def main(q, i, params, tags):
q.logger.log('Getting %s'%(repr(params)), 5)
osiscon = OsisDB().getConnection('main')
serialized_rootobject = osiscon.objectGet(params['rootobjecttype'], params['rootobjectguid'], params['rootobjectversionguid'])
rootobject_type = osis.ROOTOBJECT_TYPES[params['rootobjecttype']]
rootobject = rootobject_type.deserialize(ThriftSerializer,serialized_rootobject)
params['rootobject'] = rootobject
def __init__(self, tasklets=list()):
basedir = os.path.join(q.dirs.pyAppsDir, p.api.appname)
self._authenticate = q.taskletengine.get(os.path.join(basedir, 'impl', 'authenticate'))
self._authorize = q.taskletengine.get(os.path.join(basedir, 'impl', 'authorize'))
self.tasklets = tasklets
self.alkira = Alkira(p.api)
self.connection = OsisDB().getConnection(p.api.appname)
def main(q, i, params, tags):
q.logger.log('Getting %s' % (repr(params)), 5)
osiscon = OsisDB().getConnection('main')
serialized_rootobject = osiscon.objectGet(params['rootobjecttype'],
params['rootobjectguid'],
params['rootobjectversionguid'])
rootobject_type = osis.ROOTOBJECT_TYPES[params['rootobjecttype']]
rootobject = rootobject_type.deserialize(ThriftSerializer,
serialized_rootobject)
params['rootobject'] = rootobject
def __init__(self):
super(AuthBackend, self).__init__()
self.osis = OsisDB().getConnection(p.api.appname)
self.initChecked = False
self.adminGroupGuid = None
self.publicGroupGuid = None
self.anonymousUserGuid = None
self.userGroupGuid = None
self._cache = cache.getApi() if cache else None
self._cacheHash = cache.calculateHash(
{"__name__": "authorization_authbackend"}) if cache else None
def main(q, i, p, params, tags):
rootobject = 'businessparams'
domain = "datacenter"
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection('dcsimulator')
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, True)
view.setCol('collocation', q.enumerators.OsisType.INTEGER, True)
view.setCol('storage', q.enumerators.OsisType.INTEGER, True)
view.setCol('cpu', q.enumerators.OsisType.INTEGER, True)
view.setCol('leasebuilding', q.enumerators.OsisType.INTEGER, True)
view.setCol('leaseinfrastructure', q.enumerators.OsisType.INTEGER, True)
view.setCol('leasehw', q.enumerators.OsisType.INTEGER, True)
view.setCol('interestbuilding', q.enumerators.OsisType.FLOAT, True)
view.setCol('interestdatacenter', q.enumerators.OsisType.FLOAT, True)
view.setCol('leaseperiodbuilding', q.enumerators.OsisType.INTEGER, True)
view.setCol('leaseperioddatacenter', q.enumerators.OsisType.INTEGER, True)
view.setCol('technology', q.enumerators.OsisType.INTEGER, True)
view.setCol('installperiod', q.enumerators.OsisType.INTEGER, True)
view.setCol('size', q.enumerators.OsisType.INTEGER, False)
view.setCol('racksurface', q.enumerators.OsisType.INTEGER, False)
view.setCol('kwhourcost', q.enumerators.OsisType.FLOAT, False)
view.setCol('pue', q.enumerators.OsisType.FLOAT, False)
view.setCol('salescollocation', q.enumerators.OsisType.FLOAT, False)
view.setCol('salescpu', q.enumerators.OsisType.FLOAT, False)
view.setCol('salesstorage', q.enumerators.OsisType.FLOAT, False)
view.setCol('salesbandwidth', q.enumerators.OsisType.FLOAT, False)
connection.viewAdd(view)
indexes = ['collocation', 'size', 'leasebuilding', 'interestdatacenter']
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, p, params, tags):
rootobject = 'activity'
domain = "crm"
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection('sampleapp')
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, False)
view.setCol('description', q.enumerators.OsisType.STRING, False)
view.setCol('customer', q.enumerators.OsisType.STRING, True)
view.setCol('lead', q.enumerators.OsisType.STRING, True)
view.setCol('location', q.enumerators.OsisType.STRING, True)
view.setCol('type', q.enumerators.OsisType.STRING, True)
view.setCol('priority', q.enumerators.OsisType.STRING, True)
view.setCol('status', q.enumerators.OsisType.STRING, True)
view.setCol('starttime', q.enumerators.OsisType.DATETIME, True)
view.setCol('endtime', q.enumerators.OsisType.DATETIME, True)
connection.viewAdd(view)
indexes = ['name', 'customer', 'type', 'priority']
for field in indexes:
context = {
'schema': "%s_%s" % (domain, rootobject),
'view': view_name,
'field': field
}
connection.runQuery(
"CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)"
% context)
def view(self):
'''Views allow OSIS users/developers/administrators to define their desired specific ways to query the stored objects.\
