def user_is_auditor(username: str) -> bool: """Check if a user is an auditor, defined as having the audit permission.""" graph = Graph() user_md = graph.get_user_details(username) for perm in user_md["permissions"]: if perm["permission"] == PERMISSION_AUDITOR: return True return False
def promote_nonauditors(self, session): # type: (Session) -> None """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All non-auditor approvers of audited groups will be promoted to be auditors, i.e., added to the auditors group. Args: session (Session): database session """ graph = Graph() # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # map from user object to names of audited groups in which # user is a nonauditor approver nonauditor_approver_to_groups = defaultdict( set) # type: Dict[User, Set[str]] user_is_auditor = {} # type: Dict[str, bool] for group_tuple in graph.get_groups(audited=True, directly_audited=False): group_md = graph.get_group_details(group_tuple.groupname, expose_aliases=False) for username, user_md in iteritems(group_md["users"]): if username not in user_is_auditor: user_perms = graph.get_user_details( username)["permissions"] user_is_auditor[username] = any([ p["permission"] == PERMISSION_AUDITOR for p in user_perms ]) if user_is_auditor[username]: # user is already auditor so can skip continue if user_md["role"] in APPROVER_ROLE_INDICES: # non-auditor approver. BAD! nonauditor_approver_to_groups[username].add( group_tuple.groupname) if nonauditor_approver_to_groups: auditors_group = get_auditors_group(self.settings, session) for username, group_names in iteritems( nonauditor_approver_to_groups): reason = "auto-added due to having approver role(s) in group(s): {}".format( ", ".join(group_names)) user = User.get(session, name=username) assert user auditors_group.add_member(user, user, reason, status="actioned") notify_nonauditor_promoted(self.settings, session, user, auditors_group, group_names) session.commit()
def user_is_auditor(username): """Check if a user is an auditor This is defined as the user having the audit permission. Args: username (str): The account name to check. Returns: bool: True/False. """ graph = Graph() user_md = graph.get_user_details(username) for perm in user_md["permissions"]: if perm["permission"] == PERMISSION_AUDITOR: return True return False
def promote_nonauditors(self, session): # type: (Session) -> None """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All non-auditor approvers of audited groups will be promoted to be auditors, i.e., added to the auditors group. Args: session (Session): database session """ graph = Graph() # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # map from user object to names of audited groups in which # user is a nonauditor approver nonauditor_approver_to_groups = defaultdict(set) # type: Dict[User, Set[str]] user_is_auditor = {} # type: Dict[str, bool] for group_tuple in graph.get_groups(audited=True, directly_audited=False): group_md = graph.get_group_details(group_tuple.name, expose_aliases=False) for username, user_md in iteritems(group_md["users"]): if username not in user_is_auditor: user_perms = graph.get_user_details(username)["permissions"] user_is_auditor[username] = any( [p["permission"] == PERMISSION_AUDITOR for p in user_perms] ) if user_is_auditor[username]: # user is already auditor so can skip continue if user_md["role"] in APPROVER_ROLE_INDICES: # non-auditor approver. BAD! nonauditor_approver_to_groups[username].add(group_tuple.name) if nonauditor_approver_to_groups: auditors_group = get_auditors_group(self.settings, session) for username, group_names in iteritems(nonauditor_approver_to_groups): reason = "auto-added due to having approver role(s) in group(s): {}".format( ", ".join(group_names) ) user = User.get(session, name=username) assert user auditors_group.add_member(user, user, reason, status="actioned") notify_nonauditor_promoted( self.settings, session, user, auditors_group, group_names ) session.commit()