def register_user_with_group(user_name, group_name, email, password, db_session): # type: (Str, Str, Str, Str, Session) -> None """ Registers the user if missing and associate him to a group specified by name, also created if missing. :param user_name: name of the user to create (if missing) and to make part of the group (if specified) :param group_name: name of the group to create (if missing and specified) and to make the user join (if not already) :param email: email of the user to be created (if missing) :param password: password of the user to be created (if missing) :param db_session: database connexion to apply changes .. warning:: Should be employed only for **special** users/groups in this module as other expected API behaviour and operations will not be applied (ex: create additional permissions or user-group references). """ if not GroupService.by_group_name(group_name, db_session=db_session): # noinspection PyArgumentList new_group = models.Group(group_name=group_name) db_session.add(new_group) registered_group = GroupService.by_group_name(group_name=group_name, db_session=db_session) registered_user = UserService.by_user_name(user_name, db_session=db_session) if not registered_user: # noinspection PyArgumentList new_user = models.User(user_name=user_name, email=email) UserService.set_password(new_user, password) UserService.regenerate_security_code(new_user) db_session.add(new_user) if group_name is not None: registered_user = UserService.by_user_name(user_name, db_session=db_session) else: print_log("User '{}' already exist".format(user_name), level=logging.DEBUG) # noinspection PyBroadException try: # ensure the reference between user/group exists (user joined the group) user_group_refs = BaseService.all(models.UserGroup, db_session=db_session) user_group_refs_tup = [(ref.group_id, ref.user_id) for ref in user_group_refs] if (registered_group.id, registered_user.id) not in user_group_refs_tup: # noinspection PyArgumentList group_entry = models.UserGroup(group_id=registered_group.id, user_id=registered_user.id) db_session.add(group_entry) except Exception: # in case reference already exists, avoid duplicate error db_session.rollback()
def upgrade(): context = get_context() session = Session(bind=op.get_bind()) # two following lines avoids double 'DELETE' erroneous call when deleting group due to incorrect checks # https://stackoverflow.com/questions/28824401 context.connection.engine.dialect.supports_sane_rowcount = False context.connection.engine.dialect.supports_sane_multi_rowcount = False if isinstance(context.connection.engine.dialect, PGDialect): # make sure group exists, then get it init_anonymous(db_session=session) anonym_group = GroupService.by_group_name( constants.get_constant("MAGPIE_ANONYMOUS_GROUP"), db_session=session) all_users = BaseService.all(models.User, db_session=session) all_user_group_refs = BaseService.all(models.UserGroup, db_session=session) all_user_group_tups = [(ugr.user_id, ugr.group_id) for ugr in all_user_group_refs] for user in all_users: if (user.id, anonym_group.id) not in all_user_group_tups: # noinspection PyArgumentList user_group = models.UserGroup(user_id=user.id, group_id=anonym_group.id) session.add(user_group) session.commit()
def _apply_session(_usr_name=None, _grp_name=None): """ Apply operation using db session. """ from magpie.api.management.user import user_utils as ut from magpie.api.management.group import group_utils as gt res = ResourceService.by_resource_id(resource_id, db_session=cookies_or_session) if _usr_name: usr = UserService.by_user_name(_usr_name, db_session=cookies_or_session) if create_perm: return ut.create_user_resource_permission_response( usr, res, perm, db_session=cookies_or_session) else: return ut.delete_user_resource_permission_response( usr, res, perm, db_session=cookies_or_session) if _grp_name: grp = GroupService.by_group_name(_grp_name, db_session=cookies_or_session) if create_perm: return gt.create_group_resource_permission_response( grp, res, perm, db_session=cookies_or_session) else: return gt.delete_group_resource_permission_response( grp, res, perm, db_session=cookies_or_session)
