def create_perm(db_session, permission, requester):
permission = {
k: permission[k]
for k in permission if k in Permission.fillable
}
check_perm(permission)
permission['created_by'] = requester['userid']
perm = Permission(**permission)
log().info(
'permission ' + perm.name + ' deleted by ' + requester['username'],
perm.safeDict())
return perm
def delete_perm(db_session, permission: str, requester):
"""
Removes a permission from the system
:param db_session: The postgres session to be used.
:param permission: String The permission to be removed (name or ID).
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username".
:return:
:raises HTTPRequestError: Can't delete a system permission.
"""
try:
perm = Permission.get_by_name_or_id(permission)
if perm.type == PermissionTypeEnum.api:
db_session.execute(
UserPermission.__table__.delete(
UserPermission.permission_id == perm.id))
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.permission_id == perm.id))
cache.delete_key(action=perm.method, resource=perm.path)
LOGGER.info(
f"permission {perm.name} deleted by {requester['username']}")
LOGGER.info(perm.safe_dict())
db_session.delete(perm)
db_session.commit()
MVUserPermission.refresh()
MVGroupPermission.refresh()
else:
raise HTTPRequestError(405, "Can't delete a system permission")
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
def add_permissions_group():
predef_group_perm = [
{
"name": "admin",
"permission": [
'all_all'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'ro_alarms',
'ro_ca',
'wo_sign'
]
}
]
for group in predef_group_perm:
group_id = Group.getByNameOrID(group['name']).id
for perm in group['permission']:
perm_id = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=group_id, permission_id=perm_id)
db.session.add(r)
db.session.commit()
def create_permissions():
predef_perms = [
permission_dict_helper('all_all', "/(.*)", "(.*)"),
permission_dict_helper('all_template', "/template/(.*)", "(.*)"),
permission_dict_helper('ro_template', "/template/(.*)", "GET"),
permission_dict_helper('all_device', "/device/(.*)", "(.*)"),
permission_dict_helper('ro_device', "/device/(.*)", "GET"),
permission_dict_helper('all_flows', "/flows/(.*)", "(.*)"),
permission_dict_helper('ro_flows', "/flows/(.*)", "GET"),
permission_dict_helper('all_history', "/history/(.*)", "(.*)"),
permission_dict_helper('ro_history', "/history/(.*)", "GET"),
permission_dict_helper('all_metric', "/metric/(.*)", "(.*)"),
permission_dict_helper('ro_metric', "/metric/(.*)", "GET"),
permission_dict_helper('all_mashup', "/mashup/(.*)", "(.*)"),
permission_dict_helper('ro_mashup', "/mashup/(.*)", "GET"),
permission_dict_helper('all_user', "/auth/user/(.*)", "(.*)"),
permission_dict_helper('ro_user', "/auth/user/(.*)", "GET"),
permission_dict_helper('all_pap', "/pap/(.*)", "(.*)"),
permission_dict_helper('ro_pap', "/pap/(.*)", "GET"),
permission_dict_helper('ro_ca', "/ca/(.*)", "GET"),
permission_dict_helper('wo_sign', "/sign/(.*)", "POST"),
permission_dict_helper('ro_alarms', "/alarmmanager/(.*)", "GET")
]
for p in predef_perms:
perm = Permission(**p)
db.session.add(perm)
db.session.commit()
def add_permissions_group():
predef_group_perm = [
{
"name": "testadm",
"permission": [
'all_all'
]
},
{
"name": "testuser",
"permission": [
'all_template',
'all_device',
'all_flows',
'ro_history',
'ro_ca',
'wo_sign',
"ro_socketio",
"all_import",
"ro_export",
"all_image"
]
}
]
for group in predef_group_perm:
group_id = Group.get_by_name_or_id(group['name']).id
for perm in group['permission']:
perm_id = Permission.get_by_name_or_id(perm).id
r = GroupPermission(group_id=group_id, permission_id=perm_id)
db.session.add(r)
db.session.commit()
def update_perm(db_session, permission: str, perm_data, requester):
"""
Updates all information about a permission (excluding name and ID, of course).
:param db_session: The postgres session to be used.
:param permission: String The permission name or ID.
:param perm_data: New information for this permission.
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username".
:return:
:raises HTTPRequestError: Can't edit a system permission.
