def testIsAllowedToViewPacakgesProposalsOff(self):
"""Test PermissionResolver._IsAllowedToViewPackages() without proposals."""
test_resolver = auth.PermissionResolver('task')
email_one = '*****@*****.**'
email_two = '*****@*****.**'
email_three = '*****@*****.**'
setattr(auth.settings, 'ENABLE_PROPOSALS_GROUP', False)
setattr(auth.settings, 'PROPOSALS_GROUP', '')
self.mox.StubOutWithMock(auth, 'DoUserAuth')
self.mox.StubOutWithMock(auth, 'IsAdminUser')
self.mox.StubOutWithMock(auth, 'IsSupportUser')
auth.IsAdminUser(email_one).AndReturn(True)
auth.IsAdminUser(email_two).AndReturn(False)
auth.IsSupportUser(email_two).AndReturn(True)
auth.IsAdminUser(email_three).AndReturn(False)
auth.IsSupportUser(email_three).AndReturn(False)
self.mox.ReplayAll()
test_resolver.email = email_one
self.assertTrue(test_resolver._IsAllowedToViewPackages())
test_resolver.email = email_two
self.assertTrue(test_resolver._IsAllowedToViewPackages())
test_resolver.email = email_three
self.assertFalse(test_resolver._IsAllowedToViewPackages())
self.mox.VerifyAll()
def testIsAllowedToPropose(self):
"""Test PermissionResolver._IsAllowedToPropose()."""
test_resolver = auth.PermissionResolver('task')
email_one = '*****@*****.**'
email_two = '*****@*****.**'
email_three = '*****@*****.**'
self.mox.StubOutWithMock(auth, 'IsAdminUser')
self.mox.StubOutWithMock(auth, 'IsGroupMember')
auth.IsAdminUser(email_one).AndReturn(True)
auth.IsAdminUser(email_two).AndReturn(False)
auth.IsGroupMember(
email_two, 'proposals_group',
remote_group_lookup=True).AndReturn(True)
auth.IsAdminUser(email_three).AndReturn(False)
auth.IsGroupMember(
email_three, 'proposals_group',
remote_group_lookup=True).AndReturn(False)
self.mox.ReplayAll()
test_resolver.email = email_one
self.assertTrue(test_resolver._IsAllowedToPropose())
test_resolver.email = email_two
self.assertTrue(test_resolver._IsAllowedToPropose())
test_resolver.email = email_three
self.assertFalse(test_resolver._IsAllowedToPropose())
self.mox.VerifyAll()
def testDoUserAuthWithIsAdminTrueSuccess(self):
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
self.mox.StubOutWithMock(auth, 'IsAdminUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(True)
auth.IsAdminUser(email).AndReturn(True)
self.mox.ReplayAll()
self.assertEqual(mock_user, auth.DoUserAuth(is_admin=True))
self.mox.VerifyAll()
def _DisplayHost(self, uuid=None, computer=None):
"""Displays the report for a single host.
Args:
uuid: str uuid for host to display.
computer: models.Computer object to display.
"""
if not computer:
computer = models.Computer.get_by_key_name(uuid)
else:
uuid = computer.uuid
client_log_files = models.ClientLogFile.all().filter(
'uuid =', uuid).order('-mtime').fetch(100)
msu_log = models.ComputerMSULog.all().filter(
'uuid =', uuid).order('-mtime').fetch(100)
applesus_installs = models.InstallLog.all().filter(
'uuid =', uuid).filter(
'applesus =',
True).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT)
installs = models.InstallLog.all().filter('uuid =', uuid).filter(
'applesus =',
False).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT)
exits = models.PreflightExitLog.all().filter(
'uuid =', uuid).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT)
install_problems = models.ClientLog.all().filter(
'action =', 'install_problem').filter(
'uuid =',
uuid).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT)
uptime = None
if computer:
AddTimezoneToComputerDatetimes(computer)
computer.connection_dates.reverse()
computer.connection_datetimes.reverse()
if computer.uptime:
uptime_days = datetime.timedelta(seconds=computer.uptime).days
uptime_hms = time.strftime('%H:%M:%S',
time.gmtime(computer.uptime))
uptime = '%d days, %s' % (uptime_days, uptime_hms)
else:
uptime = 'unknown'
values = {
'uuid_lookup_url': settings.UUID_LOOKUP_URL,
'owner_lookup_url': settings.OWNER_LOOKUP_URL,
'computer': computer,
'applesus_installs': applesus_installs,
'installs': installs,
'client_log_files': client_log_files,
'msu_log': msu_log,
'install_problems': install_problems,
'preflight_exits': exits,
'uptime': uptime,
'host_report': True,
'limit': SINGLE_HOST_DATA_FETCH_LIMIT,
'is_admin': auth.IsAdminUser(),
'is_support_user': auth.IsSupportUser(),
'is_security_user': auth.IsSecurityUser(),
}
self.response.out.write(
RenderTemplate('templates/stats_host.html', values))
def get(self):
"""Handle GET."""
