def org_team_get(): """ Returns a list of teams in the given organization. """ if not g.client.team_access: return api_result('error', error='no_team_access') org_userids = request.values.getlist('org') if not org_userids: return api_result('error', error='no_org_provided') organizations = Organization.all(userids=org_userids) if not organizations: return api_result('error', error='no_such_organization') orgteams = {} for org in organizations: # If client has access to team information, make a list of teams. # XXX: Should trusted clients have access anyway? Will this be an abuse # of the trusted flag? It was originally meant to only bypass user authorization # on login to HasGeek websites as that would have been very confusing to users. # XXX: Return user list here? if g.client in org.clients_with_team_access(): orgteams[org.userid] = [{'userid': team.userid, 'org': org.userid, 'title': team.title, 'owners': team == org.owners} for team in org.teams] return api_result('ok', org_teams=orgteams)
def user_get_by_userid(): """ Returns user or organization with the given userid (Lastuser internal userid) """ userid = request.values.get('userid') if not userid: return api_result('error', error='no_userid_provided') user = User.get(userid=userid, defercols=True) if user: return api_result('ok', type='user', userid=user.userid, buid=user.userid, name=user.username, title=user.fullname, label=user.pickername, timezone=user.timezone, oldids=[o.userid for o in user.oldids]) else: org = Organization.get(userid=userid, defercols=True) if org: return api_result('ok', type='organization', userid=org.userid, buid=org.userid, name=org.name, title=org.title, label=org.pickername) return api_result('error', error='not_found')
def validate(self): rv = super(PermissionForm, self).validate() if not rv: return False if not valid_username(self.name.data): self.name.errors.append(_("Name contains invalid characters")) return False existing = Permission.get(name=self.name.data, allusers=True) if existing and existing.id != self.edit_id: self.name.errors.append(_("A global permission with that name already exists")) return False if self.context.data == self.edit_user.buid: existing = Permission.get(name=self.name.data, user=self.edit_user) else: org = Organization.get(buid=self.context.data) if org: existing = Permission.get(name=self.name.data, org=org) else: existing = None if existing and existing.id != self.edit_id: self.name.errors.append(_("You have another permission with the same name")) return False return True
def user_get_by_userids(userid): """ Returns users and organizations with the given userids (Lastuser internal userid). This is identical to get_by_userid but accepts multiple userids and returns a list of matching users and organizations """ if not userid: return api_result('error', error='no_userid_provided', _jsonp=True) users = User.all(buids=userid) orgs = Organization.all(buids=userid) return api_result( 'ok', _jsonp=True, results=[{ 'type': 'user', 'buid': u.buid, 'userid': u.buid, 'uuid': u.uuid, 'name': u.username, 'title': u.fullname, 'label': u.pickername, 'timezone': u.timezone, 'oldids': [o.buid for o in u.oldids], 'olduuids': [o.uuid for o in u.oldids], } for u in users] + [{ 'type': 'organization', 'buid': o.buid, 'userid': o.buid, 'uuid': o.uuid, 'name': o.name, 'title': o.fullname, 'label': o.pickername, } for o in orgs], )
def validate(self): rv = super(PermissionForm, self).validate() if not rv: return False if not valid_username(self.name.data): self.name.errors.append("Name contains invalid characters") return False existing = Permission.get(name=self.name.data, allusers=True) if existing and existing.id != self.edit_id: self.name.errors.append( "A global permission with that name already exists") return False if self.context.data == self.edit_user.userid: existing = Permission.get(name=self.name.data, user=self.edit_user) else: org = Organization.get(userid=self.context.data) if org: existing = Permission.get(name=self.name.data, org=org) else: existing = None if existing and existing.id != self.edit_id: self.name.errors.append( "You have another permission with the same name") return False return True
def user_get_by_userids(userid): """ Returns users and organizations with the given userids (Lastuser internal userid). This is identical to get_by_userid but accepts multiple userids and returns a list of matching users and organizations """ if not userid: return api_result('error', error='no_userid_provided') users = User.all(userids=userid) orgs = Organization.all(userids=userid) return api_result('ok', results=[ {'type': 'user', 'buid': u.userid, 'userid': u.userid, 'name': u.username, 'title': u.fullname, 'label': u.pickername, 'timezone': u.timezone, 'oldids': [o.userid for o in u.oldids]} for u in users] + [ {'type': 'organization', 'buid': o.userid, 'userid': o.userid, 'name': o.name, 'title': o.fullname, 'label': o.pickername} for o in orgs] )