Every view needs to be updated on every store action. '''
print '\n\033[1;34mRegistering a View \n\033[1;32m[ ]osisdb = OsisDB()\n[ ]conn = osisdb.getConnection(\'main\')\n'
print '\033[1;32m[ ]view = conn.viewCreate(\'company\', \'name\')\n[ ]view.setCol(\'name\', q.enumerators.OsisType.STRING, False)\n'
print '[ ]view.setCol(\'url\', q.enumerators.OsisType.STRING, False)\n[ ]conn.viewAdd(view)'
osisdb = OsisDB()
try:
conn = osisdb.getConnection('main')
view = conn.viewCreate('company', 'name')
view.setCol('name', q.enumerators.OsisType.STRING, False)
view.setCol('url', q.enumerators.OsisType.STRING, False)
conn.viewAdd(view)
except Exception, e:
print '\033[1;32mView Already Exists'
def main(q, i, params, tags):
rootobject = 'customer'
domain = "crm"
appname = params['appname']
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, True)
connection.viewAdd(view)
indexes = ['name']
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags):
domain = 'ui'
rootobject = 'space'
conName = params['appname']
connection = OsisDB().getConnection(conName)
view_name = '%s_tag_list' % rootobject
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('tag', q.enumerators.OsisType.STRING, False, index=True)
connection.viewAdd(view)
def main(q, i, params, tags):
rootobject = 'user'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('login', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('groupguids', q.enumerators.OsisType.STRING, True)
connection.viewAdd(view)
def main(q, i, params, tags):
rootobject = 'bookmark'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name', q.enumerators.OsisType.STRING, False, index=True)
view.setCol('url', q.enumerators.OsisType.STRING, False)
view.setCol('order', q.enumerators.OsisType.INTEGER, False)
connection.viewAdd(view)
class BaseCloudAPI:
connection = OsisDB().getConnection('main')
def checkAuthentication(self, request, methodname, args, kwargs):
if not request.username or not request.password: return False
filterObject = self.connection.getFilterObject()
filterObject.add('view_clouduser_list', 'login', request.username,
True)
filterObject.add('view_clouduser_list', 'password', request.password,
True)
clouduser_guids = self.connection.objectsFind('clouduser',
filterObject)
if clouduser_guids and len(clouduser_guids) == 1:
self.updateExecutionParams(args, kwargs, clouduser_guids[0])
return True
return False
def updateExecutionParams(self, args, kwargs, clouduserguid):
executionparams = self.getExecutionparams(args, kwargs)
executionparams['clouduserguid'] = clouduserguid
def getExecutionparams(self, args, kwargs):
executionparams = dict()
if args and len(args) >= 2:
executionparams = args[-1]
else:
kwargs = kwargs or dict()
executionparams = kwargs.get('executionparams', dict())
kwargs['executionparams'] = executionparams
return executionparams
def checkAuthorization(self, criteria, request, methodname, args, kwargs):
clouduserguid = self.getExecutionparams(args, kwargs).get(
'clouduserguid', None)
if not clouduserguid:
return False
for group in criteria['groups']:
filterObject = self.connection.getFilterObject()
filterObject.add('view_cloudusergroup_clouduser_list', 'name',
group, True)
filterObject.add('view_cloudusergroup_clouduser_list',
'clouduserguid', clouduserguid)
if self.connection.objectsFind('cloudusergroup', filterObject):
return True
return False
def main(q, i, params, tags):
rootobject = 'eventqueue'
domain = "monitoring"
appname = params['appname']
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, True)
view.setCol('numberofevents', q.enumerators.OsisType.INTEGER, True)
connection.viewAdd(view)
indexes = ['name', 'numberofevents']
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags):
rootobject = 'config'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('space', q.enumerators.OsisType.UUID, True, index=True)
view.setCol('page', q.enumerators.OsisType.UUID, True, index=True)
view.setCol('macro', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('configid', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('username', q.enumerators.OsisType.STRING, True, index=True)
connection.viewAdd(view)
def main(q, i, params, tags):
rootobject = '_index'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name', q.enumerators.OsisType.STRING, False)
view.setCol('url', q.enumerators.OsisType.STRING, False)
view.setCol('content', q.enumerators.OsisType.TEXT, True)
view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('description', q.enumerators.OsisType.STRING, True)
