def getCollectionCreationPolicyAccess(self): cpp = Setting().get(SettingKey.COLLECTION_CREATE_POLICY) acList = { 'users': [{ 'id': x } for x in cpp.get('users', [])], 'groups': [{ 'id': x } for x in cpp.get('groups', [])] } for user in acList['users'][:]: userDoc = User().load(user['id'], force=True, fields=['firstName', 'login', 'email']) if userDoc is None: acList['users'].remove(user) else: user['login'] = userDoc['login'] user['name'] = userDoc['firstName'] user['email'] = userDoc['email'] for grp in acList['groups'][:]: grpDoc = Group().load(grp['id'], force=True, fields=['name', 'description']) if grpDoc is None: acList['groups'].remove(grp) else: grp['name'] = grpDoc['name'] grp['description'] = grpDoc['description'] return acList
def hasCreatePrivilege(self, user): """ Tests whether a given user has the authority to create collections on this instance. This is based on the collection creation policy settings. By default, only admins are allowed to create collections. :param user: The user to test. :returns: bool """ from girderformindlogger.models.setting import Setting if user['admin']: return True policy = Setting().get(SettingKey.COLLECTION_CREATE_POLICY) if policy['open'] is True: return True if user['_id'] in policy.get('users', ()): return True if set(policy.get('groups', ())) & set(user.get('groups', ())): return True return False
def getSettings(self): settings = Setting() return { PluginSettings.MARKDOWN: settings.get(PluginSettings.MARKDOWN), PluginSettings.HEADER: settings.get(PluginSettings.HEADER), PluginSettings.SUBHEADER: settings.get(PluginSettings.SUBHEADER), PluginSettings.WELCOME_TEXT: settings.get(PluginSettings.WELCOME_TEXT), PluginSettings.LOGO: settings.get(PluginSettings.LOGO), }
def _submitEmail(msg, recipients): from girderformindlogger.models.setting import Setting setting = Setting() smtp = _SMTPConnection(host=setting.get(SettingKey.SMTP_HOST), port=setting.get(SettingKey.SMTP_PORT), encryption=setting.get(SettingKey.SMTP_ENCRYPTION), username=setting.get(SettingKey.SMTP_USERNAME), password=setting.get(SettingKey.SMTP_PASSWORD)) logger.info('Sending email to %s through %s', ', '.join(recipients), smtp.host) with smtp: smtp.send(msg['From'], recipients, msg.as_string())
def testLdapLogin(self): settings = Setting() self.assertEqual(settings.get(PluginSettings.SERVERS), []) with self.assertRaises(ValidationException): settings.set(PluginSettings.SERVERS, {}) settings.set(PluginSettings.SERVERS, [{ 'baseDn': 'cn=Users,dc=foo,dc=bar,dc=org', 'bindName': 'cn=foo,cn=Users,dc=foo,dc=bar,dc=org', 'password': '******', 'searchField': 'mail', 'uri': 'foo.bar.org:389' }]) with mock.patch('ldap.initialize', return_value=MockLdap()) as ldapInit: resp = self.request('/user/authentication', basicAuth='hello:world') self.assertEqual(len(ldapInit.mock_calls), 1) self.assertStatusOk(resp) # Register a new user user = resp.json['user'] self.assertEqual(user['email'], '*****@*****.**') self.assertEqual(user['firstName'], 'Foo') self.assertEqual(user['lastName'], 'Bar') self.assertEqual(user['login'], 'foobar') # Login as an existing user resp = self.request('/user/authentication', basicAuth='hello:world') self.assertStatusOk(resp) self.assertEqual(resp.json['user']['_id'], user['_id']) with mock.patch('ldap.initialize', return_value=MockLdap(bindFail=True)): resp = self.request('/user/authentication', basicAuth='hello:world') self.assertStatus(resp, 401) with mock.patch('ldap.initialize', return_value=MockLdap(searchFail=True)): resp = self.request('/user/authentication', basicAuth='hello:world') self.assertStatus(resp, 401) # Test fallback to logging in with core auth normalUser = User().createUser(login='******', firstName='Normal', lastName='User', email='*****@*****.**', password='******') with mock.patch('ldap.initialize', return_value=MockLdap(searchFail=True)): resp = self.request('/user/authentication', basicAuth='normal:normaluser') self.assertStatusOk(resp) self.assertEqual(str(normalUser['_id']), resp.json['user']['_id']) # Test registering from a record that only has a cn, no sn/givenName record = { 'cn': [b'Fizz Buzz'], 'mail': [b'*****@*****.**'], 'distinguishedName': [b'shouldbeignored'] } with mock.patch('ldap.initialize', return_value=MockLdap(record=record)): resp = self.request('/user/authentication', basicAuth='fizzbuzz:foo') self.assertStatusOk(resp) self.assertEqual(resp.json['user']['login'], 'fizz') self.assertEqual(resp.json['user']['firstName'], 'Fizz') self.assertEqual(resp.json['user']['lastName'], 'Buzz') # Test falling back to other name generation behavior (first+last name) record = { 'cn': [b'Fizz Buzz'], 'mail': [b'*****@*****.**'], 'distinguishedName': [b'shouldbeignored'] } with mock.patch('ldap.initialize', return_value=MockLdap(record=record)): resp = self.request('/user/authentication', basicAuth='fizzbuzz:foo') self.assertStatusOk(resp) self.assertEqual(resp.json['user']['login'], 'fizzbuzz') self.assertEqual(resp.json['user']['firstName'], 'Fizz') self.assertEqual(resp.json['user']['lastName'], 'Buzz')