def org_team_get(): """ Returns a list of teams in the given organization. """ if not g.client.team_access: return api_result('error', error='no_team_access') org_userids = request.values.getlist('org') if not org_userids: return api_result('error', error='no_org_provided') organizations = Organization.all(userids=org_userids) if not organizations: return api_result('error', error='no_such_organization') orgteams = {} for org in organizations: # If client has access to team information, make a list of teams. # XXX: Should trusted clients have access anyway? Will this be an abuse # of the trusted flag? It was originally meant to only bypass user authorization # on login to HasGeek websites as that would have been very confusing to users. # XXX: Return user list here? if g.client in org.clients_with_team_access(): orgteams[org.userid] = [{ 'userid': team.userid, 'org': org.userid, 'title': team.title, 'owners': team == org.owners } for team in org.teams] return api_result('ok', org_teams=orgteams)
def validate_username(self, field): if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError, _("This name is reserved") if not valid_username(field.data): raise forms.ValidationError(_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes")) existing = User.get(username=field.data) or Organization.get(name=field.data) if existing is not None: raise forms.ValidationError(_("This username is taken"))
def validate_name(self, field): if not valid_username(field.data): raise wtforms.ValidationError("Invalid characters in name") if field.data in current_app.config['RESERVED_USERNAMES']: raise wtforms.ValidationError("That name is reserved") existing = User.get(username=field.data) if existing is not None: raise wtforms.ValidationError("That name is taken") existing = Organization.get(name=field.data) if existing is not None and existing.id != self.edit_id: raise wtforms.ValidationError("That name is taken")
def validate_username(self, field): if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError, _("This name is reserved") if not valid_username(field.data): raise forms.ValidationError( _(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes" )) existing = User.get(username=field.data) or Organization.get( name=field.data) if existing is not None: raise forms.ValidationError(_("This username is taken"))
def new(self): form = OrganizationForm() form.name.description = current_app.config.get('ORG_NAME_REASON') form.title.description = current_app.config.get('ORG_TITLE_REASON') if form.validate_on_submit(): org = Organization() form.populate_obj(org) if current_auth.user not in org.owners.users: org.owners.users.append(current_auth.user) if current_auth.user not in org.members.users: org.members.users.append(current_auth.user) db.session.add(org) db.session.commit() org_data_changed.send(org, changes=['new'], user=current_auth.user) return render_redirect(org.url_for('view'), code=303) return render_form(form=form, title=_("New organization"), formid='org_new', submit=_("Create"), ajax=False)
def org_new(): form = OrganizationForm() form.name.description = current_app.config.get('ORG_NAME_REASON') form.title.description = current_app.config.get('ORG_TITLE_REASON') if form.validate_on_submit(): org = Organization() form.populate_obj(org) org.owners.users.append(g.user) db.session.add(org) db.session.commit() org_data_changed.send(org, changes=['new'], user=g.user) return render_redirect(url_for('.org_info', name=org.name), code=303) return render_form(form=form, title="New Organization", formid="org_new", submit="Create", ajax=False)
def validate_name(self, field): if not valid_username(field.data): raise forms.ValidationError(_("Invalid characters in name")) if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError(_("This name is reserved")) existing = User.get(username=field.data) if existing is not None: if existing == current_auth.user: raise forms.ValidationError(Markup(_(u"This is <em>your</em> current username. " u'You must change it first from <a href="{profile}">your profile</a> ' u"before you can assign it to an organization").format( profile=url_for('profile')))) else: raise forms.ValidationError(_("This name is taken")) existing = Organization.get(name=field.data) if existing is not None and existing.id != self.edit_id: raise forms.ValidationError(_("This name is taken"))