connection.viewAdd(view)
def main(q, i, params, tags):
rootobject = 'permission'
domain = "crm"
appname = params['appname']
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, True)
view.setCol('uri', q.enumerators.OsisType.STRING, True)
connection.viewAdd(view)
indexes =list()
indexes.append('name')
indexes.append('uri')
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags):
rootobject = 'project'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name',
q.enumerators.OsisType.STRING,
False,
index=True,
unique=True)
view.setCol('path', q.enumerators.OsisType.STRING, False)
view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True)
connection.viewAdd(view)
def main(q, i, params, tags):
rootobject = 'lead'
domain = "crm"
appname = params['appname']
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, True)
view.setCol('code', q.enumerators.OsisType.STRING, True)
view.setCol('customerguid', q.enumerators.OsisType.UUID, True)
view.setCol('source', q.enumerators.OsisType.STRING, True)
view.setCol('type', q.enumerators.OsisType.STRING, True)
view.setCol('status', q.enumerators.OsisType.STRING, True)
view.setCol('amount', q.enumerators.OsisType.FLOAT, True)
view.setCol('probability', q.enumerators.OsisType.BIGINT, True)
connection.viewAdd(view)
indexes = ['name', 'code', 'source', 'type', 'status', 'amount', 'probability']
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags):
rootobject = 'page'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('space', q.enumerators.OsisType.UUID, True, index=True)
view.setCol('category',
q.enumerators.OsisType.STRING,
True,
index=True)
view.setCol('parent', q.enumerators.OsisType.UUID, True, index=True)
view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('order', q.enumerators.OsisType.INTEGER, True)
view.setCol('title', q.enumerators.OsisType.STRING, True)
view.setCol('pagetype', q.enumerators.OsisType.STRING, True)
connection.viewAdd(view)
def main(q, i, p, params, tags):
rootobject = 'activity'
domain = "crm"
view_name = '%s_view_%s_list' % (domain, rootobject)
connection = OsisDB().getConnection('sampleapp')
if not connection.viewExists(domain, rootobject, view_name):
view = connection.viewCreate(domain, rootobject, view_name)
view.setCol('name', q.enumerators.OsisType.STRING, False)
view.setCol('description', q.enumerators.OsisType.STRING, False)
view.setCol('customer', q.enumerators.OsisType.STRING, True)
view.setCol('lead', q.enumerators.OsisType.STRING, True)
view.setCol('location', q.enumerators.OsisType.STRING, True)
view.setCol('type', q.enumerators.OsisType.STRING, True)
view.setCol('priority', q.enumerators.OsisType.STRING, True)
view.setCol('status', q.enumerators.OsisType.STRING, True)
view.setCol('starttime', q.enumerators.OsisType.DATETIME, True)
view.setCol('endtime', q.enumerators.OsisType.DATETIME, True)
connection.viewAdd(view)
indexes = ['name', 'customer', 'type', 'priority']
for field in indexes:
context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field}
connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags):
rootobject = 'space'
domain = "ui"
appname = params['appname']
connection = OsisDB().getConnection(appname)
if not connection.viewExists(domain, rootobject, rootobject):
view = connection.viewCreate(domain, rootobject, rootobject)
view.setCol('name',
q.enumerators.OsisType.STRING,
True,
index=True,
unique=True)
view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True)
view.setCol('repository',
q.enumerators.OsisType.STRING,
True,
index=True)
view.setCol('repo_username', q.enumerators.OsisType.STRING, True)
view.setCol('order', q.enumerators.OsisType.INTEGER, True)
connection.viewAdd(view)
def main(q, i, params, tags):
con = OsisDB().getConnection('main')
params['result'] = con.runQuery(params['query'])
def main(q, i, params, tags):
con = OsisDB().getConnection('main')
params['result'] = con.runQuery(params['query'])
q.manage.postgresql8.cmdb.rootLogin = '******'
q.manage.postgresql8.cmdb.rootPasswd = 'qbase'
except Exception, e:
print '\033[1;33mPostgresql requires group and user accounts.\nLinux users may try:'
print '#groupadd qbase\n#useradd qbase'
#q.manage.postgresql8.cmdb.save()
q.manage.postgresql8.applyConfig()
##if postgresql fails to start using the q.manage commands use
#q.cmdtools.postgresql8.pg_ctl.start(username)
print '\n\033[1;34mAdd Database:\n\033[1;32m[ ]q.manage.postgresql8.cmdb.addDatabase(\'osis\')\n'
q.manage.postgresql8.cmdb.addDatabase('osis')
