def main(argv=sys.argv): if len(argv) < 2: usage(argv) config_uri = argv[1] options = parse_vars(argv[2:]) setup_logging(config_uri) settings = get_appsettings(config_uri, name="testscaffold", options=options) engine = get_engine(settings) session_factory = get_session_factory(engine) dbsession = get_tm_session(session_factory, transaction.manager) with transaction.manager: user = User(user_name="admin", email="foo@localhost") UserService.set_password(user, "admin") admin_object = Group(group_name="Administrators") group_permission = GroupPermission(perm_name="root_administration") dbsession.add(admin_object) admin_object.permissions.append(group_permission) admin_object.users.append(user) test_group = Group(group_name="Other group") dbsession.add(test_group) for x in range(1, 25): user = User(user_name="test{}".format(x), email="foo{}@localhost".format(x)) UserService.set_password(user, "test") test_group.users.append(user)
def users_create(request): """ Returns users list """ form = forms.UserCreateForm(MultiDict(request.safe_json_body or {}), csrf_context=request) if form.validate(): log.info("registering user") # probably not needed in the future since this requires root anyways # lets keep this here in case we lower view permission in the future # if request.registry.settings['appenlight.disable_registration']: # return HTTPUnprocessableEntity(body={'error': 'Registration is currently disabled.'}) user = User() # insert new user here DBSession.add(user) form.populate_obj(user) UserService.regenerate_security_code(user) UserService.set_password(user, user.user_password) user.status = 1 if form.status.data else 0 request.session.flash(_("User created")) DBSession.flush() return user.get_dict(exclude_keys=[ "security_code_date", "notes", "security_code", "user_password", ]) else: return HTTPUnprocessableEntity(body=form.errors_json)
def get_dict(self, exclude_keys=None, include_keys=None, extended_info=False): result = super(User, self).get_dict(exclude_keys, include_keys) if extended_info: result["groups"] = [g.group_name for g in self.groups] result["permissions"] = [p.perm_name for p in UserService.permissions(self)] request = get_current_request() apps = UserService.resources_with_perms( self, ["view"], resource_types=["application"] ) result["applications"] = sorted( [ {"resource_id": a.resource_id, "resource_name": a.resource_name} for a in apps.all() ], key=lambda x: x["resource_name"].lower(), ) result["assigned_reports"] = [ r.get_dict(request) for r in self.assigned_report_groups ] result["latest_events"] = [ ev.get_dict(request) for ev in self.latest_events() ] exclude_keys_list = exclude_keys or [] include_keys_list = include_keys or [] d = {} for k in result.keys(): if k not in exclude_keys_list and ( k in include_keys_list or not include_keys ): d[k] = result[k] return d
def lost_password(request): """ Presents lost password page - sends password reset link to specified email address. This link is valid only for 10 minutes """ form = forms.LostPasswordForm(request.POST, csrf_context=request) if request.method == "POST" and form.validate(): user = UserService.by_email(form.email.data) if user: UserService.regenerate_security_code(user) user.security_code_date = datetime.datetime.utcnow() email_vars = { "user": user, "request": request, "email_title": "AppEnlight :: New password request", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/lost_password.jinja2", ) msg = ( "Password reset email had been sent. " "Please check your mailbox for further instructions." ) request.session.flash(_(msg)) return HTTPFound(location=request.route_url("lost_password")) return {"form": form}
def user_resource_permission_create(request): """ Set new permissions for user for a resource """ resource = request.context.resource user_name = request.unsafe_json_body.get("user_name") user = UserService.by_user_name(user_name) if not user: user = UserService.by_email(user_name) if not user: return False for perm_name in request.unsafe_json_body.get("permissions", []): permission = UserResourcePermissionService.by_resource_user_and_perm( user.id, perm_name, resource.resource_id ) if not permission: permission = UserResourcePermission(perm_name=perm_name, user_id=user.id) resource.user_permissions.append(permission) DBSession.flush() perms = [ p.perm_name for p in ResourceService.perms_for_user(resource, user) if p.type == "user" ] result = {"user_name": user.user_name, "permissions": list(set(perms))} return result
