def decroated(self, data, req_info, curs):
auth = Authenticator()
session_id = data.get('session_id')
session = auth.get_session(session_id)
f = UserFilter(session, {'id': session.user_id}, {}, {})
user = f.filter_one_obj(curs)
try:
if user.environment_id != session.environment_id:
raise HelixauthError('User and session from different environments')
if not user.is_active:
raise UserInactive()
auth.check_access(session, Service.TYPE_AUTH, method.__name__, req_info)
data.pop('session_id', None)
custom_actor_info = data.pop('custom_actor_info', None)
try:
result = method(self, data, req_info, session, curs)
except Exception, e:
data['environment_id'] = session.environment_id
_add_log_info(data, session, custom_actor_info)
raise e
_add_log_info(data, session, custom_actor_info)
return result
def check_user_exist(self, data, req_info, session, curs=None):
f = UserFilter(session, {'id': data['id']}, {}, None)
exist = False
try:
f.filter_one_obj(curs)
exist = True
except UserNotFound:
pass
return response_ok(exist=exist)
def get_user_self(self, data, req_info, session, curs=None):
f_params = {'id': session.user_id}
f = UserFilter(session, f_params, {}, None)
user = f.filter_one_obj(curs)
f = GroupFilter(session.environment_id, {}, {}, None)
groups = f.filter_objs(curs)
g_ids = [g.id for g in groups]
result = user.to_dict()
result.pop('password')
result.pop('salt')
result.pop('environment_id')
result['groups_ids'] = filter(lambda x: x in g_ids, result['groups_ids'])
return response_ok(user=result)
def get_users(self, data, req_info, session, curs=None):
f = UserFilter(session, data['filter_params'],
data['paging_params'], data.get('ordering_params'))
users, total = f.filter_counted(curs)
f = GroupFilter(session.environment_id, {}, {}, None)
groups = f.filter_objs(curs)
g_ids = [g.id for g in groups]
def viewer(obj):
result = obj.to_dict()
result.pop('password')
result.pop('salt')
result.pop('environment_id')
result['groups_ids'] = filter(lambda x: x in g_ids, result['groups_ids'])
return result
return response_ok(users=self.objects_info(users, viewer), total=total)
def modify_users(self, data, req_info, session, curs=None):
u_ids = data['ids']
f = UserFilter(session, {'roles': [User.ROLE_SUPER]}, {}, None)
su = f.filter_one_obj(curs)
if su.id in u_ids:
raise SuperUserModificationDenied()
groups_ids = data.get('new_groups_ids', [])
filtered_g_ids = self._filter_existed_groups(curs, session, groups_ids)
data['new_groups_ids'] = filtered_g_ids
if 'new_password' in data:
a = Authenticator()
salt = a.salt()
data['new_password'] = a.encrypt_password(data['new_password'], salt)
data['new_salt'] = salt
f = UserFilter(session, {'ids': u_ids}, {}, None)
loader = partial(f.filter_objs, curs, for_update=True)
self.update_objs(curs, data, loader)
return response_ok()
def modify_user_self(self, data, req_info, session, curs=None):
f = UserFilter(session, {'id': session.user_id}, {}, None)
user = f.filter_one_obj(curs)
old_password = data.get('old_password')
new_password = data.get('new_password')
d = {}
if 'new_lang' in data:
d['new_lang'] = data['new_lang']
if old_password is not None:
if new_password is None or len(new_password) == 0:
raise UserNewPasswordNotSet("Empty new password can't be set")
a = Authenticator()
if user.password != a.encrypt_password(old_password, user.salt):
raise UserWrongOldPassword()
salt = a.salt()
d['new_salt'] = salt
d['new_password'] = a.encrypt_password(data['new_password'], salt)
loader = partial(f.filter_one_obj, curs, for_update=True)
self.update_obj(curs, d, loader)
return response_ok()