#q.manage.postgresql8.cmdb.save()
q.manage.postgresql8.applyConfig()
print '\n\033[1;34mView the created Database:\n\033[1;32m[ ]q.manage.postgresql8.cmdb.printDatabases()\n'
q.manage.postgresql8.cmdb.printDatabases()
osisdb = OsisDB()
print '\n\033[1;34mAdd Connection for the database:\n\033[1;32m[ ]osisdb.addConnection(\'main\', \'127.0.0.1\', \'osis\', \'qbase\', \'qbase\')'
try:
osisdb.addConnection('main', '127.0.0.1', 'osis', 'qbase', 'qbase')
#Register Model on server
print '\n\033[1;34mGet a connection for the database:\n\033[1;32m[ ]con = osisdb.getConnection(\'main\')\n'
con = osisdb.getConnection('main')
print '\n\033[1;34mCreate an object in the database:\n\033[1;32m[ ]con.createObjectTypeByName(\'company\') \n'
print con.createObjectTypeByName('company')
con.createObjectTypeByName('company')
print '\n\033[1;34mInitialise OSIS System: \n\033[1;32m[ ]osis.init(\'/opt/qbase3/libexec/osis\') \n'
print osis.init('/opt/qbase3/libexec/osis')
except Exception, e:
print 'Connection to OSIS Database Failed. Check if Model file is present'
def store(self):
def main(q, i, params, tags):
con = OsisDB().getConnection('main')
params['result'] = con.objectDelete(params['rootobjecttype'],
params['rootobjectguid'],
params['rootobjectversionguid'])
def main(q, i, params, tags):
osis = OsisDB().getConnection('main')
root = params['rootobject']
osis.objectSave(root)
def getOsisConnection(self, appname):
from osis.store.OsisDB import OsisDB
osis = OsisDB().getConnection(appname)
return osis
class AuthBackend(object):
def __init__(self):
super(AuthBackend, self).__init__()
self.osis = OsisDB().getConnection(p.api.appname)
self.initChecked = False
self.adminGroupGuid = None
self.publicGroupGuid = None
self.anonymousUserGuid = None
self.userGroupGuid = None
self._cache = cache.getApi() if cache else None
self._cacheHash = cache.calculateHash(
{"__name__": "authorization_authbackend"}) if cache else None
def _initCheck(self):
if self.initChecked:
return
self.initChecked = True
#make sure we have an admins group
adminGroup = AuthBackend._getGroup(self, ADMIN_GROUP)
if not bool(adminGroup):
self.adminGroupGuid = AuthBackend.createUsergroup(
self, {"name": ADMIN_GROUP})
else:
self.adminGroupGuid = adminGroup[0]
#make sure we have a public group
publicGroup = AuthBackend._getGroup(self, PUBLIC_GROUP)
if not bool(publicGroup):
self.publicGroupGuid = AuthBackend.createUsergroup(
self, {"name": PUBLIC_GROUP})
else:
self.publicGroupGuid = publicGroup[0]
#make sure we have a users group
userGroup = AuthBackend._getGroup(self, USER_GROUP)
if not bool(userGroup):
self.userGroupGuid = AuthBackend.createUsergroup(
self, {"name": USER_GROUP})
else:
self.userGroupGuid = userGroup[0]
#make sure we have an anonymous user
self.anonymousUserGuid = AuthBackend._getUsers(self, ANON_USER)
if not bool(self.anonymousUserGuid):
#We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
self.anonymousUserGuid = AuthBackend.createUser(
self, {
"login": ANON_USER,
"name": "Anonymous User"
})
else:
self.anonymousUserGuid = self.anonymousUserGuid[0]
def _getGroup(self, name):
searchfilter = self.osis.getFilterObject()
searchfilter.add('group', "name", name, True)
return self.osis.objectsFind("ui", "group", searchfilter)
def _groupExists(self, name):
return bool(self._getGroup(name))
def _getUsers(self, login):
searchfilter = self.osis.getFilterObject()
searchfilter.add('user', "login", login, True)
return self.osis.objectsFind("ui", "user", searchfilter)
def _userExists(self, login):
return bool(self._getUsers(login))
def _getRules(self, group, functionname, context):
searchfilter = self.osis.getFilterObject()
searchfilter.add('authoriserule', "groupguids", ";" + group + ";",
False)
searchfilter.add('authoriserule', "function", functionname, True)
searchfilter.add('authoriserule', "context", json_print_dict(context),
True)
return self.osis.objectsFind("ui", "authoriserule", searchfilter)
def _ruleExists(self, group, functionname, context):
return bool(self._getRules(group, functionname, context))
def _getCachedIsAuhtorised(self, groups, functionname, context):
if not self._cache:
return None
#get main authorization dict
results = self._cache.get(self._cacheHash) or {}
#calculate hash for isAuthorised
isAuthorisedHash = cache.calculateHash({
"groups": groups,
"functionname": functionname,
"context": context
})
if isAuthorisedHash in results: #get the cached result
return results[isAuthorisedHash]
return None