def groups_users_add(request): """ Get list of permissions assigned to specific resources """ group = GroupService.by_id(request.matchdict.get("group_id")) user = UserService.by_user_name(request.unsafe_json_body.get("user_name")) if not user: user = UserService.by_email(request.unsafe_json_body.get("user_name")) if not group or not user: return HTTPNotFound() if user not in group.users: group.users.append(user) group.member_count = group.users_dynamic.count() props = [ "user_name", "id", "first_name", "last_name", "email", "last_login_date", "status", ] u_dict = user.get_dict(include_keys=props) u_dict["gravatar_url"] = UserService.gravatar_url(user, s=20) return u_dict
def test_generate_random_pass(self, db_session): rand_str = UserService.generate_random_pass() assert len(rand_str) == 7 assert isinstance(rand_str, six.string_types) rand_str = UserService.generate_random_pass(20) assert len(rand_str) == 20
def test_regenerate_security_code(self, db_session): created_user = add_user(db_session) old_code = created_user.security_code UserService.regenerate_security_code(created_user) new_code = created_user.security_code assert old_code != new_code assert len(new_code) == 64
def test_delete_object_with_flush(self, db_session): user = User(user_name="some_new_user", email="foo") assert user.id is None user.persist(flush=True, db_session=db_session) assert user.id is not None uid = user.id UserService.by_id(uid, db_session=db_session) is not None user.delete() assert UserService.by_id(uid, db_session=db_session) is None
def test_users_for_perms(self, db_session): user = User(user_name="aaa", email="aaa", status=0) UserService.set_password(user, "password") aaa_perm = UserPermission(perm_name="aaa") bbb_perm = UserPermission(perm_name="bbb") bbb2_perm = UserPermission(perm_name="bbb") user.user_permissions.append(aaa_perm) user.user_permissions.append(bbb_perm) user2 = User(user_name="bbb", email="bbb", status=0) UserService.set_password(user2, "password") user2.user_permissions.append(bbb2_perm) user3 = User(user_name="ccc", email="ccc", status=0) UserService.set_password(user3, "password") group = add_group(db_session) group.users.append(user3) db_session.add(user) db_session.add(user2) db_session.flush() users = UserService.users_for_perms(["aaa"], db_session=db_session) assert len(users.all()) == 1 assert users[0].user_name == "aaa" users = UserService.users_for_perms(["bbb"], db_session=db_session).all() assert len(users) == 2 assert ["aaa", "bbb"] == sorted([u.user_name for u in users]) users = UserService.users_for_perms( ["aaa", "bbb", "manage_apps"], db_session=db_session ) assert ["aaa", "bbb", "ccc"] == sorted([u.user_name for u in users])
def test_users_for_perms(self, db_session): user = User(user_name="aaa", email="aaa", status=0) UserService.set_password(user, "password") aaa_perm = UserPermission(perm_name="aaa") bbb_perm = UserPermission(perm_name="bbb") bbb2_perm = UserPermission(perm_name="bbb") user.user_permissions.append(aaa_perm) user.user_permissions.append(bbb_perm) user2 = User(user_name="bbb", email="bbb", status=0) UserService.set_password(user2, "password") user2.user_permissions.append(bbb2_perm) user3 = User(user_name="ccc", email="ccc", status=0) UserService.set_password(user3, "password") group = add_group(db_session) group.users.append(user3) db_session.add(user) db_session.add(user2) db_session.flush() users = UserService.users_for_perms(["aaa"], db_session=db_session) assert len(users.all()) == 1 assert users[0].user_name == "aaa" users = UserService.users_for_perms(["bbb"], db_session=db_session).all() assert len(users) == 2 assert ["aaa", "bbb"] == sorted([u.user_name for u in users]) users = UserService.users_for_perms(["aaa", "bbb", "manage_apps"], db_session=db_session) assert ["aaa", "bbb", "ccc"] == sorted([u.user_name for u in users])
def users_resource_permissions_list(request): """ Get list of permissions assigned to specific resources """ user = UserService.by_id(request.matchdict.get("user_id")) if not user: return HTTPNotFound() return [ permission_tuple_to_dict(perm) for perm in UserService.resources_with_possible_perms(user) ]
def add_user(db_session, user_name="username", email="email", perms=["root", "alter_users"]): user = User(user_name=user_name, email=email, status=0) UserService.set_password(user, "password") for perm in perms: u_perm = UserPermission(perm_name=perm) user.user_permissions.append(u_perm) db_session.add(user) db_session.flush() return user