def get_all_group_names(db_session): # type: (Session) -> List[Str] """ Get all existing group names from the database. """ group_names = ax.evaluate_call( lambda: [grp.group_name for grp in GroupService.all(models.Group, db_session=db_session)], httpError=HTTPForbidden, msgOnFail=s.Groups_GET_ForbiddenResponseSchema.description) return group_names
def get_grp_res_perm(grp, db, res_ids, res_types): res_perms_tup = GroupService.resources_with_possible_perms( grp, resource_ids=res_ids, resource_types=res_types, db_session=db) res_perms_dict = {} for res_perm in res_perms_tup: if res_perm.resource.resource_id not in res_perms_dict: res_perms_dict[res_perm.resource.resource_id] = [res_perm.perm_name] else: res_perms_dict[res_perm.resource.resource_id].append(res_perm.perm_name) return res_perms_dict
def init_admin(db_session, settings=None): # type: (Session, Optional[AnySettingsContainer]) -> None """ Registers in db the user and group matching ``MAGPIE_ADMIN_USER`` and ``MAGPIE_ADMIN_GROUP`` respectively if not defined. Also associates the created admin user with the admin group and give it admin permissions. """ admin_usr_name = get_constant("MAGPIE_ADMIN_USER", settings_container=settings) admin_grp_name = get_constant("MAGPIE_ADMIN_GROUP", settings_container=settings) if not (UserService.by_user_name(admin_usr_name, db_session=db_session) and GroupService.by_group_name(admin_grp_name, db_session=db_session)): register_user_with_group( user_name=admin_usr_name, group_name=admin_grp_name, email=get_constant("MAGPIE_ADMIN_EMAIL", settings_container=settings), password=get_constant("MAGPIE_ADMIN_PASSWORD", settings_container=settings), db_session=db_session) # Check if MAGPIE_ADMIN_GROUP has permission MAGPIE_ADMIN_PERMISSION magpie_admin_group = GroupService.by_group_name(admin_grp_name, db_session=db_session) permission_names = [ permission.perm_name for permission in magpie_admin_group.permissions ] admin_perm = get_constant("MAGPIE_ADMIN_PERMISSION", settings_container=settings) if admin_perm not in permission_names: # noinspection PyArgumentList new_group_permission = models.GroupPermission( perm_name=admin_perm, group_id=magpie_admin_group.id) try: db_session.add(new_group_permission) except Exception as e: db_session.rollback() raise_log("Failed to create admin user-group permission", exception=type(e))
def add_service_getcapabilities_perms(service, db_session, group_name=None): if service.type in SERVICES_PHOENIX_ALLOWED and \ Permission.GET_CAPABILITIES in SERVICE_TYPE_DICT[service.type].permissions: if group_name is None: group_name = get_constant('MAGPIE_ANONYMOUS_USER') group = GroupService.by_group_name(group_name, db_session=db_session) perm = ResourceService.perm_by_group_and_perm_name( service.resource_id, group.id, Permission.GET_CAPABILITIES.value, db_session) if perm is None: # not set, create it create_group_resource_permission_response( group, service, Permission.GET_CAPABILITIES, db_session)
def _get_group(grp_name): # type: (Str) -> models.Group grp = ax.evaluate_call( lambda: GroupService.by_group_name(grp_name, db_session=db_session ), httpError=HTTPForbidden, msgOnFail=s.UserGroup_GET_ForbiddenResponseSchema.description) ax.verify_param( grp, notNone=True, httpError=HTTPBadRequest, msgOnFail=s.UserGroup_Check_BadRequestResponseSchema.description) return grp
def init_users_group(db_session, settings=None): # type: (Session, Optional[AnySettingsContainer]) -> None """ Registers in db the group matching ``MAGPIE_USERS_GROUP`` if not defined. """ usr_grp_name = get_constant("MAGPIE_USERS_GROUP", settings_container=settings) if not GroupService.by_group_name(usr_grp_name, db_session=db_session): # noinspection PyArgumentList user_group = models.Group(group_name=usr_grp_name) db_session.add(user_group) else: print_log("MAGPIE_USERS_GROUP already initialized", level=logging.DEBUG)