"""
perm_data = {
k: perm_data[k]
for k in perm_data if k in Permission.fillable
}
check_perm(perm_data)
try:
perm = Permission.get_by_name_or_id(permission)
if perm.type == PermissionTypeEnum.api:
if 'name' in perm_data.keys() and perm.name != perm_data['name']:
raise HTTPRequestError(400, "permission name can't be changed")
for key, value in perm_data.items():
setattr(perm, key, value)
db_session.add(perm)
LOGGER.info(
f"permission {perm.name} updated by {requester['username']}")
LOGGER.info(perm_data)
db_session.commit()
else:
raise HTTPRequestError(405, "Can't edit a system permission ")
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
def create_perm(db_session, permission, requester):
"""
Creates a new permission
:param db_session: The postgres session to be used
:param permission: The new permission
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username"
:return: The new permission
"""
# Drop invalid fields
permission = {
k: permission[k]
for k in permission if k in Permission.fillable
}
check_perm(permission)
permission['created_by'] = requester['userid']
perm = Permission(**permission)
LOGGER.info(f"permission {perm.name} create by {requester['username']}")
LOGGER.info(perm.safe_dict())
db_session.add(perm)
db_session.commit()
return perm
def updatePerm(dbSession, permission, permData, requester):
permData = {k: permData[k] for k in permData if k in Permission.fillable}
checkPerm(permData)
try:
perm = Permission.getByNameOrID(permission)
if 'name' in permData.keys() and perm.name != permData['name']:
raise HTTPRequestError(400, "permission name can't be changed")
for key, value in permData.items():
setattr(perm, key, value)
dbSession.add(perm)
log().info('permission ' + perm.name + ' updated by '
+ requester['username'],
permData)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
def delete_perm(db_session, permission, requester):
try:
perm = Permission.getByNameOrID(permission)
db_session.execute(
UserPermission.__table__.delete(
UserPermission.permission_id == perm.id))
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.permission_id == perm.id))
cache.delete_key(action=perm.method, resource=perm.path)
log().info(
'permission ' + str(perm.name) + ' deleted by ' +
requester['username'], perm.safeDict())
db_session.delete(perm)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
def removeUserPermission(dbSession, user, permission, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(userid=user.id, action=perm.method, resource=perm.path)
log().info('user ' + user.username + ' removed permission ' +
perm.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def removeGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' removed from '
' group ' + group.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def addGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
dbSession.add(r)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' added to group ' + group.name +
' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def add_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
def add_user_permission(db_session, user, permission, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info('user ' + user.username + ' received permission '
+ perm.name + ' by ' + requester['username'])
def remove_user_permission(db_session, user, permission, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}")
MVUserPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def add_user_permission(db_session, user, permission, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id, action=perm.method, resource=perm.path)
MVUserPermission.refresh()
db_session.commit()
log().info(
f"user {user.username} received permission {perm.name} by {requester['username']}"
)
def addPermissionsGroup():
predefGroupPerm = [
{
"name": "admin",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'all_user',
'all_pap'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup'
]
}
]
for g in predefGroupPerm:
groupId = Group.getByNameOrID(g['name']).id
for perm in g['permission']:
permId = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=groupId, permission_id=permId)
db.session.add(r)
db.session.commit()
def createPermissions():
predefPerms = [
permissionDictHelper('all_template', "/template/(.*)", "(.*)"),
permissionDictHelper('ro_template', "/template/(.*)", "GET"),
permissionDictHelper('all_device', "/device/(.*)", "(.*)"),
permissionDictHelper('ro_device', "/device/(.*)", "GET"),
permissionDictHelper('all_flows', "/flows/(.*)", "(.*)"),
permissionDictHelper('ro_flows', "/flows/(.*)", "GET"),
permissionDictHelper('all_history', "/history/(.*)", "(.*)"),
permissionDictHelper('ro_history', "/history/(.*)", "GET"),
permissionDictHelper('all_metric', "/metric/(.*)", "(.*)"),
permissionDictHelper('ro_metric', "/metric/(.*)", "GET"),
permissionDictHelper('all_mashup', "/mashup/(.*)", "(.*)"),
permissionDictHelper('ro_mashup', "/mashup/(.*)", "GET"),
permissionDictHelper('all_user', "/auth/user/(.*)", "(.*)"),
permissionDictHelper('ro_user', "/auth/user/(.*)", "GET"),
permissionDictHelper('all_pap', "/pap/(.*)", "(.*)"),
permissionDictHelper('ro_pap', "/pap/(.*)", "GET")
]
for p in predefPerms:
perm = Permission(**p)
db.session.add(perm)
db.session.commit()
def getPerm(dbSession, permission):
try:
perm = Permission.getByNameOrID(permission)
return perm
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
def get_perm(db_session, permission):
try:
perm = Permission.get_by_name_or_id(permission)
return perm
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