def assign_users(request): """ Assigns specific report group to user for review - send email notification """ report_group = request.context.report_group application = request.context.resource currently_assigned = [u.user_name for u in report_group.assigned_users] new_assigns = request.unsafe_json_body # first unassign old users for user_name in new_assigns["unassigned"]: if user_name in currently_assigned: user = UserService.by_user_name(user_name) report_group.assigned_users.remove(user) comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) comment.body = "Unassigned group from @%s" % user_name report_group.comments.append(comment) # assign new users for user_name in new_assigns["assigned"]: if user_name not in currently_assigned: user = UserService.by_user_name(user_name) if user in report_group.assigned_users: report_group.assigned_users.remove(user) DBSession.flush() assignment = ReportAssignment( owner_id=user.id, report_time=report_group.first_timestamp, group_id=report_group.id, ) DBSession.add(assignment) comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) comment.body = "Assigned report_group to @%s" % user_name report_group.comments.append(comment) email_vars = { "user": user, "request": request, "application": application, "report_group": report_group, "email_title": "AppEnlight :: Assigned Report", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/assigned_report.jinja2", ) return True
def comment_create(request): """ Creates user comments for report group, sends email notifications of said comments """ report_group = request.context.report_group application = request.context.resource form = forms.CommentForm(MultiDict(request.unsafe_json_body), csrf_context=request) if request.method == "POST" and form.validate(): comment = ReportComment(owner_id=request.user.id, report_time=report_group.first_timestamp) form.populate_obj(comment) report_group.comments.append(comment) perm_list = ResourceService.users_for_perm(application, "view") uids_to_notify = [] users_to_notify = [] for perm in perm_list: user = perm.user if ("@{}".format(user.user_name) in comment.body and user.id not in uids_to_notify): uids_to_notify.append(user.id) users_to_notify.append(user) commenters = ReportGroupService.users_commenting( report_group, exclude_user_id=request.user.id) for user in commenters: if user.id not in uids_to_notify: uids_to_notify.append(user.id) users_to_notify.append(user) for user in users_to_notify: email_vars = { "user": user, "commenting_user": request.user, "request": request, "application": application, "report_group": report_group, "comment": comment, "email_title": "AppEnlight :: New comment", } UserService.send_email( request, recipients=[user.email], variables=email_vars, template="/email_templates/new_comment_report.jinja2", ) request.session.flash(_("Your comment was created")) return comment.get_dict() else: return form.errors
def add_user( db_session, user_name="username", email="email", perms=["root", "alter_users"], password="******", ): user = User(user_name=user_name, email=email, status=0) UserService.set_password(user, password) for perm in perms: u_perm = UserPermission(perm_name=perm) user.user_permissions.append(u_perm) db_session.add(user) db_session.flush() return user
def test_resources_with_possible_perms(self, db_session): self.set_up_user_group_and_perms(db_session) resource = ResourceTestobjB(resource_id=3, resource_name="other", owner_user_id=self.user.id) self.user.resources.append(resource) resource_g = ResourceTestobjB(resource_id=4, resource_name="group owned") self.group.resources.append(resource_g) db_session.flush() perms = UserService.resources_with_possible_perms( self.user, db_session=db_session) second = [ PermissionTuple(self.user, "foo_perm", "user", None, self.resource, False, True), PermissionTuple(self.user, "group_perm", "group", self.group, self.resource, False, True), PermissionTuple(self.user, "test_perm2", "user", None, self.resource, False, True), PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource, True, True), PermissionTuple(self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True), ] check_one_in_other(perms, second)
def get_paginator( cls, user, page=1, item_count=None, items_per_page=50, order_by=None, filter_settings=None, db_session=None, ): if not filter_settings: filter_settings = {} registry = get_current_registry() resources = UserService.resources_with_perms( user, ["view"], resource_types=registry.resource_types) resource_ids = [r.resource_id for r in resources] query = EventService.for_resource(resource_ids, or_target_user_id=user.id, limit=100, db_session=db_session) paginator = SqlalchemyOrmPage(query, page=page, items_per_page=items_per_page, **filter_settings) return paginator
def test_resources_ids_with_perm(self, db_session): created_user = add_user(db_session) resource1 = add_resource(db_session, 1, "test_resource1") resource2 = add_resource(db_session, 2, "test_resource2") resource3 = add_resource(db_session, 3, "test_resource3") permission1 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource1.resource_id, ) permission2 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource2.resource_id, ) permission3 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource3.resource_id, ) resource1.user_permissions.append(permission1) resource2.user_permissions.append(permission2) resource3.user_permissions.append(permission3) db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], resource_ids=[1, 3], db_session=db_session).all() assert resources == [resource1, resource3]
