class RightsTest(TestCase): def setUp(self): self.logger = getLogger() self.rights = Rights() self.data_types = ['profile', 'group', 'role'] # This should be in a filldb script referenced_rights = { '1234', '1235', '1236', '1237', '1238', '1239', '1240', '1241', '2344', '2345', '2346', '2347', '2348', '2349', '4210', '4211' } for x in referenced_rights: self.rights.add(x, 'desc test rule') # delete everything before starting self.rights.delete_group('group_test1') self.rights.delete_group('group_test2') self.rights.delete_user('jharris') self.rights.delete_profile('profile_test1') self.rights.delete_profile('profile_test2') self.rights.delete_role('role_test1bis') def tearDown(self): pass # TODO: cleanup the mess in default_rights def tests(self): # Test creation of groups rights = { '1234': {'desc': 'test right in group', 'checksum': 15}, '1235': {'desc': 'test right in group', 'checksum': 8}, '1236': {'desc': 'test right in group', 'checksum': 12}, '1237': {'desc': 'test right in group', 'checksum': 1}, '1238': {'desc': 'test right in group', 'checksum': 15}, '1239': {'desc': 'test right in group', 'checksum': 15}, '1240': {'desc': 'test right in group', 'checksum': 8}, '1241': {'desc': 'test right in group', 'checksum': 8} } rights_scnd = { '2344': {'desc': 'test right in group', 'checksum': 15}, '2345': {'desc': 'test right in group', 'checksum': 8}, '2346': {'desc': 'test right in group', 'checksum': 12}, '2347': {'desc': 'test right in group', 'checksum': 1}, '2348': {'desc': 'test right in group', 'checksum': 15}, '2349': {'desc': 'test right in group', 'checksum': 15}, '4210': {'desc': 'test right in group', 'checksum': 8}, '4211': {'desc': 'test right in group', 'checksum': 8} } # basic group creation self.rights.create_group('group_test1', rights) self.rights.create_group('group_test2', rights_scnd) # basic profile creation self.rights.create_profile('profile_test1', ['group_test1']) self.rights.create_profile('profile_test2', ['group_test2']) # create new role and assign it to the user self.rights.create_role('role_test1bis', 'profile_test1') self.rights.create_user('jharris', 'role_test1bis') # Basic check self.assertEqual( self.rights.check_rights( 'jharris', '1237', 1), True) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add permissions to the rights self.rights.add_right('group_test1', 'group', '1237', 12) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Test right deletion self.rights.remove_right('group_test1', 'group', '1237', 8) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_right('group_test1', 'group', '1237', 12) # Test remove_entity self.rights.remove_group_profile('profile_test1', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_group_profile('profile_test1', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Test removing the profile self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Remove the profile to add it to the role self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add the group to the role self.rights.add_group_role('role_test1bis', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Remove it self.rights.remove_group_role('role_test1bis', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add the specific right to the user self.rights.add_right('jharris', 'user', '1237', 12) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Change the checksum self.rights.remove_right('jharris', 'user', '1237', 4) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 8), True) # Add a right on the same action to different fields # and check that it is summed correctly self.rights.remove_right('jharris', 'user', '1237', 8) self.rights.remove_right('group_test1', 'user', '1237', 12) self.rights.add_right('jharris', 'user', '1237', 2) self.rights.add_right('role_test1bis', 'user', '1237', 4) self.rights.add_right('group_test2', 'user', '1237', 8) self.rights.add_group_user('jharris', 'group_test2') self.rights.add_group_role('role_test1bis', 'group_test1') self.rights.add_profile('role_test1bis', None, 'profile_test1') self.rights.add_group_profile('role_test1bis', 'group_test1') # Change entity name self.assertTrue('group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue( 'group_test2' == self.rights.get_group('group_test2')['crecord_name'] ) self.assertTrue( self.rights.update_entity_name('group_test2', 'group', 'name_changed') ) self.assertTrue('group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue( 'name_changed' == self.rights.get_group('group_test2')['crecord_name'] ) # Update fields uid = 'my_user' urole = 'admin' values = { '_id': uid, 'contact': { 'address': '', 'name': 'Administrator' }, 'external': False, 'mail': '*****@*****.