def _setCachedIsAuthorized(self, groups, functionname, context, value):
if not self._cache:
return
#get main authorization dict
results = self._cache.get(self._cacheHash) or {}
#calculate hash for isAuthorised
isAuthorisedHash = cache.calculateHash({
"groups": groups,
"functionname": functionname,
"context": context
})
results[isAuthorisedHash] = value
#save main authorization dict
self._cache.set(self._cacheHash, results, cache.maxduration)
def _clearCache(self):
if not self._cache:
return
#clear main authorization dict
self._cache.flushByKeys([self._cacheHash])
@ensure_groups
def verifyUserIdentity(self, login, password): #pylint: disable=W0613
q.errorconditionhandler.raiseError("Not implemented")
@ensure_groups
def createUsergroup(self, usergroupinfo):
if self._groupExists(usergroupinfo["name"]):
q.errorconditionhandler.raiseError("Group %s already exists." %
usergroupinfo["name"])
else:
group = p.api.model.ui.group.new()
group.name = usergroupinfo["name"]
p.api.model.ui.group.save(group)
return group.guid
@ensure_groups
def deleteUsergroup(self, usergroupid):
if usergroupid == self.adminGroupGuid:
q.errorconditionhandler.raiseError("Unable to delete %s." %
ADMIN_GROUP)
if usergroupid == self.publicGroupGuid:
q.errorconditionhandler.raiseError("Unable to delete %s." %
PUBLIC_GROUP)
#make sure users don't reference the group anymore
searchfilter = self.osis.getFilterObject()
searchfilter.add('user', "groupguids", ";" + usergroupid + ";", False)
userguids = self.osis.objectsFind("ui", "user", searchfilter)
for userguid in userguids:
user = p.api.model.ui.user.get(userguid)
user.groups.remove(usergroupid)
p.api.model.ui.user.save(user)
#make sure rules don't reference the group anymore
searchfilter = self.osis.getFilterObject()
searchfilter.add('authoriserule', "groupguids",
";" + usergroupid + ";", False)
ruleguids = self.osis.objectsFind("ui", "authoriserule", searchfilter)
for ruleguid in ruleguids:
rule = p.api.model.ui.authoriserule.get(ruleguid)
rule.groupguids.remove(usergroupid)
if not len(rule.groupguids):
p.api.model.ui.authoriserule.delete(ruleguid)
else:
p.api.model.ui.authoriserule.save(rule)
p.api.model.ui.group.delete(usergroupid)
#clear authorization cache
self._clearCache()
return True
@ensure_groups
def createUser(self, userinfo):
if self._userExists(userinfo["login"]):
q.errorconditionhandler.raiseError("User %s already exists." %
userinfo["login"])
else:
user = p.api.model.ui.user.new()
user.login = userinfo["login"]
if "name" in userinfo:
user.name = userinfo["name"]
user.groups.append(self.publicGroupGuid)
# Keep anonymous out of users group, they can't be trusted...
if userinfo["login"] != ANON_USER:
user.groups.append(self.userGroupGuid)
p.api.model.ui.user.save(user)
return user.guid
@ensure_groups
def deleteUser(self, userid):
if userid == self.anonymousUserGuid:
q.errorconditionhandler.raiseError("Unable to delete %s." %
ANON_USER)
login = p.api.model.ui.user.get(userid).login
p.api.model.ui.user.delete(userid)
return login
@ensure_groups
def updateUser(self, userid, userinfo):
user = p.api.model.ui.user.get(userid)
if "name" in userinfo:
user.name = userinfo["name"]
p.api.model.ui.user.save(user)
return user.login
@ensure_groups
def addUserToGroup(self, userid, usergroupid):
user = p.api.model.ui.user.get(userid)
if usergroupid in user.groups:
q.errorconditionhandler.raiseError(
"User is already in that group.")
user.groups.append(usergroupid)
p.api.model.ui.user.save(user)
return True
@ensure_groups
def deleteUserFromGroup(self, userid, usergroupid):
user = p.api.model.ui.user.get(userid)
if not usergroupid in user.groups:
q.errorconditionhandler.raiseError("User is not in that group.")
user.groups.remove(usergroupid)
p.api.model.ui.user.save(user)
return True
@ensure_groups
def authorise(self, groups, functionname, context):
if not isinstance(groups, list):
groups = [groups]
for group in groups:
if self._ruleExists(group, functionname, context):
q.errorconditionhandler.raiseError("Rule already exists.")
rule = p.api.model.ui.authoriserule.new()
rule.groupguids = groups
rule.function = functionname
rule.context = context
p.api.model.ui.authoriserule.save(rule)
#clear authorization cache
self._clearCache()
return rule.guid
@ensure_groups
def unAuthorise(self, groups, functionname, context):
if not isinstance(groups, list):
groups = [groups]
if self.adminGroupGuid in groups:
q.errorconditionhandler.raiseError(
"Removing authorization from the \"%s\" group is not allowed."