def test_resources_ids_with_perm(self, db_session): created_user = add_user(db_session) resource1 = add_resource(db_session, 1, "test_resource1") resource2 = add_resource(db_session, 2, "test_resource2") resource3 = add_resource(db_session, 3, "test_resource3") permission1 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource1.resource_id, ) permission2 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource2.resource_id, ) permission3 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource3.resource_id, ) resource1.user_permissions.append(permission1) resource2.user_permissions.append(permission2) resource3.user_permissions.append(permission3) db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], resource_ids=[1, 3], db_session=db_session ).all() assert resources == [resource1, resource3]
def auth_tokens_POST(request): """ Lists all available alert channels """ if request.matched_route.name == "users_self_property": user = request.user else: user = UserService.by_id(request.matchdict.get("user_id")) if not user: return HTTPNotFound() req_data = request.safe_json_body or {} if not req_data.get("expires"): req_data.pop("expires", None) form = forms.AuthTokenCreateForm(MultiDict(req_data), csrf_context=request) if not form.validate(): return HTTPUnprocessableEntity(body=form.errors_json) token = AuthToken() form.populate_obj(token) if token.expires: interval = h.time_deltas.get(token.expires)["delta"] token.expires = datetime.datetime.utcnow() + interval user.auth_tokens.append(token) DBSession.flush() return token.get_dict()
def login_failure(request, reason=None): """ Response from redirect upon login failure, either because of invalid or incorrect user credentials. .. seealso:: - :func:`sign_in` """ http_err = HTTPUnauthorized if reason is None: reason = s.Signin_POST_UnauthorizedResponseSchema.description try: user_name = ar.get_value_multiformat_body_checked(request, "user_name", default=None) ar.get_value_multiformat_body_checked(request, "password", default=None, pattern=None) except HTTPException: http_err = HTTPBadRequest reason = s.Signin_POST_BadRequestResponseSchema.description else: user_name_list = ax.evaluate_call( lambda: [user.user_name for user in UserService.all(models.User, db_session=request.db)], fallback=lambda: request.db.rollback(), http_error=HTTPForbidden, msg_on_fail=s.Signin_POST_ForbiddenResponseSchema.description) if user_name in user_name_list: http_err = HTTPInternalServerError reason = s.Signin_POST_Internal_InternalServerErrorResponseSchema.description content = ag.get_request_info(request, default_message=s.Signin_POST_UnauthorizedResponseSchema.description) content.setdefault("detail", str(reason)) ax.raise_http(http_error=http_err, content=content, detail=s.Signin_POST_UnauthorizedResponseSchema.description)
def test_by_username_andsecurity_code_wrong_code(self, db_session): add_user(db_session) queried_user = UserService.by_user_name_and_security_code( user_name="username", security_code="wrong_code", db_session=db_session ) assert queried_user is None
def test_by_user_name_not_existing(self, db_session): add_user(db_session) queried_user = UserService.by_user_name( "not_existing_user", db_session=db_session ) assert queried_user is None
def users_websocket(request): """ Handle authorization of users trying to connect """ # handle preflight request user = request.user if request.method == "OPTIONS": res = request.response.body("OK") add_cors_headers(res) return res applications = UserService.resources_with_perms( user, ["view"], resource_types=["application"]) channels = ["app_%s" % app.resource_id for app in applications] payload = { "username": user.user_name, "conn_id": str(uuid.uuid4()), "channels": channels, } settings = request.registry.settings response = channelstream_request( settings["cometd.secret"], "/connect", payload, servers=[request.registry.settings["cometd_servers"]], throw_exceptions=True, ) return payload
def search_users(request): """ Returns a list of users for autocomplete """ user = request.user items_returned = [] like_condition = request.params.get("user_name", "") + "%" # first append used if email is passed found_user = UserService.by_email(request.params.get("user_name", "")) if found_user: name = "{} {}".format(found_user.first_name, found_user.last_name) items_returned.append({"user": found_user.user_name, "name": name}) for found_user in UserService.user_names_like(like_condition).limit(20): name = "{} {}".format(found_user.first_name, found_user.last_name) items_returned.append({"user": found_user.user_name, "name": name}) return items_returned
