def get_publish(self, document, group): document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document id') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') self.project = document.project.get() version = self.request.get('v', 'latest') pub = PublishDocument.get(document, group, version) if not pub: raise HttpErrorException.not_found() if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key( ): raise HttpErrorException.forbidden() self._create_analytic_session() self.project.record_analytic('pro_opn', self.analytic_session) template_index = JINJA_ENVIRONMENT.get_template('document_public.html') return template_index.render({ 'title': self.project.title, 'version': pub.version, 'created_at': pub.created_ts, 'published_to': pub.group.get().name, 'an_token': self.analytic_session.key.id(), 'project_id': self.project.id, 'html': pub.html, })
def put(self): if not self.json_request.get('organization') and \ not Organization.valid_id(self.json_request.get('organization')): raise HttpErrorException.bad_request('invalid organization id') org = Organization.get_by_id(self.json_request.get('organization')) if not org: raise HttpErrorException.bad_request('invalid organization id') name = self.json_request.get('name', None) hidden = self.json_request.get('hidden', False) description = self.json_request.get('description', '') if not name or name == 'super_admin' or name == 'admin': raise HttpErrorException.bad_request('invalid group name') if type(hidden) != bool: raise HttpErrorException.bad_request('invalid hidden type must be boolean') if Group.query(ndb.AND(Group.organization == org.key, Group.name == name)).count() > 0: raise HttpErrorException.bad_request('group name taken') group = Group(key=Group.create_key(), name=name, description=description, organization=org.key, active=True) if hidden: org.hidden_groups.append(group.key) else: org.groups.append(group.key) ndb.put_multi([group, org]) if self.json_request.get('return', '') == 'group_dict': self.write_json_response(group.to_dict())
def listActiveGroups(cls): from models.account import Group return Group.query\ .filter(~Group.status.in_(Group._r(Group.STATUS_DELETED)))\ .order_by(Group.alias)\ .all()
def post(self, group): if not group and Group.valid_id(group): raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(group) if group is None: raise HttpErrorException.bad_request('invalid group id') if not self.json_request.get('username', None): raise HttpErrorException.bad_request('invalid username') user = user_user.User.get_by_id(self.json_request.get('username')) if user is None: raise HttpErrorException.bad_request('invalid username') if not self.user.is_admin and not group.is_admin(self.user): lr = tt_logging.construct_log( msg_short='Non-Admin User Tried To Give Group Admin', msg='User (%s) tried to give User (%s) group admin for group (%s)Request:' '%s' % (self.user.key.id(), user.key.id(), group.key.id(), str(self.request)), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() is_group_admin = self.json_request.get('is_group_admin') if is_group_admin is None: raise HttpErrorException.bad_request('no group settings') if is_group_admin: if user.key not in group.admins: group.admins.append(user.key) group.put() lr = tt_logging.construct_log( msg_short='User was set a group admin', log_type=tt_logging.USER, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.info(lr['dict_msg']['msg'], extra=lr) else: if user.key in group.admins: group.admins.remove(user.key) group.put() lr = tt_logging.construct_log( msg_short='User was removed as group admin', log_type=tt_logging.USER, request_user=self.user, affected_user=user, artifact=group, request=self.request ) log.info(lr['dict_msg']['msg'], extra=lr)
def delete(self, group): if not group and not Group.valid_id(group): raise HttpErrorException.bad_request('invalid group id') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group id') group.delete(self) users = user_user.User.get_all_users( organization=group.organization.get(), to_dict=False, request_user=self.user, request=self ) mod_users = [] for user in users: if group.key in user.groups: user.groups.remove(group.key) mod_users.append(user) ndb.put_multi(mod_users)
def __init__(self, pro, doc, group, organization=None): self.project = pro self.document = doc self.groups = [group.key, Group.get_worldshare().key] self.organization = organization self.user = User() self.user.groups = self.groups if organization: self.user.organization = organization.key self.html = '' self.body = Pq('<span></span>')
def put(self, user=None): gc = GlobalConfig.get_configs() if not gc.allow_user_registration: self.redirect('/register/disabled/', abort=True) if self.json_request.get('organization'): return HttpErrorException.forbidden() User.new(self.json_request, request=self.request, worldshare_group=Group.get_worldshare_key()) creds = GenericCredentials(self.json_request.get('username'), self.json_request.get('password')) if not creds.authenticate(): raise HttpErrorException.bad_request('faild to authinicate') session = login(self.request, creds, User) self.response.set_cookie('auth_user', base64.b64encode(creds.username)) self.response.set_cookie('user', creds.username) self.response.set_cookie('auth_token', session.token)