% ADMIN_GROUP)
found = False
for group in groups:
rules = self._getRules(group, functionname, context)
for rule in rules:
p.api.model.ui.authoriserule.delete(rule)
found = True
if found:
#clear authorization cache
self._clearCache()
return found
@ensure_groups
def listAuthorisation(self, groups=None, functionname=None, context=None): #pylint: disable=W0613
q.errorconditionhandler.raiseError("Not implemented")
@ensure_groups
def isAuthorised(self, groups, functionname, context):
q.logger.log(
"Checking if group %s is authorized for function '%s' with context '%s' "
% (str(groups), functionname, str(context)), 3)
if not isinstance(groups, list):
groups = [groups]
cachedResult = self._getCachedIsAuhtorised(groups, functionname,
context)
if cachedResult is not None:
#return cached result
return cachedResult
def doSearch(groupguid, functionname, context):
searchfilter = self.osis.getFilterObject()
searchfilter.add('authoriserule', "groupguids",
";" + groupguid + ";", False)
searchfilter.add('authoriserule', "function", functionname, True)
rules = self.osis.objectsFindAsView("ui", "authoriserule",
searchfilter, 'authoriserule')
# No rules found
if not rules:
q.logger.log("No rules found for group %s" % (str(groups)), 3)
return False
for rule in rules:
ruleContext = json.loads(rule['context'])
# Remove the '_rulegroup' and '_forceinheritance' items from the saved context.
# This is only used to map stored rules to rulegroups in the UI
# And yes, I know it's dirty
if authorization:
if authorization.RacktivityAuthorization.RULE_GROUP_PARAM in ruleContext and authorization.RacktivityAuthorization.RULE_GROUP_PARAM not in context:
ruleContext.pop(authorization.RacktivityAuthorization.
RULE_GROUP_PARAM)
if authorization.RacktivityAuthorization.FORCE_INHERITANCE_PARAM in ruleContext:
ruleContext.pop(authorization.RacktivityAuthorization.
FORCE_INHERITANCE_PARAM)
ruleMatch = True
contextKeys = set(context.keys())
ruleContextKeys = set(ruleContext.keys())
if not ruleContextKeys.issubset(contextKeys):
q.logger.log(
"Context keys do not match for rule %s" % (str(rule)),
3)
ruleMatch = False
else:
for key, value in context.iteritems():
keyMatches = True
if key in ruleContext and not (value == ""):
valueToMatch = ruleContext[key]
if isinstance(value, dict):
valueToMatch = json.loads(valueToMatch)
if set(valueToMatch.keys()).issubset(
set(value.keys())):
for valueKey in value.keys():
if not valueKey in valueToMatch:
continue
if not (value[valueKey]
== valueToMatch[valueKey]):
keyMatches = False
else:
keyMatches = False
elif isinstance(value, list):
if valueToMatch not in set(value):
keyMatches = False
elif not (value == valueToMatch):
keyMatches = False
if not keyMatches:
q.logger.log(
"'%s' not in '%s' or '%s' != '%s'" %
(key, str(ruleContext), value, valueToMatch),
3)
ruleMatch = False
break
if ruleMatch:
return True
return False
result = False
for groupguid in groups:
if not groupguid:
continue
if doSearch(groupguid, functionname, context):
result = True
break
#store result in cache
self._setCachedIsAuthorized(groups, functionname, context, result)
return result
def main(q, i, p, params, tags): #pylint: disable=W0613
global authService #pylint: disable=W0603
if authService is None:
authService = AuthService()
request = params["request"]
if not request.username:
params["result"] = False
else:
q.logger.log(
"Checking authorization for user %s with params %s" %
(request.username, str(params)), 3)
config = getConfig(q, p)
if request.username == "anonymous" and isAdminOrIdeSpace(params):
#An unauthenticated user cannot access the ADMIN or IDE space
q.logger.log(
"An unauthenticated user cannot access the ADMIN or IDE space",
3)
params["result"] = False
elif request.username == "anonymous" and isLocalRequest(
request) and int(config["auth"]["insecure"]):
q.logger.log("Allowing authorization for local request", 3)
params["result"] = True
else:
#default unauthorized
params["result"] = False
conn = OsisDB().getConnection(p.api.appname)
searchfilter = conn.getFilterObject()
searchfilter.add("user", "login", request.username, True)
users = conn.objectsFindAsView("ui", "user", searchfilter, "user")
if users and len(users) == 1:
user = users[0]
groups = filter(None, user["groupguids"].split(";")) #pylint: disable=W0141
# we only parse the name in kwargs and the default values
arguments = getAllArguments(params)
context = {}
authInfo = params["criteria"]
if "authorizeParams" in authInfo:
for key, value in authInfo["authorizeParams"].iteritems():
if isinstance(value, list):
contextValues = list()
for val in value:
contextValue = getParamValue(arguments, val)
if contextValue is not None:
contextValues.append(contextValue)
if contextValues:
context[key] = contextValues
else:
# param not found, bailing out
params["result"] = False
request._request.setResponseCode(412) #pylint: disable=W0212