def test_resources_with_possible_perms(self, db_session): self.set_up_user_group_and_perms(db_session) resource = TestResourceB( resource_id=3, resource_name="other", owner_user_id=self.user.id ) self.user.resources.append(resource) resource_g = TestResourceB(resource_id=4, resource_name="group owned") self.group.resources.append(resource_g) db_session.flush() perms = UserService.resources_with_possible_perms( self.user, db_session=db_session ) second = [ PermissionTuple( self.user, "foo_perm", "user", None, self.resource, False, True ), PermissionTuple( self.user, "group_perm", "group", self.group, self.resource, False, True ), PermissionTuple( self.user, "test_perm2", "user", None, self.resource, False, True ), PermissionTuple( self.user, ALL_PERMISSIONS, "user", None, resource, True, True ), PermissionTuple( self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True ), ] check_one_in_other(perms, second)
def get_user_resources_permissions_dict(user, request, resource_types=None, resource_ids=None, inherit_groups_permissions=True, resolve_groups_permissions=False): # type: (models.User, Request, Optional[List[Str]], Optional[List[int]], bool, bool) -> ResourcePermissionMap """ Creates a dictionary of resources ID with corresponding permissions of the user. .. seealso:: :func:`regroup_permissions_by_resource` :param user: user for which to find resources permissions :param request: request with database session connection :param resource_types: filter the search query with only the specified resource types :param resource_ids: filter the search query to only the specified resource IDs :param inherit_groups_permissions: Whether to include group inherited permissions from user memberships or not. If ``False``, return only user-specific resource permissions. Otherwise, resolve inherited permissions using all groups the user is member of. :param resolve_groups_permissions: whether to combine corresponding user/group permissions into one or not. :return: Only resources which the user has permissions on, or including all :term:`Inherited Permissions`, according to :paramref:`inherit_groups_permissions` argument. """ ax.verify_param(user, not_none=True, http_error=HTTPNotFound, msg_on_fail=s.UserResourcePermissions_GET_NotFoundResponseSchema.description) # full list of user/groups permissions, filter afterwards according to flags res_perm_tuple_list = UserService.resources_with_possible_perms( user, resource_ids=resource_ids, resource_types=resource_types, db_session=request.db) if not inherit_groups_permissions and not resolve_groups_permissions: res_perm_tuple_list = filter_user_permission(res_perm_tuple_list, user) return regroup_permissions_by_resource(res_perm_tuple_list, resolve=resolve_groups_permissions)
def test_by_mail_and_username(self, db_session): created_user = add_user(db_session) queried_user = UserService.by_email_and_username( "email", "username", db_session=db_session ) assert created_user == queried_user
class AuthToken(Base, BaseModel): """ Stores information about possible alerting options """ __tablename__ = 'auth_tokens' id = sa.Column(sa.Integer, primary_key=True, nullable=False) token = sa.Column(sa.Unicode(40), nullable=False, default=lambda x: UserService.generate_random_string(40)) owner_id = sa.Column( sa.Unicode(30), sa.ForeignKey('users.id', onupdate='CASCADE', ondelete='CASCADE')) creation_date = sa.Column(sa.DateTime, default=lambda x: datetime.utcnow()) expires = sa.Column(sa.DateTime) description = sa.Column(sa.Unicode, default='') @property def is_expired(self): if self.expires: return self.expires < datetime.utcnow() else: return False def __str__(self): return '<AuthToken u:%s t:%s...>' % (self.owner_id, self.token[0:10])
def test_by_mail_and_username_wrong_username(self, db_session): add_user(db_session) queried_user = UserService.by_email_and_username( "email", "wrong_username", db_session=db_session ) assert queried_user is None
def users_DELETE(request): """ Removes a user permanently from db - makes a check to see if after the operation there will be at least one admin left """ msg = _("There needs to be at least one administrator in the system") user = UserService.by_id(request.matchdict.get("user_id")) if user: users = UserService.users_for_perms(["root_administration"]).all() if len(users) < 2 and user.id == users[0].id: request.session.flash(msg, "warning") else: DBSession.delete(user) request.session.flash(_("User removed")) return True request.response.status = 422 return False