**', 'shadowpasswd': 'DEADBEEF', 'ui_language': 'fr', } user = self.rights.create_user( uid, urole, contact=None, rights=None, groups=None ) self.assertEqual(user['crecord_name'], uid) self.rights.update_fields(uid, 'user', values) r = self.rights.user_storage._backend.find({'_id': uid}) self.assertTrue(r.count() > 0) content = list(r.limit(1))[0] self.assertEqual(content['crecord_name'], uid) self.assertEqual(content['ui_language'], 'fr') self.assertEqual(content['mail'], '*****@*****.**')
class RightsModule(MigrationModule): CONF_PATH = 'etc/migration/rights.conf' CATEGORY = 'RIGHTS' def __init__(self, actions_path=None, users_path=None, roles_path=None, *args, **kwargs): super(RightsModule, self).__init__(*args, **kwargs) self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH) self.config = Configuration.load(RightsModule.CONF_PATH, Ini) conf = self.config.get(self.CATEGORY, {}) self.manager = Rights() if actions_path is not None: actions_path = actions_path else: actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH) self.actions_path = os.path.expanduser(actions_path) if users_path is not None: users_path = users_path else: users_path = conf.get('users_path', DEFAULT_USERS_PATH) self.users_path = os.path.expanduser(users_path) if roles_path is not None: roles_path = roles_path else: roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH) self.roles_path = os.path.expanduser(roles_path) def init(self, clear=True, yes=False): self.add_actions(self.load(self.actions_path), clear) self.add_users(self.load(self.users_path), clear) self.add_roles(self.load(self.roles_path), clear) def update(self, yes=False): self.init(clear=False) def load(self, path): try: loaded = [] for fpath in os.listdir(path): if fpath.endswith('.json'): fullpath = os.path.join(path, fpath) with open(fullpath) as f: data = ensure_iterable(json.load(f)) loaded += data except Exception as err: self.logger.error(u'Unable to load JSON files "{0}": {1}'.format( path, err)) loaded = [] return loaded def add_actions(self, data, clear): for action in data: for aid in action: if self.manager.get_action(aid) is None or clear: self.logger.info(u'Initialize action: {0}'.format(aid)) self.manager.add( aid, action[aid].get('desc', 'Empty description')) def add_users(self, data, clear): for user in data: if self.manager.get_user(user['_id']) is None or clear: self.logger.info(u'Initialize user: {0}'.format(user['_id'])) self.manager.create_user(user['_id'], user.get('role', None), rights=user.get('rights', None), contact=user.get('contact', None), groups=user.get('groups', None)) self.manager.update_fields( user['_id'], 'user', { 'external': user.get('external', False), 'enable': user.get('enable', True), 'shadowpasswd': user.get('shadowpass', None), 'mail': user.get('mail', None), 'authkey': user.get('authkey', str(uuid1())) }) def add_roles(self, data, clear): for role in data: if self.manager.get_role(role['_id']) is None or clear: self.logger.info(u'Initialize role: {0}'.format(role['_id'])) self.manager.create_role(role['_id'], role.get('profile', None)) self.logger.info(u'Updating role: {0}'.format(role['_id'])) record = self.manager.get_role(role['_id']) rights = record.get('rights', {}) groups = record.get('groups', []) rights.update(role.get('rights', {})) groups += role.get('groups', []) groups = list(set(groups)) # make groups unique self.manager.update_rights(role['_id'], 'role', rights, record) self.manager.update_group(role['_id'], 'role', groups, record) self.manager.update_fields( role['_id'], 'role', {"defaultview": role.get("defaultview", None)})