def put(self, user_id=None): if not self.user.is_admin: lr = tt_logging.construct_log( msg_short='Non-Admin User Try Create New User', msg='User (%s) attemped to create a new user' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request ) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() if self.json_request.get('username'): org = None if self.json_request.get('organization'): org = Organization.get_by_id(self.json_request.get('organization')) User.new(self.json_request, verify_email=False, request=self.request, worldshare_group=Group.get_worldshare_key(), organization=org)
def __init__(self, pro, doc, wc, group, organization=None): self.project = pro self.document = doc self.word_count = wc self.groups = [group.key, Group.get_worldshare().key] self.organization = organization self.user = User() self.user.groups = self.groups self.walker = ConceptPublishWalker(pro) if organization: self.user.organization = organization.key self.html = '' self.body = Pq('<span></span>') self.con_count = 0 self.paragraph = None
def __init__(self, pro, doc, sc, minb, maxb, group, organization=None): self.project = pro self.document = doc self.slide_count = sc self.min_bullet = minb self.max_bullet = maxb self.groups = [group.key, Group.get_worldshare().key] self.organization = organization self.user = User() self.user.groups = self.groups self.walker = ConceptPublishWalker(pro) if organization: self.user.organization = organization.key self.html = '' self.body = Pq('<div></div>') self.body.attr('id', 'presentation-div') self.body.add_class('') self.con_count = 0 self.slides = [] self.cur_y = 0 self.y_step = 525
def install_group_data(): """Create all the required groups if not defined""" from application import db from models.account import Account, Group from models.project import Project, Membership groupList = [ { 'alias': Group.GROUP_ADMINISTRATOR, 'title': 'Administrator', 'info': """Administrators are the unstoppable guys - everything is permitted""" }, { 'alias': 'privileged_manager', 'title': 'Privileged Manager', 'info': """Privileged Managers are almost as cool as the administrators""" }, { 'alias': 'manager', 'title': 'Manager', 'info': """Managers have some extra features for management over the accounts and projects""" }, { 'alias': 'privileged_member', 'title': 'Privileged Member', 'info': """Privileged Members have just few extra features""" }, { 'alias': Group.GROUP_DEFAULT, 'title': 'Member', 'info': """Members can submit reports and watch their own stats""" } ] for groupItem in groupList: group = Group.query.filter_by(alias=groupItem['alias']).first() if not group: group = Group() group.alias = groupItem['alias'] group.title = groupItem['title'] group.info = groupItem['info'] group.save()
def get(self, user_id=None): # TODO: This handler needs broken down into smaller methods. No point cleaning # this up until that is complete. if self.request.get('user_info') is not '': if self.request.get('user_info') == self.user.username or self.user.is_admin: user = User.get_by_id(self.request.get('user_info')) if not user: raise HttpErrorException.bad_request('invalid user id') self.write_json_response(user.to_dict(user=self.user)) elif self.request.get('user_perms') is not '': user = User.get_by_id(self.request.get('user_perms')) if not user: raise HttpErrorException.bad_request('invalid username') if not user.is_admin and not self.user == user: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Another User', msg='User (%s) attemped to access user\'s (%s) data ' % (self.user.key.id(), user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user, request=self.request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() user_perms_dict = {} for group_key in user.groups: group = group_key.get() if group is None: user.groups.remove(group_key) user.put() lr = tt_logging.construct_log(msg_short='Broken Group Key in User Group List', msg='Found a broken group key (%s) in the user\'s group list\n' 'Key has been removed' % str(group_key), log_type=tt_logging.USER, request_user=self.user, affected_user=user, request=self.request) log.error(lr['dict_msg']['msg'], extra=lr) elif (group.has_permission(self.user, 'set_user_perms') or group.has_permission(self.user, 'remove_user_perms') or user.key == self.user.key): perms = user.get_group_perms_dict(group) if perms is not None: user_perms_dict[group.key.id()] = perms self.write_json_response(user_perms_dict) elif self.request.get('organization_users') is not '': if self.request.get('organization_users') == 'all': organization = Organization.get_by_id(self.request.get('organization_id')) if organization.is_admin(self.user) or Group.get_by_id('super_admin').key in self.user.groups: user_array = User.get_all_users(organization, request_user=self.user) self.write_json_response(user_array) else: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users', msg='User (%s) attemped to access all Organization\'s users' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request, artifact=organization) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() elif self.request.get('non_org') is not '': if not self.user.is_super_admin: lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users', msg='User (%s) attemped to access all Organization\'s users' % (self.user.key.id()), log_type=tt_logging.SECURITY, request_user=self.user, request=self.request) log.warning(lr['dict_msg']['msg'], extra=lr) raise HttpErrorException.forbidden() else: users = User.query(User.organization == None).fetch() users_dicts = [] for user in users: users_dicts.append(user.to_dict()) self.write_json_response(users_dicts)
def get(self, document): group = Group.get_worldshare() self.response.write(self.get_publish(document, group))
