def user_has_roles(userobj, role_list): """ User has all given roles in the list :param userobj: :param role_list: :return: """ role_set = set([strip_lower(role) for role in role_list]) user_roles = fetch_cramstoken_roles(userobj) if user_roles: return role_set.issubset(fetch_cramstoken_roles(userobj)) return False
def _add_debug_role(user, new_role): if user.email in DEBUG_APPROVERS and APP_ENV == 'DEV': if user.auth_token and user.auth_token.cramstoken: cramstoken = user.auth_token.cramstoken if cramstoken.ks_roles: ks_roles = json_loads(cramstoken.ks_roles) else: ks_roles = [] ks_roles_set = set(ks_roles) ks_roles_set.add(strip_lower(new_role)) cramstoken.ks_roles = json_dumps(list(ks_roles_set)) cramstoken.save() return HttpResponse('<H3>Role Added <H3><BR>' + new_role) return HttpResponse('<H3>Access Denied - cannot add role<H3><BR>')
def send_notification(self, alloc_req): """send notification. :param alloc_req: """ try: template_obj = NotificationTemplate.objects.get( request_status=alloc_req.request_status, funding_body=alloc_req.funding_scheme.funding_body ) except NotificationTemplate.DoesNotExist: return template = template_obj.template_file_path mail_content = self.populate_email_dict_for_request(alloc_req) try: desc = alloc_req.project.description subject = 'Allocation request - ' + desc sender = settings.EMAIL_SENDER recipient_list = get_request_contact_email_ids(alloc_req) funding_body = alloc_req.funding_scheme.funding_body cc_list = None if template_obj.alert_funding_body: if funding_body.email: cc_list = [funding_body.email] else: p_msg = 'Email not found, Unable to send notification to ' LOG.error(p_msg + funding_body.name) reply_to = FB_REPLY_TO_MAP.get(strip_lower(funding_body.name)) mail_sender.send_notification( sender=sender, subject=subject, mail_content=mail_content, template_name=template, recipient_list=recipient_list, cc_list=cc_list, bcc_list=None, reply_to=reply_to) except Exception as e: error_message = '{} : Project - {}'.format(repr(e), desc) LOG.error(error_message) if settings.DEBUG: raise Exception(error_message)
def setup_case_insensitive_roles(user, user_roles_list): crams_token, created = CramsToken.objects.get_or_create(user=user) user_roles_icase = [strip_lower(role) for role in user_roles_list] crams_token.ks_roles = json_dumps(user_roles_icase) crams_token.save() return crams_token
def get_configurable_roles(): configurable_roles = list(ROLE_FB_MAP.keys()) configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE)) return configurable_roles
from json import loads as json_loads from rest_framework.exceptions import ParseError from crams.DBConstants import FUNDING_BODY_NECTAR, FUNDING_BODY_VICNODE from crams.lang_utils import reverse_dict, strip_lower from crams.settings import NECTAR_APPROVER_ROLE, VICNODE_APPROVER_ROLE from crams.settings import CRAMS_PROVISIONER_ROLE from crams.models import CramsToken from json import dumps as json_dumps # Funding Body Role Map ROLE_FB_MAP = { strip_lower(NECTAR_APPROVER_ROLE): FUNDING_BODY_NECTAR, strip_lower(VICNODE_APPROVER_ROLE): FUNDING_BODY_VICNODE } FB_ROLE_MAP_REVERSE = reverse_dict(ROLE_FB_MAP) def get_configurable_roles(): configurable_roles = list(ROLE_FB_MAP.keys()) configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE)) return configurable_roles def get_authorised_funding_bodies(user): """ :param user: :return: """
