def list_user_operations(self, entname, username=None):
result = []
try:
ent = self.user_info.get_entity(entname)
if ent is None:
return dict(success=False, msg='The entity does not exists')
if username != None and username != '':
if session['auth'].is_admin_role() == False:
return dict(success=False, msg=constants.NO_PRIVILEGE)
userobj = self.user_info.get_user(username)
if userobj != None:
auth = AuthorizationService()
auth.user = userobj
ops = auth.get_ops(ent)
else:
return dict(success=False, msg='The user does not exists')
else:
ops = session['auth'].get_ops(ent)
for op in ops:
result.append(op.name)
return dict(success=True, ops=result)
except Exception as ex:
print_traceback()
return dict(success=False, msg=to_str(ex).replace("'", ''))
def api_loginhandler(self, api_login, api_pwd):
try:
usr = User.by_user_name(api_login)
if usr is not None and usr.validate_password(api_pwd) == True:
auth = AuthorizationService()
auth.user = usr
session['userid'] = 'admin'
session['auth'] = auth
session['username'] = usr.user_name
except Exception as ex:
return {'success': False, 'msg': to_str(ex).replace("'", '')}
return {'success': True, 'result': True}
def process_ha_events(self, conn):
try:
tc = TaskCreator()
auth = AuthorizationService()
auth.user = User.by_user_name(u'admin')
grps = conn.query(ServerGroup).all()
for grp in grps:
running_ha_evts = conn.query(HAEvent).filter(HAEvent.status == HAEvent.STARTED).filter(HAEvent.sp_id == grp.id).all()
if running_ha_evts:
continue
ha_events = conn.query(HAEvent).filter(HAEvent.status == HAEvent.IDLE).filter(HAEvent.sp_id == grp.id).order_by(HAEvent.event_id.asc()).all()
if len(ha_events) > 0:
tc.ha_action(auth, grp.id, grp.name)
finally:
conn.commit()
def servicepoint_login(self, came_from='/', **kwargs):
result = None
try:
status = self.controller_impl.user_login(kwargs)
if status.get('success'):
user = status.get('user')
group = status.get('group')
ldap_user = status.get('ldap_user')
user_details = status.get('user_details')
result = self.post_login(user, group, ldap_user, user_details, came_from=url('/'))
usr = DBSession.query(User).filter_by(user_name=user).first()
auth = AuthorizationService()
auth.user = usr
#from stackone.cloud.DbModel.platforms.cms.CSEP import CSEP
# servicepoint_name = kwargs.get('csep_name')
# servicepoint = DBSession.query(CSEP).filter(CSEP.name == servicepoint_name).first()
# if servicepoint is None:
# msg = 'Cloud Service not found'
# return "{success:false,msg:'" + msg.replace("'", ' ') + "'}"
# if auth.has_servicepoint_role(servicepoint):
# session['user'] = user
# session['auth'] = auth
# session['userid'] = usr.user_id
# session['servicepoint_id'] = servicepoint.id
# else:
# return "{success:false,msg:'user has no permission on the Cloud Service'}"
return result
msg = status.get('msg')
return "{success:false,msg:'" + msg.replace("'", ' ') + "'}"
except Exception as e:
print 'Exception: ',
print e
import traceback
traceback.print_exc()
return "{success:false,msg:'" + str(e).replace("'", ' ') + "'}"
def has_permission(self, type, groupid=None, _dc=None):
auth = AuthorizationService()
ent = self.user_info.get_entity(entname)
if ent is None:
return dict(success=False, result='The entity does not exists')
try:
if username != None and username != '':
if session['auth'].is_admin_role() == False:
return dict(success=False, result=constants.NO_PRIVILEGE)
userobj = self.user_info.get_user(username)
if userobj != None:
auth.user = userobj
return dict(success=True, result=auth.has_privilege(operation, ent))
return dict(success=False, result='The user does not exists')
permits = session['auth'].has_privilege(operation, ent)
return dict(success=True, result=permits)
except Exception as ex:
print_traceback()
return dict(success=False, result=to_str(ex).replace("'", ''))
def post_login(self, userid, group, ldap_user, user_details, came_from=url('/')):
result = ''
if not userid:
result = "{success:false,msg:'session expired'}"
return result
auth = AuthorizationService()
auth.user_name = userid
r = DBHelper().find_by_name(Role, to_unicode('admin'))
session['cloud_only'] = False
if ldap_user:
if not len(group):
result = "{success:false,msg:'User does not belong to any group in LDAP'}"
return result
#len(group)
grps=Group.by_group_names(group)
if not grps:
result = "{success:false,msg:'None of the LDAP group (s) " + str(group).replace("'", '') + " defined in stackone'}"
return result
auth.groups = grps
session['user_firstname'] = userid
session['group_names'] = group
session['is_cloud_admin'] = auth.is_admin_role()
is_admin = auth.is_admin_role()
from stackone.model.LDAPManager import LDAPManager
auth.email_address = LDAPManager().get_email_address(user_details)
else:
u = User.by_user_name(to_unicode(userid))
auth.user = u
auth.groups = u.groups
session['user_firstname'] = u.firstname