class ViewsModule(MigrationModule): def __init__(self, *args, **kwargs): super(ViewsModule, self).__init__(*args, **kwargs) self.storage = Middleware.get_middleware_by_uri( 'storage-default://', table='object' ) self.rights = Rights() def init(self): pass def update(self): # Get views views = self.storage.find_elements(query={'crecord_type': 'view'}) backup = [] for view in views: # Go through the view if 'containerwidget' in view: if 'items' in view['containerwidget']: self.find_weathers(view['containerwidget']['items']) self.logger.info('Updating view: {0}'.format(view['_id'])) try: self.storage.put_element(element=view, _id=view['_id']) except Exception as err: self.logger.error( 'Unable to update view "{0}": {1}'.format( view['_id'], err ) ) backup.append(view) self.logger.info('Ensure rights for view: {0}'.format(view['_id'])) actions = self.rights.get_action([view['_id']]) if not actions: self.rights.add(view['_id'], 'Access to view {0}'.format( view.get('title', view['_id']) )) if backup: bakdir = os.path.join( sys.prefix, 'var', 'cache', 'canopsis', 'migration' ) filepath = os.path.join(bakdir, 'view.{0}.bak'.format(int(time()))) os.makedirs(bakdir) with open(filepath, 'w') as f: json.dump(backup, f) self.logger.info('Backup found at: {0}'.format(filepath)) def find_weathers(self, items): # Recursively find all weathers in the view for item in items: w = item['widget'] # Nested widget search if 'items' in w: self.find_weathers(w['items']) if w['xtype'] == 'weather' and 'event_selection' in w: self.logger.info( u'Processing weather in widget: {0}'.format( w['title'] ) ) w['event_selection'] = self.transform_event_selection( w['event_selection'] ) def transform_event_selection(self, event_selection): # Business code, update weather content selection = [] while event_selection: value = event_selection.pop() if isinstance(value, basestring): value = { 'label': 'label', 'rk': value } selection.append(value) return selection
class RightsTest(TestCase): def setUp(self): self.logger = getLogger() self.rights = Rights() self.data_types = ['profile', 'group', 'role'] # This should be in a filldb script referenced_rights = { '1234', '1235', '1236', '1237', '1238', '1239', '1240', '1241', '2344', '2345', '2346', '2347', '2348', '2349', '4210', '4211' } for x in referenced_rights: self.rights.add(x, 'desc test rule') # delete everything before starting self.rights.delete_group('group_test1') self.rights.delete_group('group_test2') self.rights.delete_user('jharris') self.rights.delete_profile('profile_test1') self.rights.delete_profile('profile_test2') self.rights.delete_role('role_test1bis') def tests(self): # Test creation of groups rights = { '1234': {'desc': 'test right in group', 'checksum': 15}, '1235': {'desc': 'test right in group', 'checksum': 8}, '1236': {'desc': 'test right in group', 'checksum': 12}, '1237': {'desc': 'test right in group', 'checksum': 1}, '1238': {'desc': 'test right in group', 'checksum': 15}, '1239': {'desc': 'test right in group', 'checksum': 15}, '1240': {'desc': 'test right in group', 'checksum': 8}, '1241': {'desc': 'test right in group', 'checksum': 8} } rights_scnd = { '2344': {'desc': 'test right in group', 'checksum': 15}, '2345': {'desc': 'test right in group', 'checksum': 8}, '2346': {'desc': 'test right in group', 'checksum': 12}, '2347': {'desc': 'test right in group', 'checksum': 1}, '2348': {'desc': 'test right in group', 'checksum': 15}, '2349': {'desc': 'test right in group', 'checksum': 15}, '4210': {'desc': 'test right in group', 'checksum': 8}, '4211': {'desc': 'test right in group', 'checksum': 8} } # basic group creation self.rights.create_group('group_test1', rights) self.rights.create_group('group_test2', rights_scnd) # basic profile creation self.rights.create_profile('profile_test1', ['group_test1']) self.rights.create_profile('profile_test2', ['group_test2']) # create new role and assign it to the user self.rights.create_role('role_test1bis', 'profile_test1') self.rights.create_user('jharris', 'role_test1bis') # Basic check self.assertEqual( self.rights.check_rights( 'jharris', '1237', 1), True) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add