(self, entries):
        if config.user.may("wato.edit_all_predefined_conditions"):
            return entries

        assert config.user.id is not None
        user_groups = userdb.contactgroups_of_user(config.user.id)

        entries = self.filter_editable_entries(entries)
        entries.update(
            dict([(k, v) for k, v in entries.items()
                  if v["shared_with"] in user_groups]))
        return entries
Exemple #10
0
def contact_group_choices(only_own: bool = False) -> list[tuple[str, str]]:
    contact_groups = load_contact_group_information()

    if only_own:
        assert user.id is not None
        user_groups = userdb.contactgroups_of_user(user.id)
    else:
        user_groups = []

    entries = [(c, g["alias"]) for c, g in contact_groups.items()
               if not only_own or c in user_groups]
    return entries
Exemple #11
0
def is_contact_for_pack(bi_pack):
    if config.user.may("wato.bi_admin"):
        return True  # meaning I am admin

    assert config.user.id is not None
    contact_groups = userdb.contactgroups_of_user(config.user.id)
    if contact_groups is None:
        return True

    for group in contact_groups:
        if group in bi_pack.contact_groups:
            return True
    return False
Exemple #12
0
    def filter_usable_entries(
            self, entries: dict[str, Password]) -> dict[str, Password]:
        if user.may("wato.edit_all_passwords"):
            return entries

        assert user.id is not None
        user_groups = set(userdb.contactgroups_of_user(user.id))

        passwords = self.filter_editable_entries(entries)
        passwords.update({
            k: v
            for k, v in entries.items()
            if set(v["shared_with"]).intersection(user_groups)
        })
        return passwords
Exemple #13
0
def _get_permitted_inventory_paths():
    """
    Returns either a list of permitted paths or
    None in case the user is allowed to see the whole tree.
    """
    if 'permitted_inventory_paths' in g:
        return g.permitted_inventory_paths

    user_groups = [] if config.user.id is None else userdb.contactgroups_of_user(
        config.user.id)

    if not user_groups:
        g.permitted_inventory_paths = None
        return None

    forbid_whole_tree = False
    permitted_paths = []
    for user_group in user_groups:
        inventory_paths = config.multisite_contactgroups.get(
            user_group, {}).get('inventory_paths')
        if inventory_paths is None:
            # Old configuration: no paths configured means 'allow_all'
            g.permitted_inventory_paths = None
            return None

        if inventory_paths == "allow_all":
            g.permitted_inventory_paths = None
            return None

        if inventory_paths == "forbid_all":
            forbid_whole_tree = True
            continue

        for entry in inventory_paths[1]:
            parsed = []
            for part in entry["path"].split("."):
                try:
                    parsed.append(int(part))
                except ValueError:
                    parsed.append(part)
            permitted_paths.append((parsed, entry.get("attributes")))

    if forbid_whole_tree and not permitted_paths:
        g.permitted_inventory_paths = []
        return []

    g.permitted_inventory_paths = permitted_paths
    return permitted_paths