def match_realms(request_realms, allowed_realms):
"""
Check if all requested realms are also allowed realms
and that all allowed realms exist and
return a filtered list with only the matched realms.
In case of '*' in reques_realms, return all allowed realms
including /:no realm:/
:param allowed_realms: list of realms from request (without '*')
:param request_realms: list of allowed realms according to policies
:return: list of realms which were in both lists
"""
all_realms = list(getRealms().keys())
all_allowed_realms = set()
for realm in allowed_realms:
if realm in all_realms:
all_allowed_realms.add(realm)
else:
log.info('Policy allowed a realm that does not exist: %r', realm)
realms = []
_ = context['translate']
if not request_realms or request_realms == ['']:
realms = list(all_allowed_realms)
# support for empty realms or no realms by realm = *
elif '*' in request_realms:
realms = list(all_allowed_realms)
realms.append('/:no realm:/')
# other cases, we iterate through the realm list
elif len(request_realms) > 0 and not (request_realms == ['']):
invalid_realms = []
for search_realm in request_realms:
search_realm = search_realm.strip()
if search_realm in all_allowed_realms:
realms.append(search_realm)
elif search_realm == '/:no realm:/':
realms.append(search_realm)
else:
invalid_realms.append(search_realm)
if not realms and invalid_realms:
from linotp.lib.policy import PolicyException
raise PolicyException(_('You do not have the rights to see these '
'realms: %r. Check the policies!')
% invalid_realms)
return realms
def tokens(self):
"""
method:
monitoring/tokens
description:
displays the number of the available tokens per realm
arguments:
* status - optional: takes assigned or unassigned, give the number
of tokens with this characteristic
* realms - optional: takes a realm, only the number of tokens in
this realm will be displayed
returns:
a json result with:
{ "head": [],
"data": [ [row1], [row2] .. ]
}
exception:
if an error occurs an exception is serialized and returned
"""
result = {}
try:
param = request.params
status = param.get('status')
# do NOT initialize status with ''
if status:
status = status.split(',')
request_realms = param.get('realms', '').split(',')
monit_handler = MonitorHandler(context=self.request_context)
realm_whitelist = monit_handler.get_allowed_realms()
# by default we show all allowed realms
realms = realm_whitelist
# support for empty realms or no realms by realm = *
if '*' in request_realms:
realms = realm_whitelist
realms.append('/:no realm:/')
# other cases, we iterate through the realm list
elif len(request_realms) > 0 and not (request_realms == ['']):
realms = []
invalid_realms = []
for search_realm in request_realms:
search_realm = search_realm.strip()
if search_realm in realm_whitelist:
realms.append(search_realm)
elif search_realm == '/:no realm:/':
realms.append(search_realm)
else:
invalid_realms.append(search_realm)
if not realms and invalid_realms:
raise PolicyException(
_('You do not have the rights to '
'monitor these realms: %r. '
'Check the policies!') % invalid_realms)
# if there was realm or no argument given:
totals = {}
realm_info = {}
for a_realm in realms:
realm_dict = {}
token_count = monit_handler.token_per_realm_count(
a_realm, status)
for key in token_count.keys():
realm_dict[key] = token_count[key]
totals[key] = totals.get(key, 0) + token_count[key]
realm_info[a_realm] = realm_dict
result[_('Summary')] = totals
result[_('Realms')] = realm_info
Session.commit()
return sendResult(response, result)
except PolicyException as policy_exception:
log.exception(policy_exception)
Session.rollback()
return sendError(response, unicode(policy_exception), 1)
except Exception as exc:
log.exception(exc)
Session.rollback()
return sendError(response, exc)
finally:
Session.close()
log.debug('[tokens] done')