def groups_with_resources(self): """ .. deprecated:: 0.8 :return: """ return UserService.groups_with_resources(self)
def regenerate_security_code(self): """ .. deprecated:: 0.8 :return: """ return UserService.regenerate_security_code(self)
def regenerate_security_code(self): """ .. deprecated:: 0.8 :return: """ return UserService.regenerate_security_code(self)
def groups_with_resources(self): """ .. deprecated:: 0.8 :return: """ return UserService.groups_with_resources(self)
def validate_email(self, value): request = self.context['request'] modified_obj = self.context.get('modified_obj') user = UserService.by_email(value, db_session=request.dbsession) if user: if not modified_obj or modified_obj.id != user.id: msg = _('Email already exists in database') raise validate.ValidationError(msg)
def check_password(self, raw_password): """ .. deprecated:: 0.8 :param raw_password: :return: """ return UserService.check_password(self, raw_password=raw_password)
def permissions(self): """ .. deprecated:: 0.8 :return: """ db_session = get_db_session(None, self) return UserService.permissions(self, db_session=db_session)
def test_owned_permissions(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") created_user.resources.append(resource) db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], db_session=db_session ).all() assert resources[0] == resource
def generate_random_string(chars=7): """ .. deprecated:: 0.8 :param chars: :return: """ return UserService.generate_random_pass(chars=chars)
def gravatar_url(self, default='mm', **kwargs): """ .. deprecated:: 0.8 :param default: :param kwargs: :return: """ return UserService.gravatar_url(self, default, **kwargs)
def get_user(request): userid = request.unauthenticated_userid if try_global_session: # set db_session to none to pass to the UserModel.by_id so it can try to autodiscover db_session = None else: # Else assign the request.session db_session = session_provider_callable(request) if userid is not None: return UserService.by_id(userid, db_session=db_session)
def test_user_permissions(self, db_session): created_user = add_user(db_session) permissions = UserService.permissions(created_user, db_session=db_session) expected = [ PermissionTuple( created_user, "alter_users", "user", None, None, False, True ), PermissionTuple(created_user, "root", "user", None, None, False, True), ] check_one_in_other(permissions, expected)
def test_permission_add(self, full_app, sqla_session): from ziggurat_foundations.models.services.user import UserService with session_context(sqla_session) as session: admin, token = create_admin(session) user = create_user( {"user_name": "testX", "email": "*****@*****.**"}, sqla_session=session, ) url_path = "/api/0.1/users/{}/permissions".format(user.id) headers = {str("x-testscaffold-auth-token"): str(token)} permission = {"perm_name": "root_administration"} permissions = UserService.permissions(user) assert not list(permissions) full_app.post_json(url_path, permission, status=200, headers=headers) sqla_session.expire_all() permissions = UserService.permissions(user) assert permissions[0].perm_name == "root_administration"
def by_id(cls, user_id, db_session=None): """ .. deprecated:: 0.8 :param user_id: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_id(user_id=user_id, db_session=db_session)
def sign_in(self, request): came_from = request.params.get(self.signin_came_from_key, "/") db_session = self.session_getter(request) user = UserService.by_user_name( request.params.get(self.signin_username_key), db_session=db_session ) if user is None: # if no result, test to see if email exists user = UserService.by_email( request.params.get(self.signin_username_key), db_session=db_session ) if user: password = request.params.get(self.signin_password_key) if UserService.check_password(user, password): headers = pyramid.security.remember(request, user.id) return ZigguratSignInSuccess( headers=headers, came_from=came_from, user=user ) headers = pyramid.security.forget(request) return ZigguratSignInBadAuth(headers=headers, came_from=came_from)
def by_email(cls, email, db_session=None): """ .. deprecated:: 0.8 :param email: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_email(email=email, db_session=db_session)
def users_for_perms(cls, perm_names, db_session=None): """ .. deprecated:: 0.8 :param perm_names: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.users_for_perms(perm_names=perm_names, db_session=db_session)
def user_names_like(cls, user_name, db_session=None): """ .. deprecated:: 0.8 :param user_name: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.user_names_like(user_name=user_name, db_session=db_session)