return
else:
contextValue = getParamValue(arguments, value)
if contextValue is not None:
context[key] = contextValue
else:
# param not found, bailing out
params["result"] = False
request._request.setResponseCode(412) #pylint: disable=W0212
return
funcName = None
if "authorizeRule" in authInfo:
funcName = authInfo["authorizeRule"]
if funcName:
params["result"] = authService.isAuthorised(
groups, funcName, context)
if not params["result"] and 'localAuthorize' in params:
newContext = params['localAuthorize'].redefine(
funcName, context)
if newContext:
q.logger.log(
"Rechecking authorization for user %s with new context %s"
% (request.username, str(newContext)), 3)
params["result"] = authService.isAuthorised(
groups, funcName, newContext)
#set the http response to 405 when we failed
if params["result"] == False:
request._request.setResponseCode(405) #pylint: disable=W0212
def main(q, i, params, tags):
con = OsisDB().getConnection('main')
params['result'] = con.objectDelete(params['rootobjecttype'], params['rootobjectguid'], params['rootobjectversionguid'])
def main(q, i, params, tags):
osis = OsisDB().getConnection('main')
root = params['rootobject']
osis.objectSave(root)
def main(q, i, params, tags):
connection = OsisDB().getConnection('main')
params['result'] = connection.objectsFind(params['rootobjecttype'],
params['filterobject'],
params['osisview'])
class ide(object):
def __init__(self, tasklets=list()):
basedir = os.path.join(q.dirs.pyAppsDir, p.api.appname)
self._authenticate = q.taskletengine.get(os.path.join(basedir, 'impl', 'authenticate'))
self._authorize = q.taskletengine.get(os.path.join(basedir, 'impl', 'authorize'))
self.tasklets = tasklets
self.alkira = Alkira(p.api)
self.connection = OsisDB().getConnection(p.api.appname)
@staticmethod
def getAuthorizedFunctions():
functions = []
for funcName in dir(ide): # loop over functions of our class
funcObj = getattr(ide, funcName)
if getattr(funcObj, "APPLICATIONSERVER_EXPOSE_AUTHORIZED", False):
#needs authorization
if hasattr(funcObj, "auth_categories"):
functions.append(getattr(funcObj, "auth_categories"))
return functions
def checkAuthentication(self, request, domain, service, methodname, args, kwargs):
q.logger.log("HEADERS from ide.checkAuthentication %s" % str(request._request.requestHeaders)) #pylint:disable=W0212
tags = ('authenticate',)
params = dict()
params['request'] = request
params['domain'] = domain
params['service'] = service
params['methodname'] = methodname
params['args'] = args
params['kwargs'] = kwargs
params['result'] = True
self._authenticate.execute(params, tags=tags)
return params.get('result', False)
def checkAuthorization(self, criteria, request, domain, service, methodname, args, kwargs):
tags = ('authorize',)
params = dict()
params['criteria'] = criteria
params['request'] = request
params['domain'] = domain
params['service'] = service
params['methodname'] = methodname
params['args'] = args
params['kwargs'] = kwargs
params['result'] = True
self._authorize.execute(params, tags=tags)
return params.get('result', False)
def _resolveID(self, id): #pylint: disable=W0622
pieces = id.split(os.path.sep)
project = self.alkira.getProject(pieces.pop(0))
return project, q.system.fs.joinPaths(*pieces) if pieces else "" #pylint: disable=W0142
def _getID(self, project, path):
projectpath = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, project.path)
_id = path.replace(projectpath, "")
_id = _id.lstrip("/")
return q.system.fs.joinPaths(project.name, _id)
def _hasChildren(self, path):
return bool(q.system.fs.walk(path, return_folders=1))
def _getProjectPath(self, project):
return q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, project.path)
def _IDtoGUID(self, id): #pylint: disable=W0622
md5 = hashlib.md5(id) #pylint: disable=E1101
_hash = md5.hexdigest()
parts = []
li = 0
for i in GUIDMAP:
part = _hash[li:li + i]
if len(part) != i:
part += "0" * (i - len(part))
parts.append(part)
li += i
return "-".join(parts)
def _filter(self, file): #pylint: disable=W0622
return os.path.splitext(file)[1] in EXTENSIONS
def _updateFileIndex(self, id, content): #pylint: disable=W0622
guid = self._IDtoGUID(id)
name = q.system.fs.getBaseName(id)
self.connection.viewSave("ui", "_index", '_index', guid, guid, { 'name': name, 'content': content,
'url': 'ide://%s' % id })
def _updateDirIndex(self, id): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
fullpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
for f in q.system.fs.walk(fullpath, 1):
if not self._filter(f):
continue
self._updateFileIndex(self._getID(project, f), q.system.fs.fileGetContents(f))
def _deleteIndex(self, id): #pylint: disable=W0622
url = "ide://%s" % id
index = self.connection.findTable("ui", "_index")
delete = index.delete().where(index.c.url.like('%s%%' % url))
self.connection.runSqlAlchemyQuery(delete)
