def showCourse(course_id):
course = db_session.query(Course).get(course_id)
if course is None:
abort(404)
psets = course.problemsets
return render_template("showcourse.html", course=course, psets=psets,
perm=check_permissions(course.id,session['user_id']))
def form_valid(self, form):
if check_permissions(self.request.user, self.application) == HR_ADMIN:
self.object = form.save(commit=False)
self.object.event = AUDIT_EVENT_NOTE
self.object.application = self.application
self.object.user = self.request.user
self.object.save()
return HttpResponseRedirect(self.get_success_url())
def test_check_permissions():
"""
Confirm that permissions are correctly evaluated.
Checks:
* User not logged in (401)
* User lacks permission (403)
* User has permission indirectly (part of another permission) (200)
* User has permission (200)
"""
assert utils.check_permissions(["DATA_EDIT"], [], False) == 401
permissions = ["DATA_EDIT"]
user_permissions = {}
assert utils.check_permissions(permissions, user_permissions, True) == 403
user_permissions = ["DATA_MANAGEMENT"]
assert utils.check_permissions(permissions, user_permissions, True) == 200
user_permissions = ["DATA_EDIT"]
assert utils.check_permissions(permissions, user_permissions, True) == 200
def get_context_data(self, **kwargs):
context = super(HrViewApplication, self).get_context_data(**kwargs)
perm = check_permissions(self.request.user, self.object)
if perm == HR_VIEWONLY:
context['audit'] = self.object.audit_set.filter(event__in=[AUDIT_EVENT_STATUSCHANGE, AUDIT_EVENT_REJECTION, AUDIT_EVENT_ACCEPTED, AUDIT_EVENT_MESSAGE])
elif perm == HR_ADMIN:
context['hrstaff'] = True
context['audit'] = self.object.audit_set.all()
else:
raise Http404
return context
async def whois(self,
ctx: utils.CustomContext,
user: discord.Member = None):
"""Gives you basic information on someone."""
user = user or ctx.author
colour = self._get_top_coloured_role(user)
embed = self.bot.embed(ctx)
embed.colour = colour
embed.title = f"About {user.name}"
embed.description = (
f"**ID**: {user.id}\n"
f"**Bot**: {user.bot}\n"
f"{'**Is literally the bot owner**' if user.id in self.bot.owner_ids else ''}"
)
embed.set_thumbnail(url=user.avatar_url)
created_at = (f"{utils.format_time(user.created_at)['date']} "
f"({humanize.naturaltime(user.created_at)})")
joined_at = (f"{utils.format_time(user.joined_at)['date']} "
f"({humanize.naturaltime(user.joined_at)})")
roles = user.roles[1:]
roles.reverse()
roles = [r.mention for r in roles][:30]
def get_boost(u: discord.Member):
"""Quick function to check if a user is boosting."""
if u.premium_since is None:
return "No"
else:
return f"{utils.format_time(u.premium_since)['date']} ({humanize.naturaltime(u.premium_since)})"
boost = get_boost(user)
embed.add_field(name="Account created", value=f"{created_at}")
embed.add_field(name="User joined date", value=f"{joined_at}")
embed.add_field(name="Boosting", value=f"{boost}")
embed.add_field(
name=f"Roles [{len(roles) if len(roles) < 30 else '30*'}]",
value=" ".join(roles) or "No roles.",
inline=False)
embed.add_field(name="Permissions",
value=utils.check_permissions(ctx, user),
inline=False)
await ctx.send(embed=embed)
def render_to_response(self, context):
status = self.kwargs.get('status', None)
if status and int(status) in APPLICATION_STATUS_ROUTES[self.object.status]:
perm = check_permissions(self.request.user, self.object)
if perm == HR_ADMIN or (perm == HR_VIEWONLY and int(status) <= 1):
if not self.object.status == status:
self.object.status = status
self.object.save(user=self.request.user)
self.object = self.model.objects.get(pk=self.object.pk)
messages.add_message(self.request, messages.INFO, "Application %s has been changed to %s" % (self.object.id, self.object.get_status_display()))
else:
messages.add_message(self.request, messages.ERROR, "Invalid status change request")
return HttpResponseRedirect(reverse('hr-viewapplication', args=[self.object.id]))
def main():
"""The entrypoint for osg-incommon-cert-request
"""
global args
try:
args = parse_cli()
config_parser = ConfigParser.ConfigParser()
config_parser.readfp(StringIO(CONFIG_TEXT))
CONFIG = dict(config_parser.items('InCommon'))
if args.orgcode:
codes = [code.strip() for code in args.orgcode.split(',')]
CONFIG['organization'] = codes[0]
CONFIG['department'] = codes[1]
print("Using organization code of %s and department code of %s" %
(CONFIG['organization'], CONFIG['department']))
utils.check_permissions(args.write_directory)
if args.test:
print("Beginning testing mode: ignoring optional parameters.")
