def role_update(user, data, roleid, params): role = get_by_roleid_or_404(user, roleid) # ToDo: Implement forceupdate after rolegrant for role_update # ToDo: Accept update for device-role if role.name == 'device' or data.get('name', '') == 'device': # Dont allow chaning device-role raise ApiExp.RoleUpdateNotAllowed if 'attributePermissions' in data: devicetype = role.devicetype per_dict = generate_role_dict(devicetype, data['attributePermissions'], False) role.permissions = per_dict if 'description' in data: role.description = data['description'] if 'name' in data: new_name = data['name'] if new_name != role.name: check_unique_role_name(user, new_name, role.devicetype) role.name = new_name db.session.commit() return get_ok_response_body(data=dict(id=role.roleid))
def role_add(user, data, params): devicetype = get_by_devicetypeid_or_404(user, data['deviceTypeId']) name = data['name'] check_unique_role_name(user, name, devicetype) is_device_role = (name == 'device') per_dict = generate_role_dict(devicetype, data['attributePermissions'], is_device_role) new_role = Role(name=name, owner=user, devicetype=devicetype, description=data.get('description', '')) new_role.permissions = per_dict new_role_id = new_role.roleid db.session.add(new_role) db.session.commit() return get_ok_response_body(data=dict(id=new_role_id))
def write_send_common_validate(user, data, deviceid, params, is_write): # Check if any device is assigned to this user: device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True) devicetype = device.devicetype user_data_dict = convert_attribute_list_to_dict(data['attributes']) # Validate user request body based on device-type devicedata_validator(devicetype.attributes, user_data_dict) data_fileds, metadata_fields = app.devicetype.get_devicefields_metadata( devicetype) # Validate if user is writing to meta-data and sending data to the metadata validate_data_metadatafileds(metadata_fields if is_write else data_fileds, user_data_dict) # Check if user (based on roles) has access to the requested fields check_user_write_field_access(user, device, user_data_dict.keys()) dds = app.get_dds() if is_write: # Only store data in meta fields dds.store_data(user_data_dict, device.deviceid) else: # This is send-to-device operation # As mongo adds '_id' to the dict new copy required user_data_dict = convert_attribute_list_to_dict(data['attributes']) msg = create_msg_for_device(device, user_data_dict) dds.send_to_device(msg, device.deviceid) return get_ok_response_body(data={})
def device_add(user, payload, params): devicetype_id = payload['deviceTypeId'] name = payload['name'] devicetype = get_by_devicetypeid_or_404(user, devicetype_id) check_unique_name(user, name) # Make sure device-role is defined if not devicetype.roles.filter_by(name='device').first(): raise ApiExp.DeviceRoleNotDefined # ToDo: Implement attributeValues for setting initial of meta-data new_device = Device( name=name, serial_number=payload.get('serialNumber', ''), label=payload.get('label', ''), push_url=payload.get('pushURL', ''), owner=user, devicetype=devicetype ) db.session.add(new_device) db.session.commit() return get_ok_response_body( data=dict( id=new_device.deviceid, encryptionKey=new_device.enc_key, deviceToken=new_device.device_token, ) )
def device_list(user, params): condition = [(Device.owner == user), (Device.grantroles.any(RoleGrant.granted_user == user))] if 'isOwned' in params: if params['isOwned']: condition = [(Device.owner == user)] else: condition = [(Device.grantroles.any( RoleGrant.granted_user == user))] q = Device.query.filter(or_(*condition)) q = contains_string_query(q, params, 'name', Device.name) ret = paginate(q, params, dict( id=Device.deviceid, name=Device.name )) dev_list = [ dict( id=x.deviceid, name=x.name, isOwned=(user == x.owner) ) for x in ret.items ] return get_ok_response_body( data=dict(devices=dev_list), pageCnt=ret.pages, )
def role_show(user, roleid, params): role = get_by_roleid_or_404(user, roleid) per_list = generate_role_response_list(role) return get_ok_response_body(data=dict(name=role.name, description=role.description, deviceTypeId=role.devicetype.typeid, attributePermissions=per_list))
def device_delete(user, deviceid): device = get_by_deviceid_or_404(user, deviceid) db.session.delete(device) db.session.commit() return get_ok_response_body( data=dict(id=deviceid) )
def devicetype_show(user, devicetypeid, params): dt = get_by_devicetypeid_or_404(user, devicetypeid) return get_ok_response_body( name=dt.name, encrypted=dt.enc, id=dt.typeid, description=dt.description, attributeTypes=convert_dict_to_attribute_list(dt.attributes), )
def devicedata_read(user, deviceid, params): # Check if any device is assigned to this user: device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True) read_fields = get_device_fields_with_read_permission(user, device) dds = app.get_dds() x = dds.read_data(read_fields, device.deviceid) attributes = convert_field_dict_to_list(x) return get_ok_response_body(data=dict(attributes=attributes))