def _get_crams_token_for_keystone_user(request, ks_user): # look up user username = ks_user["name"] keystone_id = ks_user['id'] try: user = User.objects.get(keystone_uuid=keystone_id) if user.email != username: prev_email = user.email user.email = username user.save() msg_format = 'User email updated from {} to {} for User {}' events = UserEvents(created_by=user, event_message=msg_format.format( repr(prev_email), repr(user.email), repr(user))) events.save() except User.MultipleObjectsReturned: raise rest_exceptions.AuthenticationFailed( 'Multiple UserIds exist for User, contact Support') except User.DoesNotExist: try: user, created = User.objects.get_or_create(email=username, username=username) if not user.keystone_uuid: user.keystone_uuid = keystone_id user.save() # else: # error_msg = 'Invalid Keystone id in DB for User {}, \ # contact Support'.format(repr(username)) # raise AuthenticationFailed(error_msg) events = UserEvents( created_by=user, event_message='User uuid set to {} for User {}'.format( repr(user.keystone_uuid), repr(user))) events.save() except Exception as e: return HttpResponse('Error creating user with email ' + username + ' ' + str(e)) # Expire existing Token and log Login if user.auth_token: user.auth_token.delete() msg = 'User logged in with valid Keystone token' events = UserEvents(created_by=user, event_message=msg) events.save() configurable_roles = roleUtils.get_configurable_roles() user_roles = [] for (project, roles) in ks_user.get("roles", {}).items(): for role_obj in roles: role = strip_lower(role_obj.name) if role in configurable_roles: user_roles.append(role) else: p_role = roleUtils.generate_project_role(project, role) if p_role not in configurable_roles: # additional security user_roles.append(p_role) return roleUtils.setup_case_insensitive_roles(user, user_roles)
from json import loads as json_loads from rest_framework.exceptions import ParseError from crams.DBConstants import FUNDING_BODY_NECTAR from crams.lang_utils import reverse_dict, strip_lower from crams.settings import NECTAR_APPROVER_ROLE from crams.settings import CRAMS_PROVISIONER_ROLE from crams.settings import NECTAR_NOTIFICATION_REPLY_TO from crams.models import CramsToken from json import dumps as json_dumps # Funding Body Reply-to Email Map FB_REPLY_TO_MAP = { strip_lower(FUNDING_BODY_NECTAR): NECTAR_NOTIFICATION_REPLY_TO } # Funding Body Role Map ROLE_FB_MAP = { strip_lower(NECTAR_APPROVER_ROLE): FUNDING_BODY_NECTAR, } FB_ROLE_MAP_REVERSE = reverse_dict(ROLE_FB_MAP) def get_configurable_roles(): configurable_roles = list(ROLE_FB_MAP.keys()) configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE)) return configurable_roles def get_authorised_funding_bodies(user):
def _get_crams_token_for_keystone_user(request, ks_user): # look up user username = ks_user["name"] keystone_id = ks_user['id'] try: user = User.objects.get(keystone_uuid=keystone_id) if user.email != username: prev_email = user.email user.email = username user.save() msg_format = 'User email updated from {} to {} for User {}' events = UserEvents( created_by=user, event_message=msg_format.format(repr(prev_email), repr(user.email), repr(user)) ) events.save() except User.MultipleObjectsReturned: raise rest_exceptions.AuthenticationFailed( 'Multiple UserIds exist for User, contact Support') except User.DoesNotExist: try: user, created = User.objects.get_or_create(email=username, username=username) if not user.keystone_uuid: user.keystone_uuid = keystone_id user.save() # else: # error_msg = 'Invalid Keystone id in DB for User {}, \ # contact Support'.format(repr(username)) # raise AuthenticationFailed(error_msg) events = UserEvents( created_by=user, event_message='User uuid set to {} for User {}'.format( repr( user.keystone_uuid), repr(user))) events.save() except Exception as e: return HttpResponse('Error creating user with email ' + username + ' ' + str(e)) # Expire existing Token and log Login if hasattr(user, 'auth_token'): user.auth_token.delete() msg = 'User logged in with valid Keystone token' events = UserEvents( created_by=user, event_message=msg ) events.save() configurable_roles = roleUtils.get_configurable_roles() user_roles = [] for (project, roles) in ks_user.get("roles", {}).items(): for role_obj in roles: role = strip_lower(role_obj.name) if role in configurable_roles: user_roles.append(role) else: p_role = roleUtils.generate_project_role(project, role) if p_role not in configurable_roles: # additional security user_roles.append(p_role) return roleUtils.setup_case_insensitive_roles(user, user_roles)