permissions to the rights self.rights.add_right('group_test1', 'group', '1237', 12) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Test right deletion self.rights.remove_right('group_test1', 'group', '1237', 8) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_right('group_test1', 'group', '1237', 12) # Test remove_entity self.rights.remove_group_profile('profile_test1', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_group_profile('profile_test1', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Test removing the profile self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add it back self.rights.add_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Remove the profile to add it to the role self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add the group to the role self.rights.add_group_role('role_test1bis', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Remove it self.rights.remove_group_role('role_test1bis', 'group_test1') self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) # Add the specific right to the user self.rights.add_right('jharris', 'user', '1237', 12) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), True) # Change the checksum self.rights.remove_right('jharris', 'user', '1237', 4) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 12), False) self.assertEqual( self.rights.check_rights( 'jharris', '1237', 8), True) # Add a right on the same action to different fields # and check that it is summed correctly self.rights.remove_right('jharris', 'user', '1237', 8) self.rights.remove_right('group_test1', 'user', '1237', 12) self.rights.add_right('jharris', 'user', '1237', 2) self.rights.add_right('role_test1bis', 'user', '1237', 4) self.rights.add_right('group_test2', 'user', '1237', 8) self.rights.add_group_user('jharris', 'group_test2') self.rights.add_group_role('role_test1bis', 'group_test1') self.rights.add_profile('role_test1bis', None, 'profile_test1') self.rights.add_group_profile('role_test1bis', 'group_test1') self.assertEqual( self.rights.get_user_rights('jharris')['1237']['checksum'], 15) # Change entity name self.assertTrue('group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue( 'group_test2' == self.rights.get_group('group_test2')['crecord_name'] ) self.assertTrue( self.rights.update_entity_name('group_test2', 'group', 'name_changed') ) self.assertTrue('group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue( 'name_changed' == self.rights.get_group('group_test2')['crecord_name'] )
class RightsTest(TestCase): def setUp(self): self.logger = getLogger() self.rights = Rights() self.data_types = ['profile', 'group', 'role'] # This should be in a filldb script referenced_rights = { '1234', '1235', '1236', '1237', '1238', '1239', '1240', '1241', '2344', '2345', '2346', '2347', '2348', '2349', '4210', '4211' } for x in referenced_rights: self.rights.add(x, 'desc test rule') # delete everything before starting self.rights.delete_group('group_test1') self.rights.delete_group('group_test2') self.rights.delete_user('jharris') self.rights.delete_profile('profile_test1') self.rights.delete_profile('profile_test2') self.rights.delete_role('role_test1bis') def tearDown(self): pass # TODO: cleanup the mess in default_rights def tests(self): # Test creation of groups rights = { '1234': { 'desc': 'test right in group', 'checksum': 15 }, '1235': { 'desc': 'test right in group', 'checksum': 8 }, '1236': { 'desc': 'test right in group', 'checksum': 12 }, '1237': { 'desc': 'test right in group', 'checksum': 1 }, '1238': { 'desc': 'test right in group', 'checksum': 15 }, '1239': { 'desc': 'test right in group', 'checksum': 15 }, '1240': { 'desc': 'test right in group', 'checksum': 8 }, '1241': { 'desc': 'test right in group', 'checksum': 8 } } rights_scnd = { '2344': { 'desc': 'test right in group', 'checksum': 15 }, '2345': { 'desc': 'test right in group', 'checksum': 8 }, '2346': { 'desc': 'test right in group', 'checksum': 12 }, '2347': { 'desc': 'test right in group', 'checksum': 1 }, '2348': { 'desc': 'test right in group', 'checksum': 15 }, '2349': { 'desc': 'test right in group', 'checksum': 15 }, '4210': { 'desc': 'test right in group', 'checksum': 8 }, '4211': { 'desc': 'test right in group', 'checksum': 8 } } # basic group creation self.rights.create_group('group_test1', rights) self.rights.create_group('group_test2', rights_scnd) # basic profile creation self.rights.create_profile('profile_test1', ['group_test1']) self.rights.create_profile('profile_test2', ['group_test2']) # create new role and assign it to the user self.rights.create_role('role_test1bis', 'profile_test1') self.rights.create_user('jharris', 'role_test1bis') # Basic check self.assertEqual(self.rights.check_rights('jharris', '1237', 1), True) self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add permissions to the rights self.rights.add_right('group_test1', 'group', '1237', 12) self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True) # Test right deletion self.rights.remove_right('group_test1', 'group', '1237', 8) self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add it back self.rights.add_right('group_test1', 'group', '1237', 12) # Test remove_entity self.rights.remove_group_profile('profile_test1', 'group_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add it back self.rights.add_group_profile('profile_test1', 'group_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True) # Test removing the profile self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add it back self.rights.add_profile('role_test1bis', None, 'profile_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True) # Remove the profile to add it to the role self.rights.remove_profile('role_test1bis', None, 'profile_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add the group to the role self.rights.add_group_role('role_test1bis', 'group_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True) # Remove it self.rights.remove_group_role('role_test1bis', 'group_test1') self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) # Add the specific right to the user self.rights.add_right('jharris', 'user', '1237', 12) self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True) # Change the checksum self.rights.remove_right('jharris', 'user', '1237', 4) self.assertEqual(self.rights.check_rights('jharris', '1237', 12), False) self.assertEqual(self.rights.check_rights('jharris', '1237', 8), True) # Add a right on the same action to different fields # and check that it is summed correctly self.rights.remove_right('jharris', 'user', '1237', 8) self.rights.remove_right('group_test1', 'user', '1237', 12) self.rights.add_right('jharris', 'user', '1237', 2) self.rights.add_right('role_test1bis', 'user', '1237', 4) self.rights.add_right('group_test2', 'user', '1237', 8) self.rights.add_group_user('jharris', 'group_test2') self.rights.add_group_role('role_test1bis', 'group_test1') self.rights.add_profile('role_test1bis', None, 'profile_test1') self.rights.add_group_profile('role_test1bis', 'group_test1') # Change entity name self.assertTrue( 'group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue('group_test2' == self.rights.get_group('group_test2') ['crecord_name']) self.assertTrue( self.rights.update_entity_name('group_test2', 'group', 'name_changed')) self.assertTrue( 'group_test2' in self.rights.get_user('jharris')['group']) self.assertTrue('name_changed' == self.rights.get_group('group_test2') ['crecord_name']) # Update fields uid = 'my_user' urole = 'admin' values = { '_id': uid, 'contact': { 'address': '', 'name': 'Administrator' }, 'external': False, 'mail': '*****@*****.**', 'shadowpasswd': 'DEADBEEF', 'ui_language': 'fr', } user = self.rights.create_user(uid, urole, contact=None, rights=None, groups=None) self.assertEqual(user['crecord_name'], uid) self.rights.update_fields(uid, 'user', values) r = self.rights.user_storage._backend.find({'_id': uid}) self.assertTrue(r.count() > 0) content = list(r.limit(1))[0] self.assertEqual(content['crecord_name'], uid) self.assertEqual(content['ui_language'], 'fr') self.assertEqual(content['mail'], '*****@*****.**')
