def silouserview(self, silo, username):
if not request.environ.get('repoze.who.identity'):
abort(401, "Not Authorised")
if not ag.granary.issilo(silo):
abort(404)
ident = request.environ.get('repoze.who.identity')
http_method = request.environ['REQUEST_METHOD']
if http_method == 'GET':
silos = ag.authz(ident)
if not silo in silos:
abort(403, "User is not a member of the silo %s"%silo)
if not ('administrator' in ident['permissions'] or \
'manager' in ident['permissions'] or ident['user'].user_name == username):
abort(403, "Do not have administrator or manager credentials to view profiles of other users")
else:
silos = ag.authz(ident, permission=['administrator', 'manager'])
if not silo in silos:
abort(403, "Do not have administrator or manager credentials for silo %s"%silo)
if not ('administrator' in ident['permissions'] or 'manager' in ident['permissions']):
abort(403, "Do not have administrator or manager credentials")
existing_users = list_usernames()
if not username in existing_users:
abort(404, "User not found")
c.ident = ident
c.silo = silo
c.username = username
if http_method == "GET":
a, m, s = list_group_usernames(silo)
if not (username in a or username in m or username in s):
abort(404, "User not found in silo")
c.user = list_user(username)
#if 'groups' in c.user and c.user['groups']:
# for i in c.user['groups']:
# if i[0] != silo:
# c.user['groups'].remove(i)
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
return render("/silo_user.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/plain
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
elif http_method == "POST":
params = request.POST
if not ('role' in params and params['role'] and params['role'] in ['administrator', 'manager', 'submitter']):
abort(400, "Parameters 'role' not found or is invalid")
kw = ag.granary.describe_silo(silo)
#Get existing owners, admins, managers and users
owners = []
admins = []
managers = []
submitters = []
if 'owners' in kw and kw['owners']:
owners = [x.strip() for x in kw['owners'].split(",") if x]
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
to_remove = []
to_add = []
if params['role'] == 'administrator':
if not 'administrator' in ident['permissions']:
abort(403, "Need to be administrator to add user to role admin")
if not username in admins:
to_add.append((username, 'administrator'))
admins.append(username)
if not username in owners:
owners.append(username)
if username in managers:
managers.remove(username)
to_remove.append((username, 'manager'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
elif params['role'] == 'manager':
if not username in managers:
to_add.append((username, 'manager'))
managers.append(username)
if not username in owners:
owners.append(username)
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before updating user role")
admins.remove(username)
to_remove.append((username, 'administrator'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
elif params['role'] == 'submitter':
if not username in submitters:
to_add.append((username, 'submitter'))
submitters.append(username)
if not username in owners:
owners.append(username)
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before updating user role")
admins.remove(username)
to_remove.append((username, 'administrator'))
if username in managers:
if len(managers) == 1 and len(admins) == 0:
abort(403, "Add another administrator or manager to silo before updating user role")
managers.remove(username)
to_remove.append((username, 'manager'))
owners = list(set(owners))
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
# Update silo info
if to_remove or to_add:
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
ag.granary.describe_silo(silo, **kw)
ag.granary.sync()
#Add new silo users into database
if to_add:
add_group_users(silo, to_add)
response.status_int = 201
response.status = "201 Created"
response.headers['Content-Location'] = url(controller="users", action="silouserview", silo=silo, username=username)
response_message = "201 Created"
if to_remove:
delete_group_users(silo, to_remove)
response.status_int = 204
response.status = "204 Updated"
response_message = None
else:
response.status_int = 400
response.status = "400 Bad Request"
response_message = "No updates to user role"
#Conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
redirect(url(controller="users", action="silouserview", silo=silo, username=username))
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
return response_message
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/plain
response.content_type = 'application/json; charset="UTF-8"'
return response_message
elif http_method == "DELETE":
kw = ag.granary.describe_silo(silo)
#Get existing owners, admins, managers and users
owners = []
admins = []
managers = []
submitters = []
if 'owners' in kw and kw['owners']:
owners = [x.strip() for x in kw['owners'].split(",") if x]
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
#Gather user roles to delete
to_remove = []
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before deleting user")
to_remove.append((username, 'administrator'))
admins.remove(username)
if username in managers:
if len(managers) == 1 and len(admins) == 0:
abort(403, "Add another administrator or manager to silo before deleting user")
managers.remove(username)
to_remove.append((username, 'manager'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
if username in owners:
owners.remove(username)
owners = list(set(owners))
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
if to_remove:
# Update silo info
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
ag.granary.describe_silo(silo, **kw)
ag.granary.sync()
delete_group_users(silo, to_remove)
else:
abort(400, "No user to delete")
accept_list = None
response.content_type = "text/plain"
response.status_int = 200
response.status = "200 OK"
return "{'ok':'true'}"
def userview(self, username):
if not request.environ.get('repoze.who.identity'):
abort(401, "Not Authorised")
ident = request.environ.get('repoze.who.identity')
http_method = request.environ['REQUEST_METHOD']
if http_method == 'GET' or 'DELETE':
#Admins, managers and user can see user data / delete the user
if not ('administrator' in ident['permissions'] or \
'manager' in ident['permissions'] or ident['user'].user_name == username):
abort(403, "Do not have administrator or manager credentials to view profiles of other users")
elif http_method == 'POST':
#Only user can updte their data
if not ident['user'].user_name == username:
abort(403, "Login as %s to edit profile"%username)
existing_users = list_usernames()
if not username in existing_users:
abort(404, "User not found")
c.ident = ident
c.username = username
if http_method == "GET":
c.user = list_user(username)
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
return render("/admin_user.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/html
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
elif http_method == "POST":
params = request.POST
if not('password' in params or 'name' in params or \
'email' in params or 'firstname' in params or 'lastname' in params):
abort(400, "No valid parameters found")
params['username'] = username
update_user(params)
response.status_int = 204
response.status = "204 Updated"
response_message = None
# conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
redirect(url(controller="users", action="userview", username=username))
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = "text/plain"
return response_message
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
# Whoops - nothing satisfies - return text/plain
response.content_type = "text/plain"
return response_message
elif http_method == "DELETE":
user_groups = list_user_groups(username)
if user_groups:
abort(403, "User is member of silos. Remove user from all silos before deleting them")
#Delete user from database
delete_user(username)
#Get all the silos user belomgs to, remove them from each silo and sync silo metadata
# conneg return
accept_list = None
response.content_type = "text/plain"
response.status_int = 200
response.status = "200 OK"
return "{'ok':'true'}"
