def is_owned_by(self, user):
"""Checks if the user is managing the room (owner or manager)"""
if self.owner == user:
return True
manager_group = self.get_attribute_value('manager-group')
if not manager_group:
return False
return user in GroupProxy.get_named_default_group(manager_group)
def _process_args(self):
try:
group = GroupProxy(request.view_args['group_id'], request.view_args['provider'])
except ValueError:
group = None
if group is None or group.group is None:
raise NotFound
self.group = group
def test_iter_acl():
user = User()
user_p = MagicMock(principal=user, spec=['principal'])
ipn = IPNetworkGroup()
ipn_p = MagicMock(principal=ipn, spec=['principal'])
local_group = GroupProxy(123, _group=MagicMock())
local_group_p = MagicMock(principal=local_group, spec=['principal'])
remote_group = GroupProxy('foo', 'bar')
remote_group_p = MagicMock(principal=remote_group, spec=['principal'])
acl = [
ipn, user_p, remote_group, local_group_p, user, local_group,
remote_group_p, ipn_p
]
assert list(iter_acl(iter(acl))) == [
user_p, user, ipn, ipn_p, local_group_p, local_group, remote_group,
remote_group_p
]
def principal(self):
from fossir.modules.groups import GroupProxy
if self.type == PrincipalType.user:
return self.user
elif self.type == PrincipalType.local_group:
return self.local_group.proxy
elif self.type == PrincipalType.multipass_group:
return GroupProxy(self.multipass_group_name,
self.multipass_group_provider)
elif self.type == PrincipalType.email:
return EmailPrincipal(self.email)
elif self.type == PrincipalType.network:
return self.ip_network_group
def _can_be_booked(self, user, prebook=False, ignore_admin=False):
if not user or not rb_check_user_access(user):
return False
if (not ignore_admin and rb_is_admin(user)) or (self.is_owned_by(user)
and self.is_active):
return True
if self.is_active and self.is_reservable and (
prebook or not self.reservations_need_confirmation):
group_name = self.get_attribute_value('allowed-booking-group')
if not group_name or user in GroupProxy.get_named_default_group(
group_name):
return True
return False
def _process(self):
query = LocalGroup.query.options(joinedload(LocalGroup.members)).order_by(db.func.lower(LocalGroup.name))
groups = [g.proxy for g in query]
providers = [p for p in multipass.identity_providers.itervalues() if p.supports_groups]
form = SearchForm(obj=FormDefaults(exact=True))
if not providers:
del form.provider
else:
form.provider.choices = ([('', _('All')), ('fossir', _('Local Groups'))] +
[(p.name, p.title) for p in sorted(providers, key=attrgetter('title'))])
search_results = None
if form.validate_on_submit():
search_providers = None if not providers or not form.provider.data else {form.provider.data}
search_results = GroupProxy.search(form.name.data, exact=form.exact.data, providers=search_providers)
search_results.sort(key=attrgetter('provider', 'name'))
provider_titles = {p.name: p.title for p in multipass.identity_providers.itervalues()}
provider_titles[None] = _('Local')
return WPGroupsAdmin.render_template('groups.html', groups=groups, providers=providers, form=form,
search_results=search_results, provider_titles=provider_titles)
def principal_from_fossil(fossil,
allow_pending=False,
allow_groups=True,
allow_missing_groups=False,
allow_emails=False,
allow_networks=False,
existing_data=None):
from fossir.modules.networks.models.networks import IPNetworkGroup
from fossir.modules.groups import GroupProxy
from fossir.modules.users import User
if existing_data is None:
existing_data = set()
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for k, v in data.items()}
email = data['email'].lower()
# check if there is not already a (pending) user with that e-mail
# we need to check for non-pending users too since the search may
# show a user from external results even though the email belongs
# to an fossir account in case some of the search criteria did not
# match the fossir account
user = User.find_first(User.all_emails.contains(email),
~User.is_deleted)
if not user:
user = User(first_name=data.get('first_name') or '',
last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''),
phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''),
is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError(
"Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_networks and type_ == 'IPNetworkGroup':
group = IPNetworkGroup.get(int(id_))
if group is None or (group.hidden and group not in existing_data):
raise ValueError('IP network group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(
provider, id_))
return group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def proxy(self):
"""Returns a GroupProxy wrapping this group"""
from fossir.modules.groups import GroupProxy
return GroupProxy(self.id, _group=self)
def group(self):
return GroupProxy(self.id, self.provider)
def group(self):
return GroupProxy(self.id)
def manager_emails(self):
manager_group = self.get_attribute_value('manager-group')
if not manager_group:
return set()
group = GroupProxy.get_named_default_group(manager_group)
return {u.email for u in group.get_members()}
def _getAnswer(self):
results = [g.as_legacy_group for g in GroupProxy.search(self._group, exact=self._exactMatch)]
fossilized_results = fossilize(results, IGroupFossil)
for fossilizedGroup in fossilized_results:
fossilizedGroup["isGroup"] = True
return fossilized_results