class ViewsModule(MigrationModule): def __init__(self, *args, **kwargs): super(ViewsModule, self).__init__(*args, **kwargs) self.logger = Logger.get('migrationmodule', MigrationModule.LOG_PATH) self.storage = Middleware.get_middleware_by_uri('storage-default://', table='object') self.rights = Rights() def init(self, yes=False): pass def update(self, yes=False): # Get views views = self.storage.find_elements(query={'crecord_type': 'view'}) backup = [] for view in views: # Go through the view if 'containerwidget' in view: if 'items' in view['containerwidget']: self.find_weathers(view['containerwidget']['items']) self.logger.info(u'Updating view: {0}'.format(view['_id'])) try: self.storage.put_element(element=view, _id=view['_id']) except Exception as err: self.logger.error('Unable to update view "{0}": {1}'.format( view['_id'], err)) backup.append(view) self.logger.info(u'Ensure rights for view: {}'.format(view['_id'])) actions = self.rights.get_action([view['_id']]) if not actions: self.rights.add( view['_id'], 'Access to view {0}'.format(view.get('title', view['_id']))) if backup: bakdir = os.path.join(root_path, 'var', 'cache', 'canopsis', 'migration') filepath = os.path.join(bakdir, 'view.{0}.bak'.format(int(time()))) os.makedirs(bakdir) with open(filepath, 'w') as f: json.dump(backup, f) self.logger.info(u'Backup found at: {0}'.format(filepath)) def find_weathers(self, items): # Recursively find all weathers in the view for item in items: w = item['widget'] # Nested widget search if 'items' in w: self.find_weathers(w['items']) if w['xtype'] == 'weather' and 'event_selection' in w: self.logger.info(u'Processing weather in widget: {0}'.format( w['title'])) w['event_selection'] = self.transform_event_selection( w['event_selection']) def transform_event_selection(self, event_selection): # Business code, update weather content selection = [] while event_selection: value = event_selection.pop() if isinstance(value, basestring): value = {'label': 'label', 'rk': value} selection.append(value) return selection
class RightsModule(MigrationModule): CONF_PATH = 'etc/migration/rights.conf' CATEGORY = 'RIGHTS' def __init__( self, actions_path=None, users_path=None, roles_path=None, *args, **kwargs ): super(RightsModule, self).__init__(*args, **kwargs) self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH) self.config = Configuration.load(RightsModule.CONF_PATH, Ini) conf = self.config.get(self.CATEGORY, {}) self.manager = Rights() if actions_path is not None: actions_path = actions_path else: actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH) self.actions_path = os.path.expanduser(actions_path) if users_path is not None: users_path = users_path else: users_path = conf.get('users_path', DEFAULT_USERS_PATH) self.users_path = os.path.expanduser(users_path) if roles_path is not None: roles_path = roles_path else: roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH) self.roles_path = os.path.expanduser(roles_path) def init(self, clear=True, yes=False): self.add_actions(self.load(self.actions_path), clear) self.add_users(self.load(self.users_path), clear) self.add_roles(self.load(self.roles_path), clear) def update(self, yes=False): self.init(clear=False) def load(self, path): try: loaded = [] for fpath in os.listdir(path): if fpath.endswith('.json'): fullpath = os.path.join(path, fpath) with open(fullpath) as f: data = ensure_iterable(json.load(f)) loaded += data except Exception as err: self.logger.error(u'Unable to load JSON files "{0}": {1}'.format( path, err )) loaded = [] return loaded def add_actions(self, data, clear): for action in data: for aid in action: if self.manager.get_action(aid) is None or clear: self.logger.info(u'Initialize action: {0}'.format(aid)) self.manager.add( aid, action[aid].get('desc', 'Empty description') ) def add_users(self, data, clear): for user in data: if self.manager.get_user(user['_id']) is None or clear: self.logger.info(u'Initialize user: {0}'.format(user['_id'])) self.manager.create_user( user['_id'], user.get('role', None), rights=user.get('rights', None), contact=user.get('contact', None), groups=user.get('groups', None) ) self.manager.update_fields( user['_id'], 'user', { 'external': user.get('external', False), 'enable': user.get('enable', True), 