try:
# already munki authenticated? return, nothing to do.
gaeserver.DoMunkiAuth()
#logging.info('Uauth: session is already authenticated')
return
except gaeserver.NotAuthenticated:
pass
user = users.get_current_user()
if not user:
#logging.error('Uauth: user is not logged in')
raise NotAuthenticated
email = user.email()
if auth.IsAdminUser(email):
a = gaeserver.AuthSimianServer()
output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_ADMIN)
elif auth.IsSupportUser(email):
a = gaeserver.AuthSimianServer()
output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_BASE)
else:
logging.error('Uauth: user %s is not an admin', email)
raise NotAuthenticated
if output:
#logging.info('Uauth: success, token = %s', output)
self.response.headers['Set-Cookie'] = '%s=%s; secure; httponly;' % (
auth_init.AUTH_TOKEN_COOKIE, output)
self.response.out.write(auth_init.AUTH_TOKEN_COOKIE)
else:
#logging.info('Uauth: unknown token')
raise NotAuthenticated
def testIsAdminUserBootstrap(self, _):
"""Test IsAdminUser() where no admins are defined."""
admin_email = '*****@*****.**'
self.testbed.setup_env(overwrite=True,
USER_EMAIL=admin_email,
USER_IS_ADMIN='1')
self.assertTrue(auth.IsAdminUser(admin_email))
def testIsAdminUserFalse(self):
"""Test IsAdminUser() with a passed email address that is not an admin."""
self.mox.StubOutWithMock(auth, '_GetGroupMembers')
admin_email = '*****@*****.**'
auth._GetGroupMembers('admins').AndReturn(['*****@*****.**'])
self.mox.ReplayAll()
self.assertFalse(auth.IsAdminUser(admin_email))
self.mox.VerifyAll()
def _DisplayPackagesList(self):
"""Displays list of all installs/removals/etc."""
installs, counts_mtime = models.ReportsCache.GetInstallCounts()
pending, pending_mtime = models.ReportsCache.GetPendingCounts()
packages = []
all_packages = self.request.get('all_packages') == '1'
query = self._GetPackageQuery()
for p in query:
if not p.plist:
self.error(httplib.FORBIDDEN)
self.response.out.write('Package %s has a broken plist!' %
p.filename)
return
pkg = {}
pkg['count'] = installs.get(p.munki_name,
{}).get('install_count', 'N/A')
pkg['fail_count'] = installs.get(p.munki_name,
{}).get('install_fail_count',
'N/A')
pkg['pending_count'] = pending.get(p.munki_name, 'N/A')
pkg['duration_seconds_avg'] = installs.get(p.munki_name, {}).get(
'duration_seconds_avg', None) or 'N/A'
pkg['unattended'] = p.plist.get('unattended_install', False)
pkg['unattended_uninstall'] = p.plist.get('unattended_uninstall',
False)
force_install_after_date = p.plist.get('force_install_after_date',
None)
if force_install_after_date:
pkg['force_install_after_date'] = force_install_after_date
pkg['catalogs'] = p.catalog_matrix
pkg['manifests'] = p.manifest_matrix
pkg['munki_name'] = p.munki_name or p.plist.GetMunkiName()
pkg['filename'] = p.filename
pkg['file_size'] = p.plist.get('installer_item_size', 0) * 1024
pkg['install_types'] = p.install_types
pkg['manifest_mod_access'] = p.manifest_mod_access
pkg['description'] = p.description
pkg['plist_is_signed'] = p.plist_is_signed()
packages.append(pkg)
packages.sort(key=lambda pkg: pkg['munki_name'].lower())
self.Render(
self.TEMPLATE, {
'packages': packages,
'counts_mtime': counts_mtime,
'pending_mtime': pending_mtime,
'report_type': self.REPORT_TYPE,
'active_pkg': self.request.GET.get('activepkg'),
'is_support_user': auth.IsSupportUser(),
'can_upload': auth.HasPermission(auth.UPLOAD),
'is_admin': auth.IsAdminUser(),
'all_packages': all_packages,
})
def testDoUserAuthWithIsAdminTrueFailure(self):
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
self.mox.StubOutWithMock(auth, 'IsAdminUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(False)
self.mox.ReplayAll()
self.assertRaises(auth.IsAdminMismatch, auth.DoUserAuth, is_admin=True)
self.mox.VerifyAll()
def testIsAdminUserBootstrapFalse(self):
"""Test IsAdminUser() where no admins are defined, but user not admin."""
