def _initialize(admin_password): """ Creates initial objects in database """ public_group = Group(name=Group.PUBLIC_GROUP_NAME, capabilities=[]) db.session.add(public_group) everything_group = Group(name=Group.EVERYTHING_GROUP_NAME, capabilities=[Capabilities.access_all_objects]) db.session.add(everything_group) admin_group = Group(name=app_config.mwdb.admin_login, capabilities=Capabilities.all(), private=True) db.session.add(admin_group) admin_user = User( login=app_config.mwdb.admin_login, email="*****@*****.**", additional_info="MWDB built-in administrator account", groups=[admin_group, everything_group, public_group], ) admin_user.reset_sessions() admin_user.set_password(admin_password) db.session.add(admin_user) db.session.commit()
def get_shares_for_upload(upload_as): """ Translates 'upload_as' value from API into list of groups that object will be shared with """ if upload_as == "*": # If '*' is provided: share with all user's groups except 'public' share_with = [group for group in g.auth_user.groups if group.workspace] elif upload_as == "private": share_with = [Group.get_by_name(g.auth_user.login)] else: share_group = Group.get_by_name(upload_as) # Does group exist? if share_group is None: raise NotFound(f"Group {upload_as} doesn't exist") # Has user access to group? if share_group not in g.auth_user.groups and not g.auth_user.has_rights( Capabilities.sharing_objects): raise NotFound(f"Group {upload_as} doesn't exist") # Is group pending? if share_group.pending_group is True: raise NotFound(f"Group {upload_as} is pending") share_with = [share_group, Group.get_by_name(g.auth_user.login)] return share_with
def post(self, name): """ --- summary: Create a new group description: | Creates a new group. Requires `manage_users` capability. security: - bearerAuth: [] tags: - group parameters: - in: path name: name schema: type: string description: Group name requestBody: description: Group information content: application/json: schema: GroupCreateRequestSchema responses: 200: description: When group was created successfully content: application/json: schema: GroupSuccessResponseSchema 400: description: When group name or request body is invalid 403: description: When user doesn't have `manage_users` capability 409: description: When group exists yet """ schema = GroupCreateRequestSchema() obj = loads_schema(request.get_data(as_text=True), schema) group_name_obj = load_schema({"name": name}, GroupNameSchemaBase()) if db.session.query( exists().where(Group.name == group_name_obj["name"])).scalar(): raise Conflict("Group exists yet") group = Group(name=group_name_obj["name"], capabilities=obj["capabilities"]) db.session.add(group) db.session.commit() logger.info( "Group created", extra={ "group": group.name, "capabilities": group.capabilities }, ) schema = GroupSuccessResponseSchema() return schema.dump({"name": name})
def _initialize(admin_password): """ Creates initial objects in database """ public_group = Group(name=Group.PUBLIC_GROUP_NAME, capabilities=[], workspace=False, default=True) db.session.add(public_group) everything_group = Group( name=Group.DEFAULT_EVERYTHING_GROUP_NAME, capabilities=[Capabilities.access_all_objects], workspace=False, ) db.session.add(everything_group) registered_group = Group( name=Group.DEFAULT_REGISTERED_GROUP_NAME, capabilities=[ Capabilities.adding_files, Capabilities.manage_profile, Capabilities.personalize, ], workspace=False, default=True, ) db.session.add(registered_group) admin_group = Group(name=app_config.mwdb.admin_login, capabilities=Capabilities.all(), private=True) db.session.add(admin_group) admin_user = User( login=app_config.mwdb.admin_login, email="*****@*****.**", additional_info="MWDB built-in administrator account", groups=[admin_group, everything_group, public_group, registered_group], ) admin_user.reset_sessions() admin_user.set_password(admin_password) db.session.add(admin_user) db.session.commit()
def configure(): logger.info("Configuring 'karton' attribute key.") attribute = MetakeyDefinition( key="karton", url_template="", label="Karton analysis", description="Reference to the Karton analysis for object") db.session.merge(attribute) db.session.commit() logger.info("Updating permissions for admin account.") admin_group = Group.get_by_name("admin") if KartonCapabilities.karton_manage not in admin_group.capabilities: admin_group.capabilities.append(KartonCapabilities.karton_manage) db.session.commit()
def create_object(self, params): params = dict(params) # Validate parent object if params["parent"] is not None: if not g.auth_user.has_rights(Capabilities.adding_parents): raise Forbidden("You are not permitted to link with parent") parent_object = Object.access(params["parent"]) if parent_object is None: raise NotFound("Parent object not found") else: parent_object = None # Validate metakeys metakeys = params["metakeys"] for metakey in params["metakeys"]: key = metakey["key"] if not MetakeyDefinition.query_for_set(key).first(): raise NotFound(f"Metakey '{key}' not defined or insufficient " "permissions to set that one") # Validate upload_as argument upload_as = params["upload_as"] if upload_as == "*": # If '*' is provided: share with all user's groups except 'public' share_with = [ group for group in g.auth_user.groups if group.name != "public" ] else: share_group = Group.get_by_name(upload_as) # Does group exist? if share_group is None: raise NotFound(f"Group {upload_as} doesn't exist") # Has user access to group? if share_group not in g.auth_user.groups and not g.auth_user.has_rights( Capabilities.sharing_objects): raise NotFound(f"Group {upload_as} doesn't exist") # Is group pending? if share_group.pending_group is True: raise NotFound(f"Group {upload_as} is pending") share_with = [share_group, Group.get_by_name(g.auth_user.login)] item, is_new = self._create_object(params, parent_object, share_with, metakeys) db.session.commit() if is_new: hooks.on_created_object(item) self.on_created(item) else: hooks.on_reuploaded_object(item) self.on_reuploaded(item) logger.info(f'{self.ObjectType.__name__} added', extra={ 'dhash': item.dhash, 'is_new': is_new }) schema = self.ItemResponseSchema() return schema.dump(item)