'shadowpasswd': user.get('shadowpass', None), 'mail': user.get('mail', None), 'authkey': user.get('authkey', str(uuid1())) } ) def add_roles(self, data, clear): for role in data: if self.manager.get_role(role['_id']) is None or clear: self.logger.info(u'Initialize role: {0}'.format(role['_id'])) self.manager.create_role( role['_id'], role.get('profile', None) ) self.logger.info(u'Updating role: {0}'.format(role['_id'])) record = self.manager.get_role(role['_id']) rights = record.get('rights', {}) groups = record.get('groups', []) rights.update(role.get('rights', {})) groups += role.get('groups', []) groups = list(set(groups)) # make groups unique self.manager.update_rights(role['_id'], 'role', rights, record) self.manager.update_group(role['_id'], 'role', groups, record) self.manager.update_fields(role['_id'], 'role', {"defaultview": role.get("defaultview", None)})
class RightsModule(MigrationModule): @property def actions_path(self): if not hasattr(self, '_actions_path'): self.actions_path = None return self._actions_path @actions_path.setter def actions_path(self, value): if value is None: value = '~/opt/mongodb/load.d/rights/actions_ids' self._actions_path = os.path.expanduser(value) @property def users_path(self): if not hasattr(self, '_users_path'): self.users_path = None return self._users_path @users_path.setter def users_path(self, value): if value is None: value = '~/opt/mongodb/load.d/rights/default_users' self._users_path = os.path.expanduser(value) @property def roles_path(self): if not hasattr(self, '_roles_path'): self.roles_path = None return self._roles_path @roles_path.setter def roles_path(self, value): if value is None: value = '~/opt/mongodb/load.d/rights/default_roles' self._roles_path = os.path.expanduser(value) def __init__( self, actions_path=None, users_path=None, roles_path=None, *args, **kwargs ): super(RightsModule, self).__init__(*args, **kwargs) self.manager = Rights() if actions_path is not None: self.actions_path = actions_path if users_path is not None: self.users_path = users_path if roles_path is not None: self.roles_path = roles_path def init(self, clear=True): self.add_actions(self.load(self.actions_path), clear) self.add_users(self.load(self.users_path), clear) self.add_roles(self.load(self.roles_path), clear) def update(self): self.init(clear=False) def load(self, path): try: loaded = [] for fpath in os.listdir(path): if fpath.endswith('.json'): fullpath = os.path.join(path, fpath) with open(fullpath) as f: data = ensure_iterable(json.load(f)) loaded += data except Exception as err: self.logger.error(u'Unable to load JSON files "{0}": {1}'.format( path, err )) loaded = [] return loaded def add_actions(self, data, clear): for action in data: for aid in action: if self.manager.get_action(aid) is None or clear: self.logger.info(u'Initialize action: {0}'.format(aid)) self.manager.add( aid, action[aid].get('desc', 'Empty description') ) def add_users(self, data, clear): for user in data: if self.manager.get_user(user['_id']) is None or clear: self.logger.info(u'Initialize user: {0}'.format(user['_id'])) self.manager.create_user( user['_id'], user.get('role', None), rights=user.get('rights', None), contact=user.get('contact', None), groups=user.get('groups', None) ) self.manager.update_fields( user['_id'], 'user', { 'external': user.get('external', False), 'enable': user.get('enable', True), 'shadowpasswd': user.get('shadowpass', None), 'mail': user.get('mail', None), 'authkey': user.get('authkey', str(uuid1())) } ) def add_roles(self, data, clear): for role in data: if self.manager.get_role(role['_id']) is None or clear: self.logger.info(u'Initialize role: {0}'.format(role['_id'])) self.manager.create_role( role['_id'], role.get('profile', None) ) self.logger.info(u'Updating role: {0}'.format(role['_id'])) record = self.manager.get_role(role['_id']) rights = record.get('rights', {}) groups = record.get('groups', []) rights.update(role.get('rights', {})) groups += role.get('groups', []) groups = list(set(groups)) # make groups unique self.manager.update_rights(role['_id'], 'role', rights, record) self.manager.update_group(role['_id'], 'role', groups, record)