self.mox.StubOutWithMock(auth.users, 'is_current_user_admin')
self.mox.StubOutWithMock(auth, '_GetGroupMembers')
admin_email = '*****@*****.**'
auth._GetGroupMembers('admins').AndReturn([])
self.mox.StubOutWithMock(auth, 'users')
auth.users.is_current_user_admin().AndReturn(False)
self.mox.ReplayAll()
self.assertFalse(auth.IsAdminUser(admin_email))
self.mox.VerifyAll()
def testIsAdminUserWithNoPassedEmail(self):
"""Test IsAdminUser() with no passed email address."""
self.mox.StubOutWithMock(auth.users, 'get_current_user')
self.mox.StubOutWithMock(auth, '_GetGroupMembers')
admin_email = '*****@*****.**'
mock_user = self.mox.CreateMockAnything()
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(admin_email)
auth._GetGroupMembers('admins').AndReturn(['*****@*****.**'])
self.mox.ReplayAll()
self.assertFalse(auth.IsAdminUser())
self.mox.VerifyAll()
def testDoOAuthAuthAdminMismatch(self):
"""Test DoOAuthAuth(is_admin=True) where user is not admin."""
self.mox.StubOutWithMock(auth.oauth, 'get_current_user')
self.mox.StubOutWithMock(auth, 'IsAdminUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.oauth.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(False)
self.mox.ReplayAll()
self.assertRaises(auth.IsAdminMismatch, auth.DoOAuthAuth, is_admin=True)
self.mox.VerifyAll()
def _DisplayBrokenClients(self):
"""Displays a report of broken clients."""
# client with broken python
py_computers = models.ComputerClientBroken.all().filter(
'fixed =', False)
py_computers = list(py_computers)
for computer in py_computers:
computer.details = computer.details.replace("'", "\\'")
computer.details = computer.details.replace('"', "\\'")
computer.details = re.sub('\n', '<br/>', computer.details)
computer.broken_datetimes.reverse()
# clients with zero connection
zero_conn_computers = models.Computer.AllActive().filter(
'connections_on_corp =', 0).filter('connections_off_corp =',
0).fetch(COMPUTER_FETCH_LIMIT)
zero_conn_computers = list(zero_conn_computers)
zero_conn_computers.sort(key=lambda x: x.preflight_datetime,
reverse=True)
# clients with no recent postflight, but recent preflight
# NOTE: this takes ~5s to complete in ~20k fleet where ~1400 clients have
# old postflight_datetime. if far more clients are in this state then
# then the query could cause DeadlineExceededError.
pf_computers = []
now = datetime.datetime.utcnow()
not_recent = now - datetime.timedelta(days=15)
q = models.Computer.AllActive().filter('postflight_datetime <',
not_recent)
for c in q:
if not c.preflight_datetime or not c.postflight_datetime:
continue # already covered zero connection clients above.
if (c.preflight_datetime - c.postflight_datetime).days > 7:
pf_computers.append(c)
pf_computers.sort(key=lambda x: x.preflight_datetime, reverse=True)
self.response.out.write(
RenderTemplate(
'templates/stats_brokenclients.html', {
'py_computers': py_computers,
'zero_conn_computers': zero_conn_computers,
'pf_computers': pf_computers,
'is_admin': auth.IsAdminUser(),
'is_security_user': auth.IsSecurityUser(),
}))
def post(self, report=None, uuid=None):
"""Stats post handler."""