print("=" * 60)
# Creating SSLContext with cert and key provided
# usercert and userprivkey are already validated by utils.findusercred
ssl_context = cert_utils.get_ssl_context(usercert=args.usercert,
userkey=args.userprivkey)
restclient = InCommonApiClient(CONFIG['apiurl'], ssl_context)
if args.test:
test_incommon_connection(CONFIG, restclient)
restclient.close_connection()
sys.exit(0)
print("Beginning certificate request")
print("=" * 60)
#Create tuple(s) either with a single hostname and altnames or with a set of hostnames and altnames from the hostfile
if args.hostname:
hosts = [tuple([args.hostname.strip()] + args.altnames)]
else:
with open(args.hostfile, 'rb') as hosts_file:
host_lines = hosts_file.readlines()
hosts = [
tuple(line.split()) for line in host_lines if line.strip()
]
requests = list()
csrs = list()
print(
"The following Common Name (CN) and Subject Alternative Names (SANS) have been specified: "
)
# Building the lists with certificates --> utils.Csr(object)
for host in set(hosts):
common_name = host[0]
sans = host[1:]
print("CN: %s, SANS: %s" % (common_name, sans))
csr_obj = cert_utils.Csr(common_name,
output_dir=args.write_directory,
altnames=sans)
logger.debug(csr_obj.x509request.as_text())
csrs.append(csr_obj)
print("=" * 60)
for csr in csrs:
subj = str(csr.x509request.get_subject())
print("Requesting certificate for %s: " % subj)
response_request = submit_request(CONFIG,
restclient,
subj,
csr.base64_csr(),
sans=csr.altnames)
# response_request stores the sslId for the certificate request
if response_request:
requests.append(tuple([response_request, subj]))
print("Request successful. Writing key file at: %s" %
csr.keypath)
csr.write_pkey()
else:
print("Request failed for %s" % subj)
print("-" * 60)
# Closing the restclient connection before going idle waiting for approval
restclient.close_connection()
print("%s certificate(s) was(were) requested successfully." %
len(requests))
print("Waiting %s seconds for requests approval..." % WAIT_APPROVAL)
time.sleep(WAIT_APPROVAL)
print("\nStarting certificate retrieval")
print("=" * 60)
# Certificate retrieval has to retry until it gets the certificate
# A restclient (InCommonApiClient) needs to be created for each retrieval attempt
for request in requests:
subj = request[1]
print("Retrieving certificate for %s: " % subj)
response_retrieve = retrieve_cert(CONFIG, ssl_context, request[0])
if response_retrieve is not None:
cert_path = os.path.join(args.write_directory,
subj.split("=")[1] + '-cert.pem')
print("Retrieval successful. Writing certificate file at: %s" %
cert_path)
utils.safe_rename(cert_path)
utils.atomic_write(cert_path, response_retrieve)
os.chmod(cert_path, 0644)
else:
print("Retrieval failure for %s" % subj)
print(
"The certificate can be retrieved directly from the InCommon Cert Manager interface."
)
print("CN %s, Self-enrollment Certificate ID (sslId): %s" %
(subj, request[0]))
print("-" * 60)
except SystemExit:
raise
except ValueError as exc:
sys.exit(exc)
except KeyboardInterrupt as exc:
print(str(exc))
sys.exit('''Interrupted by user\n''')
except KeyError as exc:
print(prog + ": error: " + "Key %s not found in dictionary" % exc)
sys.exit(1)
except FileNotFoundException as exc:
print(prog + ": error: " + str(exc) + ':' + exc.filename)
sys.exit(1)
except SSLError as exc:
print(prog + ": " + str(exc))
sys.exit('Please check for valid certificate.\n')
except (IOError, FileWriteException, BadPassphraseException,
AttributeError, EnvironmentError, ValueError, EOFError, SSLError,
AuthenticationFailureException) as exc:
print(prog + ": error: " + str(exc))
sys.exit(1)
except httplib.HTTPException as exc:
print(str(exc))
sys.exit(1)
except Exception:
traceback.print_exc()
sys.exit(1)
sys.exit(0)
def get_context_data(self, **kwargs):
context = super(HrIndexView, self).get_context_data(**kwargs)
context['is_hr_staff'] = check_permissions(self.request.user)
context['can_recommend'] = len(blacklist_values(self.request.user, BLACKLIST_LEVEL_ADVISORY)) == 0
return context
def dispatch(self, request, *args, **kwargs):
self.application = get_object_or_404(Application, pk=kwargs.get('applicationid'))
if not (check_permissions(request.user) == HR_ADMIN and request.user.has_perm('hr.can_accept')):
return HttpResponseRedirect(reverse('hr-index'))
return super(HrRejectApplication, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
self.application = Application.objects.get(pk=kwargs.get('applicationid'))
self.perm = check_permissions(request.user, self.application)
if self.perm == HR_NONE:
return HttpResponseRedirect(reverse('hr-index'))
return CreateView.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
if not check_permissions(request.user) == HR_ADMIN:
return HttpResponseRedirect(reverse('hr-index'))
self.application = Application.objects.get(pk=kwargs.get('applicationid'))
return super(HrAddNote, self).dispatch(request, *args, **kwargs)
