def rm(ctx, name):
"""Deletes a user"""
ds = SQLAlchemyUserDatastore(ctx.obj, User, Role)
u = ds.find_role(name)
if u:
ds.delete(u)
ds.commit()
def _init_users():
"""Initialize Afterglow user datastore if AUTH_ENABLED = True"""
# noinspection PyUnresolvedReferences
from .. import oauth2 # register oauth token-related models
# All imports put here to avoid unnecessary loading of packages on startup
# if user auth is disabled
from alembic import (config as alembic_config, context as alembic_context)
from alembic.script import ScriptDirectory
from alembic.runtime.environment import EnvironmentContext
global user_datastore, security
user_datastore = SQLAlchemyUserDatastore(db, DbUser, DbRole)
security = Security(app, user_datastore, register_blueprint=False)
# Make sure that the database directory exists
try:
os.makedirs(os.path.abspath(app.config['DATA_ROOT']))
except OSError as e:
if e.errno != errno.EEXIST:
raise
# Create/upgrade tables via Alembic
cfg = alembic_config.Config()
cfg.set_main_option(
'script_location',
os.path.abspath(
os.path.join(__file__, '../..', 'db_migration', 'users')))
script = ScriptDirectory.from_config(cfg)
# noinspection PyProtectedMember
with EnvironmentContext(
cfg,
script,
fn=lambda rev, _: script._upgrade_revs('head', rev),
as_sql=False,
starting_rev=None,
destination_rev='head',
tag=None,
), db.engine.connect() as connection:
alembic_context.configure(connection=connection)
with alembic_context.begin_transaction():
alembic_context.run_migrations()
# Initialize user roles if missing
try:
roles_created = False
for name, descr in [('admin', 'Afterglow Administrator'),
('user', 'Afterglow User')]:
if not user_datastore.find_role(name):
user_datastore.create_role(name=name, description=descr)
roles_created = True
if roles_created:
user_datastore.commit()
except Exception:
db.session.rollback()
raise
def load(ctx, file):
"""Dump stuff for loading later (in lieu of having proper migrations)"""
ds = SQLAlchemyUserDatastore(ctx.obj, User, Role)
for line in file:
email, first, last, roles, password = line.strip().split('\t')
u = ds.find_user(email=email)
if not u:
u = ds.create_user(email=email,
first_name=first,
last_name=last,
password=password)
log.info('added %s', u)
ds.commit()
for role_name in roles.strip().split(','):
r = ds.find_role(role_name)
if not r:
r = ds.create_role(name=role_name)
ds.commit()
if not u.has_role(r):
ds.add_role_to_user(u, r)
ds.commit()
def create_user():
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
# db.drop_all()
# db.create_all()
# user_datastore.create_user(username='******', password='******')
# db.session.commit()
# print user_datastore.find_user(username='******')
for permissions, (name, desc) in Permission.PERMISSION_MAP.items():
user_datastore.find_or_create_role(name=name,
description=desc,
permissions=permissions)
for username, passwd, permissions in (('xjd', '123', (Permission.LOGIN,
Permission.EDITOR)),
('xilixjd', '123',
(Permission.ADMINISTER, ))):
user = user_datastore.create_user(username=username, password=passwd)
db.session.commit()
for permission in permissions:
user_datastore.add_role_to_user(
user,
user_datastore.find_role(
role=Permission.PERMISSION_MAP[permission][0]))
db.session.commit()
def find_role(self, role):
return _extend_instance(SQLAlchemyUserDatastore.find_role(self, role),
RoleMixin)