#logging.debug('POST called: report=%s, uuid=%s', report, uuid)
if not auth.IsAdminUser() and not auth.IsSupportUser():
self.response.set_status(403)
return
if report not in ['host', 'clientlog', 'brokenclients']:
self.response.set_status(404)
return
action = self.request.get('action')
if action == 'set_inactive':
c = models.Computer.get_by_key_name(uuid)
if not c:
self.response.out.write('UUID not found')
return
c.active = False
c.put(update_active=False)
elif action == 'set_loststolen':
models.ComputerLostStolen.SetLostStolen(uuid)
elif action == 'upload_logs':
c = models.Computer.get_by_key_name(uuid)
if not c:
self.response.out.write('UUID not found')
return
c.upload_logs_and_notify = users.get_current_user().email()
c.put()
elif action == 'delete_client_log':
key = uuid # for /admin/clientlog/ it's really the uuid_logname
l = models.ClientLogFile.get_by_key_name(key)
l.delete()
return
elif action == 'set_fixed':
c = models.ComputerClientBroken.get_by_key_name(uuid)
if not c:
self.response.out.write('UUID not found')
return
c.fixed = True
c.put()
else:
self.response.set_status(404)
self.redirect('/admin/%s/%s' % (report, uuid))
def testDoUserAuthWithAllDomainUsersOff(self):
self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False)
self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users))
self.mox.StubOutWithMock(auth, 'IsAdminUser')
self.mox.StubOutWithMock(auth, 'IsSupportUser')
self.mox.StubOutWithMock(auth, 'IsSecurityUser')
self.mox.StubOutWithMock(auth, 'IsPhysicalSecurityUser')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.users.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(False)
auth.IsSupportUser(email).AndReturn(False)
auth.IsSecurityUser(email).AndReturn(False)
auth.IsPhysicalSecurityUser(email).AndReturn(True)
self.mox.ReplayAll()
self.assertEqual(mock_user, auth.DoUserAuth())
self.mox.VerifyAll()
def testDoOAuthAuthSuccess(self):
"""Test DoOAuthAuth() with success, where user is in KeyValueCache."""
self.mox.StubOutWithMock(auth.oauth, 'get_current_user')
self.mox.StubOutWithMock(auth, 'IsAdminUser')
self.mox.StubOutWithMock(auth.models.KeyValueCache, 'MemcacheWrappedGet')
self.mox.StubOutWithMock(auth.util, 'Deserialize')
mock_user = self.mox.CreateMockAnything()
email = '*****@*****.**'
auth.settings.OAUTH_USERS = []
oauth_users = [email]
auth.oauth.get_current_user().AndReturn(mock_user)
mock_user.email().AndReturn(email)
auth.IsAdminUser(email).AndReturn(True)
auth.models.KeyValueCache.MemcacheWrappedGet(
'oauth_users', 'text_value').AndReturn(oauth_users)
auth.util.Deserialize(oauth_users).AndReturn(oauth_users)
self.mox.ReplayAll()
auth.DoOAuthAuth(is_admin=True)
self.mox.VerifyAll()
def get(self, filename):
"""GET
Args:
filename: str, package filename like 'foo.dmg'
Returns:
None if a blob is being returned,
or a response object
"""
auth_return = auth.DoAnyAuth()
if hasattr(auth_return, 'email'):
email = auth_return.email()
if not auth.IsAdminUser(email) and not auth.IsSupportUser(email):
raise auth.IsAdminMismatch
filename = urllib.unquote(filename)
pkg = models.PackageInfo.MemcacheWrappedGet(filename)
if pkg is None or not pkg.blobstore_key:
self.error(404)
return
if common.IsPanicModeNoPackages():
self.error(503)
return
# Get the Blobstore BlobInfo for this package; memcache wrapped.
memcache_key = 'blobinfo_%s' % filename
blob_info = memcache.get(memcache_key)
if not blob_info:
blob_info = blobstore.BlobInfo.get(pkg.blobstore_key)
if blob_info:
memcache.set(memcache_key, blob_info,
300) # cache for 5 minutes.
else:
logging.critical(
'Failure fetching BlobInfo for %s. Verify the blob exists: %s',
pkg.filename, pkg.blobstore_key)
self.error(404)
return
header_date_str = self.request.headers.get('If-Modified-Since', '')
etag_nomatch_str = self.request.headers.get('If-None-Match', 0)
etag_match_str = self.request.headers.get('If-Match', 0)