def role_delete(user, roleid, params): role = get_by_roleid_or_404(user, roleid) # ToDo: Implement "forceDelete" after rolegrant for role-delete if role.name == 'device': # Dont allow deleting device role raise ApiExp.RoleUpdateNotAllowed db.session.delete(role) db.session.commit() return get_ok_response_body(data=dict(id=role.roleid))
def devicetype_delete(user, devicetypeid, params): dt = get_by_devicetypeid_or_404(user, devicetypeid) # Check if this devicetype is used by any device if dt.devices.count() != 0: raise ApiExp.DeviceInUse db.session.delete(dt) db.session.commit() return get_ok_response_body( data=dict(id=devicetypeid) )
def role_take(user, data, params): grant_user = get_by_username_or_404(data['username']) role = get_by_roleid_or_404(user, data['roleId']) device = get_by_deviceid_or_404(user, data['deviceId']) # Don't allow using device-role if role.name == 'device': raise ApiExp.RoleUpdateNotAllowed rg = get_rolegrant_or_404(user, grant_user, role, device) db.session.delete(rg) db.session.commit() return get_ok_response_body()
def devicetype_add(user, payload, params): name = payload['name'] enc = payload['encryptionEnabled'] description = payload.get('description', '') check_unique_name(user, name) dt = DeviceType(name=name, owner=user, enc=enc, description=description) dt.attributes = convert_attribute_list_to_dict(payload['attributeTypes']) new_devtype_id = dt.typeid db.session.add(dt) db.session.commit() return get_ok_response_body(data={"id": new_devtype_id})
def device_show(user, deviceid, params): device = get_by_deviceid_or_404(user, deviceid) ret_data = dict( id=device.deviceid, name=device.name, deviceTypeId=device.devicetype.typeid, deviceTypeName=device.devicetype.name, serialNumber=device.serial_number, encryptionKey=device.enc_key, deviceToken=device.device_token, pushURL=device.push_url ) return get_ok_response_body( data=ret_data )
def device_edit(user, data, deviceid, params): device = get_by_deviceid_or_404(user, deviceid) # If new name is provided check for a device with same name if 'name' in data: new_name = data['name'] if new_name != device.name: check_unique_name(user, new_name) device.name = new_name if 'serialNumber' in data: device.serial_number = data['serialNumber'] db.session.commit() return get_ok_response_body( data=dict(id=device.deviceid) )
def devicetype_list(user, params): q = DeviceType.query.filter_by(owner=user) q = contains_string_query(q, params, 'name', DeviceType.name) ret = paginate(q, params, dict( id=DeviceType.typeid, name=DeviceType.name )) devt_list = [dict( id=x.typeid, name=x.name ) for x in ret.items] return get_ok_response_body( data=dict(deviceTypes=devt_list), pageCnt=ret.pages )
def role_list(user, params): q = Role.query.join(Role.devicetype).filter_by(owner=user) q = contains_string_query(q, params, 'name', Role.name) q = field_equal_query(q, params, 'deviceTypeId', Role.devicetype, 'typeid') ret = paginate( q, params, dict(id=Role.roleid, name=Role.name, deviceTypeName=DeviceType.name, deviceTypeId=DeviceType.typeid)) role_list = [ dict(id=x.roleid, name=x.name, deviceTypeName=x.devicetype.name, deviceTypeId=x.devicetype.typeid) for x in ret.items ] return get_ok_response_body(data=dict(roles=role_list), pageCnt=ret.pages)
def role_grant_list(user, params): q = RoleGrant.query.filter_by(owner=user) q = q.join(RoleGrant.role, RoleGrant.granted_user, RoleGrant.device, Device.devicetype) q = field_equal_query(q, params, 'deviceId', RoleGrant.device, 'deviceid') q = field_equal_query(q, params, 'username', RoleGrant.granted_user, 'username') q = field_equal_query(q, params, 'roleId', RoleGrant.role, 'roleid') ret = paginate( q, params, dict( deviceTypeName=DeviceType.name, deviceName=Device.name, roleName=Role.name, username=User.username, )) # ToDo: Implement pagination for rolegrant_list plus sortby rolegrants = [ dict( deviceTypeName=rg.device.devicetype.name, deviceTypeId=rg.device.devicetype.typeid, deviceName=rg.device.name, deviceId=rg.device.deviceid, roleName=rg.role.name, roleId=rg.role.roleid, username=rg.granted_user.username, userid=rg.granted_user.username, ) for rg in ret.items ] return get_ok_response_body(data=dict(roles=rolegrants), pageCnt=ret.pages)
def role_grant(user, data, params): grant_user = get_by_username_or_404(data['username']) role = get_by_roleid_or_404(user, data['roleId']) device = get_by_deviceid_or_404(user, data['deviceId']) # Don't allow using device-role if role.name == 'device': raise ApiExp.RoleUpdateNotAllowed check_unique_rolegrant(user, grant_user, role, device) # Check if role is defined for decicetype check_role_defined_for_devicetype(role, device) rg = RoleGrant(owner=user, granted_user=grant_user, role=role, device=device) db.session.add(rg) db.session.commit() return get_ok_response_body()