def assign_user_group_view(request): """ Assign a user to a group. """ user = ar.get_user_matchdict_checked_or_logged(request) group_name = ar.get_value_multiformat_post_checked(request, "group_name") group = ax.evaluate_call( lambda: GroupService.by_group_name(group_name, db_session=request.db), fallback=lambda: request.db.rollback(), httpError=HTTPForbidden, msgOnFail=s.UserGroups_POST_ForbiddenResponseSchema.description) ax.verify_param( group, notNone=True, httpError=HTTPNotFound, msgOnFail=s.UserGroups_POST_GroupNotFoundResponseSchema.description) ax.verify_param( user.id, paramCompare=[usr.id for usr in group.users], notIn=True, httpError=HTTPConflict, content={ u"user_name": user.user_name, u"group_name": group.group_name }, msgOnFail=s.UserGroups_POST_ConflictResponseSchema.description) # noinspection PyArgumentList ax.evaluate_call( lambda: request.db.add( models.UserGroup(group_id=group.id, user_id=user.id)), fallback=lambda: request.db.rollback(), httpError=HTTPForbidden, msgOnFail=s.UserGroups_POST_RelationshipForbiddenResponseSchema. description, content={ u"user_name": user.user_name, u"group_name": group.group_name }) return ax.valid_http( httpSuccess=HTTPCreated, detail=s.UserGroups_POST_CreatedResponseSchema.description, content={ u"user_name": user.user_name, u"group_name": group.group_name })
def create_group(group_name, db_session): # type: (Str, Session) -> HTTPException """ Creates a group if it is permitted and not conflicting. :returns: valid HTTP response on successful operations. :raises HTTPException: error HTTP response of corresponding situation. """ group = GroupService.by_group_name(group_name, db_session=db_session) group_content_error = {u"group_name": str(group_name)} ax.verify_param(group, isNone=True, httpError=HTTPConflict, withParam=False, msgOnFail=s.Groups_POST_ConflictResponseSchema.description, content=group_content_error) # noinspection PyArgumentList new_group = ax.evaluate_call(lambda: models.Group(group_name=group_name), fallback=lambda: db_session.rollback(), httpError=HTTPForbidden, content=group_content_error, msgOnFail=s.Groups_POST_ForbiddenCreateResponseSchema.description) ax.evaluate_call(lambda: db_session.add(new_group), fallback=lambda: db_session.rollback(), httpError=HTTPForbidden, content=group_content_error, msgOnFail=s.Groups_POST_ForbiddenAddResponseSchema.description) return ax.valid_http(httpSuccess=HTTPCreated, detail=s.Groups_POST_CreatedResponseSchema.description, content={u"group": format_group(new_group, basic_info=True)})
def upgrade(): context = get_context() session = Session(bind=op.get_bind()) # two following lines avoids double 'DELETE' erroneous call when deleting group due to incorrect checks # https://stackoverflow.com/questions/28824401 context.connection.engine.dialect.supports_sane_rowcount = False context.connection.engine.dialect.supports_sane_multi_rowcount = False if isinstance(context.connection.engine.dialect, PGDialect): all_groups = session.query(models.Group) all_user_group_refs = BaseService.all(models.UserGroup, db_session=session) map_groups = { OLD_GROUP_ADMIN: NEW_GROUP_ADMIN, OLD_GROUP_USERS: NEW_GROUP_USERS } for group in all_groups: if group.group_name in map_groups.keys(): new_group_name = map_groups[group.group_name] new_group = GroupService.by_group_name(new_group_name, db_session=session) # create new group if missing if not new_group: # noinspection PyArgumentList new_group = models.Group(group_name=new_group_name) session.add(new_group) new_group = GroupService.by_group_name(new_group_name, db_session=session) old_group_perms = GroupService.resources_with_possible_perms( group, db_session=session) new_group_perms = GroupService.resources_with_possible_perms( new_group, db_session=session) diff_group_perms = set(old_group_perms) - set(new_group_perms) for perm in diff_group_perms: perm.group = new_group session.add(perm) for perm in old_group_perms: session.delete(perm) old_group_users = [user.user_name for user in group.users] new_group_users = [user.user_name for user in new_group.users] diff_group_users = set(old_group_users) - set(new_group_users) for user_name in diff_group_users: user = UserService.by_user_name(user_name=user_name, db_session=session) # noinspection PyArgumentList user_group = models.UserGroup(group_id=new_group.id, user_id=user.id) session.add(user_group) session.delete(group) for user_group in all_user_group_refs: if user_group.group_id == group.id: session.delete(user_group) session.commit()