pkg_date = blob_info.creation
pkg_size_bytes = blob_info.size
# TODO(user): The below can be simplified once all of our clients
# have ETag values set on the filesystem for these files. The
# parsing of If-Modified-Since could be removed. Removing it prematurely
# will cause a re-download of all packages on all clients for 1 iteration
# until they all have ETag values.
# Reduce complexity of elif conditional below.
# If an If-None-Match: ETag is supplied, don't worry about a
# missing file modification date -- the ETag supplies everything needed.
if etag_nomatch_str and not header_date_str:
resource_expired = False
else:
resource_expired = handlers.IsClientResourceExpired(
pkg_date, header_date_str)
# Client supplied If-Match: etag, but that etag does not match current
# etag. return 412.
if (etag_match_str and pkg.pkgdata_sha256
and etag_match_str != pkg.pkgdata_sha256):
self.response.set_status(412)
# Client supplied no etag or If-No-Match: etag, and the etag did not
# match, or the client's file is older than the mod time of this package.
elif ((etag_nomatch_str and pkg.pkgdata_sha256
and etag_nomatch_str != pkg.pkgdata_sha256)
or resource_expired):
self.response.headers['Content-Disposition'] = str(
'attachment; filename=%s' % filename)
# header date empty or package has changed, send blob with last-mod date.
if pkg.pkgdata_sha256:
self.response.headers['ETag'] = str(pkg.pkgdata_sha256)
self.response.headers['Last-Modified'] = pkg_date.strftime(
handlers.HEADER_DATE_FORMAT)
self.response.headers['X-Download-Size'] = str(pkg_size_bytes)
self.send_blob(pkg.blobstore_key)
else:
# Client doesn't need to do anything, current version is OK based on
# ETag and/or last modified date.
if pkg.pkgdata_sha256:
self.response.headers['ETag'] = str(pkg.pkgdata_sha256)
self.response.set_status(304)
def IsAdminUser(self):
"""Returns True if the current user is an admin, False otherwise."""
if not hasattr(self, '_is_admin'):
self._is_admin = auth.IsAdminUser()
return self._is_admin
def get(self, filename=None):
"""GET
Args:
filename: string like Firefox-1.0.dmg
"""
auth_return = auth.DoAnyAuth()
if hasattr(auth_return, 'email'):
email = auth_return.email()
if not any((
auth.IsAdminUser(email),
auth.IsSupportUser(email),
)):
raise auth.IsAdminMismatch
if filename:
filename = urllib.unquote(filename)
hash_str = self.request.get('hash')
if hash_str:
lock = models.GetLockForPackage(filename)
try:
lock.Acquire(timeout=30, max_acquire_attempts=5)
except datastore_locks.AcquireLockError:
self.response.set_status(httplib.FORBIDDEN)
self.response.out.write('Could not lock pkgsinfo')
return
pkginfo = models.PackageInfo.get_by_key_name(filename)
if pkginfo:
self.response.headers[
'Content-Type'] = 'text/xml; charset=utf-8'
if hash_str:
self.response.headers['X-Pkgsinfo-Hash'] = self._Hash(
pkginfo.plist)
self.response.out.write(pkginfo.plist)
else:
if hash_str:
lock.Release()
self.response.set_status(httplib.NOT_FOUND)
return
if hash_str:
lock.Release()
else:
query = models.PackageInfo.all()
filename = self.request.get('filename')
if filename:
query.filter('filename', filename)
install_types = self.request.get_all('install_types')
for install_type in install_types:
query.filter('install_types =', install_type)
catalogs = self.request.get_all('catalogs')
for catalog in catalogs:
query.filter('catalogs =', catalog)
pkgs = []
for p in query:
pkg = {}
for k in p.properties():
if k != '_plist':
pkg[k] = getattr(p, k)
pkgs.append(pkg)
self.response.out.write('<?xml version="1.0" encoding="UTF-8"?>\n')
self.response.out.write(plist.GetXmlStr(pkgs))
self.response.headers['Content-Type'] = 'text/xml; charset=utf-8'
def get(self, filename=None):
"""GET
Args:
filename: string like Firefox-1.0.dmg
"""
auth_return = auth.DoAnyAuth()
if hasattr(auth_return, 'email'):
email = auth_return.email()
if not any((
auth.IsAdminUser(email),
auth.IsSupportUser(email),
)):
raise auth.IsAdminMismatch
if filename:
filename = urllib.unquote(filename)
hash_str = self.request.get('hash')
if hash_str:
lock = 'pkgsinfo_%s' % filename
if not gae_util.ObtainLock(lock, timeout=5.0):
self.response.set_status(403)
self.response.out.write('Could not lock pkgsinfo')
return
pkginfo = models.PackageInfo.get_by_key_name(filename)
if pkginfo:
self.response.headers[
'Content-Type'] = 'text/xml; charset=utf-8'
if hash_str:
self.response.headers['X-Pkgsinfo-Hash'] = self._Hash(
pkginfo.plist)
self.response.out.write(pkginfo.plist)
else:
if hash_str:
gae_util.ReleaseLock(lock)
self.response.set_status(404)
return
if hash_str:
gae_util.ReleaseLock(lock)
else:
query = models.PackageInfo.all()
filename = self.request.get('filename')
if filename:
query.filter('filename', filename)
install_types = self.request.get_all('install_types')
for install_type in install_types:
query.filter('install_types =', install_type)
catalogs = self.request.get_all('catalogs')
for catalog in catalogs:
query.filter('catalogs =', catalog)
pkgs = []
for p in query:
pkg = {}
for k in p.properties():
if k != '_plist':
pkg[k] = getattr(p, k)
pkgs.append(pkg)
self.response.out.write('<?xml version="1.0" encoding="UTF-8"?>\n')
self.response.out.write(plist.GetXmlStr(pkgs))
self.response.headers['Content-Type'] = 'text/xml; charset=utf-8'
def testIsAdminUserBootstrapFalse(self, _): """Test IsAdminUser() where no admins are defined, but user not admin.""" self.assertFalse(auth.IsAdminUser(self.email))
def testIsAdminUserWithNoPassedEmail(self, _): """Test IsAdminUser() with no passed email address.""" self.assertFalse(auth.IsAdminUser())
def testIsAdminUserFalse(self, _):
"""Test IsAdminUser() with a passed email address that is not an admin."""