def by_user_names(cls, user_names, db_session=None): """ .. deprecated:: 0.8 :param user_names: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_user_names(user_names=user_names, db_session=db_session)
def test_resources_with_perm(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") permission = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource.resource_id, ) resource.user_permissions.append(permission) db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], db_session=db_session ).all() assert resources[0] == resource
def by_email_and_username(cls, email, user_name, db_session=None): """ .. deprecated:: 0.8 :param email: :param user_name: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_email_and_username(email=email, user_name=user_name, db_session=db_session)
def by_user_name_and_security_code(cls, user_name, security_code, db_session=None): """ .. deprecated:: 0.8 :param user_name: :param security_code: :param db_session: :return: """ db_session = get_db_session(db_session) return UserService.by_user_name_and_security_code( user_name=user_name, security_code=security_code, db_session=db_session)
def resources_with_possible_perms(self, resource_ids=None, resource_types=None, db_session=None): """ .. deprecated:: 0.8 :param resource_ids: :param resource_types: :param db_session: :return: """ db_session = get_db_session(db_session, self) return UserService.resources_with_possible_perms( self, resource_ids=resource_ids, resource_types=resource_types, db_session=db_session)
def test_mixed_perms(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") permission = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource.resource_id, ) resource.user_permissions.append(permission) resource2 = add_resource(db_session, 2, "test_resource") created_user.resources.append(resource2) add_resource(db_session, 3, "test_resource") add_resource_b(db_session, 4, "test_resource") db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], db_session=db_session ).all() found_ids = [r.resource_id for r in resources] assert sorted(found_ids) == [1, 2]
def test_multiple_resources_with_perm(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") permission = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource.resource_id, ) resource.user_permissions.append(permission) resource2 = add_resource(db_session, 2, "test_resource2") permission2 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource2.resource_id, ) resource2.user_permissions.append(permission2) resources = UserService.resources_with_perms( created_user, ["test_perm"], db_session=db_session ).all() assert resources == [resource, resource2]
def test_resources_with_group_permission(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") resource2 = add_resource(db_session, 2, "test_resource2") add_resource(db_session, 3, "test_resource3") group = add_group(db_session) group.users.append(created_user) group_permission = GroupResourcePermission( perm_name="test_perm", group_id=1, resource_id=resource.resource_id ) group_permission2 = GroupResourcePermission( perm_name="foo_perm", group_id=1, resource_id=resource2.resource_id ) resource.group_permissions.append(group_permission) resource2.group_permissions.append(group_permission2) db_session.flush() resources = UserService.resources_with_perms( created_user, ["foo_perm"], db_session=db_session ).all() assert resources[0] == resource2
def test_resources_with_perm_type_other_found(self, db_session): created_user = add_user(db_session) resource = add_resource(db_session, 1, "test_resource") resource2 = add_resource_b(db_session, 2, "test_resource") resource3 = add_resource(db_session, 3, "test_resource") resource4 = add_resource_b(db_session, 4, "test_resource") db_session.flush() permission = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource.resource_id, ) resource.user_permissions.append(permission) permission2 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource2.resource_id, ) resource2.user_permissions.append(permission2) permission3 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource3.resource_id, ) resource3.user_permissions.append(permission3) permission4 = UserResourcePermission( perm_name="test_perm", user_id=created_user.id, resource_id=resource4.resource_id, ) resource4.user_permissions.append(permission4) db_session.flush() resources = UserService.resources_with_perms( created_user, ["test_perm"], resource_types=["test_resource_b"], db_session=db_session, ).all() assert len(resources) == 2
def test_get(self, db_session): org_user = add_user(db_session) user = UserService.get(user_id=org_user.id, db_session=db_session) assert org_user.id == user.id