def get(self, project, document, group): if not project: raise HttpErrorException.bad_request('invalid project given') project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project given') if not project.has_permission_read(self.user): raise HttpErrorException.forbidden() if not document: raise HttpErrorException.bad_request('invalid document given') document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document given') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() if not group: raise HttpErrorException.bad_request('invalid group given') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group given') if document.key not in project.documents and document.key != project.distilled_document: raise HttpErrorException.bad_request( 'document does not belong to project') temp_user = User() temp_user.groups = [group.key, Group.get_worldshare().key] org = self.user.organization if self.user.organization else None if org: temp_user.organization = org if not document.has_permission_read(temp_user): raise HttpErrorException.bad_request( 'Group does not have permission to read the document') pubs = document.get_presentation_published(group=group) version_int = PublishDocument.get_largest_version(pubs) if version_int is None: version_int = 1 else: version_int += 1 version = self.request.get('version', str(version_int)) if version == 'latest': raise HttpErrorException.bad_request('invalid version given') for pub in pubs: if pub.version == version: raise HttpErrorException.bad_request( 'version name already taken') try: slide_count = int(self.request.get('slide_count', 15)) except ValueError: raise HttpErrorException.bad_request( 'invalid slide count, must be integer') if slide_count < 1: raise HttpErrorException.bad_request( 'invalid slide_count given min 1') if slide_count > 100: raise HttpErrorException.bad_request( 'invalid slide_count given max 100') try: min_bullet = int(self.request.get('min_bullet', 4)) except ValueError: raise HttpErrorException.bad_request( 'invalid min bullet, must be integer') if min_bullet < 1: raise HttpErrorException.bad_request( 'invalid min_bullet given min 1') if min_bullet > 15: raise HttpErrorException.bad_request( 'invalid min_bullet given max 15') try: max_bullet = int(self.request.get('max_bullet', 6)) except ValueError: raise HttpErrorException.bad_request( 'invalid max bullet, must be integer') if max_bullet < 1: raise HttpErrorException.bad_request( 'invalid max_bullet given min 1') if max_bullet > 15: raise HttpErrorException.bad_request( 'invalid max_bullet given max 15') if min_bullet > max_bullet: raise HttpErrorException.bad_request( 'min_bullet can not be greater than max_bullet') publisher = PresentationPublisherThread() publisher.id = server.create_uuid() publisher.request = self publisher.project = project publisher.document = document publisher.slide_count = slide_count publisher.min_bullet = min_bullet publisher.max_bullet = max_bullet publisher.group = group publisher.user = self.user publisher.version = version if publisher.is_lock(): raise HttpErrorException.bad_request('publisher already running') publisher.start() self.write_json_response({'id': publisher.id}) self.get_analytic_session() document.record_analytic('pres_publish', self.analytic_session, project=project.key)
def get(self, project, document, group): if not project: raise HttpErrorException.bad_request('invalid project given') project = Project.get_by_id(project) if not project: raise HttpErrorException.bad_request('invalid project given') if not project.has_permission_read(self.user): raise HttpErrorException.forbidden() if not document: raise HttpErrorException.bad_request('invalid document given') document = Document.get_by_id(document) if not document: raise HttpErrorException.bad_request('invalid document given') if not document.has_permission_read(self.user): raise HttpErrorException.forbidden() if not group: raise HttpErrorException.bad_request('invalid group given') group = Group.get_by_id(group) if not group: raise HttpErrorException.bad_request('invalid group given') temp_user = User() temp_user.groups = [group.key, Group.get_worldshare().key] org = self.user.organization if self.user.organization else None if org: temp_user.organization = org if not document.has_permission_read(temp_user): raise HttpErrorException.bad_request( 'Group does not have permission to read the document') if document.key not in project.documents and document.key != project.distilled_document: raise HttpErrorException.bad_request( 'document does not belong to project') pubs = document.get_published(group=group) version_int = PublishDocument.get_largest_version(pubs) if version_int is None: version_int = 1 else: version_int += 1 version = self.request.get('version', str(version_int)) if version == 'latest': raise HttpErrorException.bad_request('invalid version given') pubs = document.get_published(group=group) for pub in pubs: if pub.version == version: raise HttpErrorException.bad_request( 'version name already taken') publisher = DocumentPublisherThread() publisher.id = server.create_uuid() publisher.request = self publisher.project = project publisher.document = document publisher.group = group publisher.user = self.user publisher.version = version if publisher.is_lock(): raise HttpErrorException.bad_request('publisher already running') publisher.start() self.write_json_response({'id': publisher.id}) self.get_analytic_session() document.record_analytic('doc_publish', self.analytic_session, project=project.key)