def make_fixtures(self): """ Create users, attach them to organizations. Create test client app, add test resource, action and message. """ crusoe = User(username=u"crusoe", fullname=u"Crusoe Celebrity Dachshund") oakley = User(username=u"oakley") piglet = User(username=u"piglet") nameless = User(fullname="Nameless") db.session.add_all([crusoe, oakley, piglet, nameless]) self.crusoe = crusoe self.oakley = oakley self.piglet = piglet self.nameless = nameless crusoe_email = UserEmail(email=u"*****@*****.**", primary=True, user=crusoe) crusoe_phone = UserPhone(phone=u"+8080808080", primary=True, user=crusoe) oakley_email = UserEmail(email=u"*****@*****.**", user=oakley) db.session.add_all([crusoe_email, crusoe_phone, oakley_email]) self.crusoe_email = crusoe_email self.crusoe_phone = crusoe_phone batdog = Organization(name=u'batdog', title=u'Batdog') batdog.owners.users.append(crusoe) batdog.members.users.append(oakley) db.session.add(batdog) self.batdog = batdog specialdachs = Organization(name=u"specialdachs", title=u"Special Dachshunds") specialdachs.owners.users.append(oakley) specialdachs.members.users.append(piglet) db.session.add(specialdachs) self.specialdachs = specialdachs client = Client(title=u"Batdog Adventures", org=batdog, confidential=True, namespace=u'fun.batdogadventures.com', website=u"http://batdogadventures.com") db.session.add(client) self.client = client dachshunds = Team(title=u"Dachshunds", org=batdog) db.session.add(dachshunds) self.dachshunds = dachshunds team_client_permission = TeamClientPermissions( team=dachshunds, client=client, access_permissions=u"admin") self.team_client_permission = team_client_permission db.session.add(team_client_permission) client_team_access = ClientTeamAccess( org=batdog, client=client, access_level=CLIENT_TEAM_ACCESS.ALL) db.session.add(client_team_access) bdfl = Permission(name=u"bdfl", title=u"BDFL", user=crusoe) db.session.add(bdfl) self.bdfl = bdfl user_client_permissions = UserClientPermissions(user=crusoe, client=client) db.session.add(user_client_permissions) self.user_client_permissions = user_client_permissions resource = Resource(name=u"test_resource", title=u"Test Resource", client=client) db.session.add(resource) self.resource = resource resource_action = ResourceAction(name=u'Fun', resource=resource, title=u'fun') db.session.add(resource_action) self.resource_action = resource_action action = ResourceAction(name=u"read", title=u"Read", resource=resource) db.session.add(action) self.action = action message = SMSMessage(phone_number=crusoe_phone.phone, transaction_id=u"Ruff" * 5, message=u"Wuff Wuff") db.session.add(message) db.session.commit() self.message = message
def loader(self, name=None): if name: obj = Organization.get(name=name) if not obj: abort(404) return obj
# incase data exists from previously run tests db.drop_all() # create schema again db.create_all() # Add fixtures for test app # user for CRUD workflow: creating client app gustav = User( username="******", fullname="Gustav 'world' Dachshund", password='******' ) # org for associating with client # client for CRUD workflow of defining perms *in* client # spare user for CRUD workflow of assigning permissions oakley = User(username="******", fullname="Oakley 'huh' Dachshund") dachsunited = Organization(name="dachsunited", title="Dachs United") dachsunited.owners.users.append(gustav) dachshundworld = AuthClient( title="Dachshund World", org=dachsunited, confidential=True, website="http://gustavsdachshundworld.com", ) db.session.add(gustav) db.session.add(oakley) db.session.add(dachsunited) db.session.add(dachshundworld) db.session.commit() app.run('0.0.0.0')
def make_fixtures(self): """ Create users, attach them to organizations. Create test client app, add test resource, action and message. """ crusoe = User(username="******", fullname="Crusoe Celebrity Dachshund") oakley = User(username="******") piglet = User(username="******") nameless = User(fullname="Nameless") db.session.add_all([crusoe, oakley, piglet, nameless]) self.crusoe = crusoe self.oakley = oakley self.piglet = piglet self.nameless = nameless crusoe_email = UserEmail( email="*****@*****.**", user=crusoe, primary=True ) crusoe_phone = UserPhone(phone="+8080808080", user=crusoe, primary=True) oakley_email = UserEmail(email="*****@*****.**", user=oakley) db.session.add_all([crusoe_email, crusoe_phone, oakley_email]) self.crusoe_email = crusoe_email self.crusoe_phone = crusoe_phone batdog = Organization(name='batdog', title='Batdog') batdog.owners.users.append(crusoe) db.session.add(batdog) self.batdog = batdog specialdachs = Organization(name="specialdachs", title="Special Dachshunds") specialdachs.owners.users.append(oakley) db.session.add(specialdachs) self.specialdachs = specialdachs auth_client = AuthClient( title="Batdog Adventures", organization=batdog, confidential=True, namespace='fun.batdogadventures.com', website="http://batdogadventures.com", ) db.session.add(auth_client) self.auth_client = auth_client dachshunds = Team(title="Dachshunds", organization=batdog) db.session.add(dachshunds) self.dachshunds = dachshunds auth_client_team_permissions = AuthClientTeamPermissions( team=dachshunds, auth_client=auth_client, access_permissions="admin" ) self.auth_client_team_permissions = auth_client_team_permissions db.session.add(auth_client_team_permissions) auth_client_user_permissions = AuthClientUserPermissions( user=crusoe, auth_client=auth_client ) db.session.add(auth_client_user_permissions) self.auth_client_user_permissions = auth_client_user_permissions message = SMSMessage( phone_number=crusoe_phone.phone, transactionid="Ruff" * 5, message="Wuff Wuff", ) db.session.add(message) db.session.commit() self.message = message