self.assertFalse(auth.IsAdminUser('*****@*****.**'))
def testIsAdminUserTrue(self, _): """Test IsAdminUser() with a passed email address that is an admin.""" admin_email = '*****@*****.**' self.assertTrue(auth.IsAdminUser(admin_email))
def get(self, report=None, uuid=None):
"""Stats get handler."""
auth.DoUserAuth()
if not report:
report_type = self.request.get('type')
report_filter = self.request.get('filter')
if report_type and report_filter:
report_filter = urllib.unquote(report_filter)
report_filter = report_filter.strip()
self._DisplaySummary(report_type, report_filter)
else:
self._DisplayCachedSummary()
elif report == 'host':
self._DisplayHost(uuid=uuid)
elif report == 'hostmanifest':
self._DisplayHostManifest(uuid=uuid)
elif report == 'installs':
pkg = self.request.get('pkg')
historical = self.request.get('historical') == '1'
applesus = self.request.get('applesus') == '1'
pending = self.request.get('pending') == '1'
if pkg:
if pending:
self._DisplayHostsPendingPkg(pkg)
else:
self._DisplayInstallsForPackage(pkg)
else:
if historical or applesus:
self._DisplayPackagesListFromCache(applesus=applesus)
else:
self._DisplayPackagesList()
elif report == 'installproblems':
self._DisplayInstallProblems()
elif report == 'preflightexits':
self._DisplayPreflightExits()
elif report == 'diskfree':
self._DisplayLowDiskFree()
elif report == 'uptime':
self._DisplayLongestUptime()
elif report == 'offcorp':
self._DisplayLongestOffCorp()
elif report == 'brokenclients':
self._DisplayBrokenClients()
elif report == 'msulogsummary':
self._DisplayMsuLogSummary(since_days=uuid)
elif report == 'msulogevent':
self._DisplayMsuLogEvent()
elif report == 'user_settings':
self._DisplayUserSettings()
elif report == 'adminlogs':
self._DisplayAdminLogs()
elif report == 'loststolen':
self._DisplayLostStolen()
elif report == 'packagealias':
self._DisplayPackageAlias()
elif report == 'clientlog':
log_key_name = uuid
l = models.ClientLogFile.get_by_key_name(log_key_name)
if l:
self.response.headers[
'Content-Type'] = 'text/plain; charset=utf-8'
self.response.out.write(l.log_file)
else:
self.response.out.write('Log not found')
self.response.set_status(404)
elif report == 'maintenance':
if not auth.IsAdminUser():
self.response.set_status(403)
return
from simian.mac.admin import maintenance
action = uuid
if action == 'update_installs_schema':
maintenance.UpdateInstallLogSchema()
elif action == 'update_legacy_apple_updates':
maintenance.ConvertLegacyAppleUpdateInstallLogEntities()
elif action == 'rebuild_install_counts':
maintenance.RebuildInstallCounts()
else:
self.response.set_status(404)
else:
self.response.set_status(404)
def IsAdminUser(self):
"""Returns True if the current user is an admin, False otherwise."""
# NOTE(user): this is definitely not threadsafe.
if not hasattr(self, '_is_admin'):
self._is_admin = auth.IsAdminUser()
return self._is_admin