session['group_names']=[g.group_name for g in u.groups]
is_admin=u.has_role(r)
auth.email_address=u.email_address
session['is_cloud_admin']=u.has_cloudadmin_role()
dcs=auth.get_entities(constants.DATA_CENTER)
if len(dcs) == 0L:
session['cloud_only']=True
session['username']=userid
session['has_adv_priv']=tg.config.get(constants.ADVANCED_PRIVILEGES)
session['granular_ui']=self.user_info.is_granular_ui()
session['PAGEREFRESHINTERVAL']=tg.config.get(constants.PAGEREFRESHINTERVAL)
session['TASKPANEREFRESH']=tg.config.get(constants.TASKPANEREFRESH)
session['userid']=userid
session['auth']=auth
session['rem_days']=''
try:
session['rem_days']=rem_days_to_exp()
except Exception as e:
print 'Exception: ',e
session['is_admin']=is_admin
session['version']=constants._version
#session['edition']=get_edition()+'_'+constants._version
session['edition']='3.2.1.5'+'_'+constants._version
#session['has_cloud']=stackone.model.LicenseManager.has_cloud_license()
session['has_cloud'] = 0
#session['edition_string']= get_edition_string
session['edition_string']= 'stackone Enterprise'
#session['sub_edition_string']=get_sub_edition_string
session['sub_edition_string']='Trial Edition'
session.save()
TopCache().delete_usercache(auth)
result='{success:true}'
return result
def do_work(self, runtime_context, args=None, kw=None):
self.task_manager = runtime_context.pop()
self.curr_instance = datetime.now()
args = self.params
(recover, resume) = (False, False)
visible = False
if kw:
resume = kw.get('resume', False)
recover = kw.get('recover', False)
kw = self.kw_params
self.quiet = self.get_context_param('quiet') == True
if not self.quiet and resume == False and recover == False:
self.task_started()
# cancelled = False
# results = None
try:
#1487
try:
#1359
task_result_running_instance = True
if not args:
args = []
if not kw:
kw = {}
auth = AuthorizationService()
auth.email_address = ''
user = User.by_user_name(self.user_name)
auth.user = user
if user is None:
#564
u = User.by_user_name(u'admin')
auth.email_address = u.email_address
logger.info('User: '******' does not exist in CMS.')
result = LDAPManager().validate_user(self.user_name)
if result['success'] == True:
#523
group_names = result['group']
groups = Group.by_group_names(group_names)
if not groups:
#465
msg = 'Groups: ' + str(group_names) + ' does not exist in CMS.'
logger.info(msg)
raise Exception(msg)
#561--598
else:
auth.user_name = self.user_name
auth.groups = groups
if result.get('email_address'):
auth.email_address = result['email_address']
#598
else:
logger.info(result['msg'])
raise Exception('Error in LDAP chcek: ' + result['msg'])
#598
else:
auth.user = user
auth.user_name = user.user_name
auth.email_address = user.email_address
#598
TaskUtil.set_task_context(self.task_id)
if recover != True and resume != True:
raw_result = self.exec_task(auth, self.context, *args, **kw)
#884
else:
#884
runn = self.get_running_instance()
if runn:
self.curr_instance = runn.timestamp
#785
else:
#785
task_result = self.get_task_result_instance()
if isinstance(task_result.results, str):
task_result.results += 'can not resume task. No running instance'
#779
else:
#779
if not task_result.results:
task_result.results = 'can not resume task. No running instance'
task_result_running_instance = False
if task_result_running_instance:
#883
if recover == True:
raw_result = self.recover_task(auth, self.context, *args, **kw)
#884
else:
if resume == True:
raw_result = self.resume_task(auth, self.context, *args, **kw)
if task_result_running_instance:
#1354
cancelled = False
results = raw_result
if isinstance(raw_result, dict):
#1152
if raw_result.get('status') == constants.TASK_CANCELED:
#1031
e = raw_result.get('msg') + '\n' + raw_result.get('results')
transaction.abort()
cancelled = True
if not self.quiet:
self.task_fail(e, auth, cancelled=True)
#1094
else:
if raw_result.get('status') == Task.SUCCEEDED:
results = raw_result.get('results')
visible = raw_result.get('visible', False)
if type(results)==dict:
#1148
if results.get('success')==True:
results = 'Task Completed Successfully.'
else:
#1355
if raw_result is not None and self.processors is not None:
#1250
#isinstance(raw_result, dict)
results = [raw_result]
for p in self.processors:
#1246
if issubclass(p, Processor):
p().process_output(results)
else:
results = raw_result
if results is None:
#1340
desc_tuple = self.get_short_desc()
if desc_tuple is None:
results = 'Task Completed Successfully.'
else:
short_desc,short_desc_params = desc_tuple
desc = short_desc % short_desc_params
results = desc + ' Completed Successfully.'
transaction.commit()
except Exception as e:
logger.exception(to_str(e))
transaction.abort()
if not self.quiet:
self.task_fail(e, auth)
else:
if not self.quiet and cancelled == False:
self.task_success(results, visible)
finally:
DBSession.remove()
return None