def _touchTasklets(self, project, relativepath):
fullpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
for td in itertools.chain(TASKLETS, self.tasklets):
ftd = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, td)
if fullpath.startswith(ftd):
q.system.fs.createEmptyFile(q.system.fs.joinPaths(ftd, "tasklets_updated"))
break
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def getProjectNode(self, id="."): #pylint: disable=W0622
results = []
if not id:
raise RuntimeError("Invalid ID")
apppath = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname)
closed = lambda x: bool(q.system.fs.listDirsInDir(x))
fullpath = q.system.fs.joinPaths(apppath, id)
fullpath = os.path.relpath(fullpath)
dirList = sorted(q.system.fs.listDirsInDir(fullpath))
for directory in dirList:
name = q.system.fs.getBaseName(directory)
dirid = os.path.relpath(q.system.fs.joinPaths(id, name))
results.append({"state": "closed" if closed(directory) else "leaf",
"data": name,
"attr": {"id": dirid}})
return results
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin"], authorizeParams={}, authorizeRule="create project")
def createProject(self, name, path):
self.alkira.createProject(name, path)
self._updateDirIndex(name)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin"], authorizeParams={}, authorizeRule="delete project")
def deleteProject(self, name):
self.alkira.deleteProject(name)
self._deleteIndex(name)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def getProjects(self):
return self.alkira.listProjectInfo()
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def getNode(self, id="."): #pylint: disable=W0622
results = []
if not id:
raise RuntimeError("Invalid ID")
if id == ".":
projects = self.alkira.listProjects()
for project in projects:
results.append({"state": "closed",
"data": project,
"attr": {"id": project,
"rel": "project"}})
return results
project, relativepath = self._resolveID(id)
projectpath = self._getProjectPath(project)
fullpath = q.system.fs.joinPaths(projectpath, relativepath)
if q.system.fs.isDir(fullpath):
for directory in q.system.fs.listDirsInDir(fullpath):
dirname = q.system.fs.getBaseName(directory)
results.append({"state": "closed" if self._hasChildren(directory) else "leaf",
"data": dirname,
"attr": {"id": self._getID(project, directory)}})
results = sorted(results, key=lambda i: i['data'])
files = []
for f in q.system.fs.listFilesInDir(fullpath):
filename = q.system.fs.getBaseName(f)
if not self._filter(filename):
continue
files.append({"state": "leaf",
"data": filename,
"attr": {"id": self._getID(project, f),
"rel": "file",
"title":filename}})
files = sorted(files, key=lambda i: i['data'])
results += files
return results
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def getFile(self, id): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
return q.system.fs.fileGetContents(filepath)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def setFile(self, id, content): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
q.system.fs.writeFile(filepath, content)
self._updateFileIndex(id, content)
self._touchTasklets(project, relativepath)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def newFile(self, id): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
if q.system.fs.exists(filepath):
raise RuntimeError("A file with the same name already exists")
return q.system.fs.writeFile(filepath, "")
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def newDir(self, id): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
dirpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
if q.system.fs.exists(dirpath):
raise RuntimeError("A file with the same name already exists")
return q.system.fs.createDir(dirpath)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def delete(self, id): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
path = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
if q.system.fs.isFile(path):
q.system.fs.removeFile(path)
elif q.system.fs.isDir(path):
q.system.fs.removeDirTree(path)
self._deleteIndex(id)
self._touchTasklets(project, relativepath)
@q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project")
def rename(self, id, name): #pylint: disable=W0622
project, relativepath = self._resolveID(id)
path = q.system.fs.joinPaths(self._getProjectPath(project), relativepath)
newname = q.system.fs.joinPaths(q.system.fs.getDirName(path), name)
newid = self._getID(project, newname)
if q.system.fs.exists(newname):
raise RuntimeError("A file with the same name already exists")
self._deleteIndex(id)
if q.system.fs.isFile(path):
q.system.fs.renameFile(path, newname)
self._updateFileIndex(newid, q.system.fs.fileGetContents(newname))
elif q.system.fs.isDir(path):
q.system.fs.renameDir(path, newname)
self._updateDirIndex(newid)
self._touchTasklets(project, relativepath)
