def sync_permissions():
for name, title in Permission.PERMISSIONS:
permission = Permission.query.filter_by(name=name).first()
if permission is None:
p = Permission()
p.name = name
p.title = title
db.session.add(p)
db.session.commit()
def update_permission(user, role):
from app.libs.db import db_session
from app.models import Permission
user.role |= Permission.get_by_role(role).bit
db_session.add(user)
db_session.commit()
def add_permission(request, groupname):
login = login_verify(request, None, True)
if login:
return login
if request.method == 'POST':
value = request.POST.get('value', '')
description = request.POST.get('description', '')
group = Group.objects.get(name=groupname)
permission = Permission(value=value, description=description)
permission.save()
group.permissions.add(permission)
group.save()
return HttpResponseRedirect('/view_group/' + groupname + '/')
else:
form = AddPermissionForm()
context = {'form': form, 'groupname': groupname}
return render(request, 'app/add_permission.html', context)
def initdb():
"""Initialize MySQL databse."""
from app.libs.db import init_db
from app.models import Permission, User, Topic
from app.base.roles import Roles
from app.settings import Admins, Topics
from app.libs.utils import encrypt_password
click.echo('[2L] {0}..'.format(initdb.__doc__))
init_db()
click.echo('\n\n[2L] init permisions...')
for attr, role in Roles.__dict__.items():
if (not attr.startswith('__') and '{0}' not in role and
role != 'root'):
click.echo(' -> {0}'.format(role))
Permission.create(role)
click.echo('\n\n[2L] init master chief...')
bit_sum = Permission.root_permission()
for admin in Admins:
click.echo(' -> {0}'.format(admin))
if admin['role'] == 'root':
admin['role'] = bit_sum
else:
admin['role'] = (Permission.get_by_role(admin['role']).bit |
Permission.get_by_role('comment').bit |
Permission.get_by_role('vote').bit)
admin['password'] = encrypt_password(admin['password'])
User.create(**admin)
click.echo('\n\n[2L] create default topics...')
for topic in Topics:
click.echo(' -> {0}'.format(topic))
Topic.create(**topic)
def init():
"""Initialize the application DB.
::
run.py init
Bootstraps an administrative user given the environment variables:
- `LTD_KEEPER_BOOTSTRAP_USER`
- `LTD_KEEPER_BOOTSTRAP_PASSWORD`
"""
with keeper_app.app_context():
# bootstrap a user
if User.query.get(1) is None:
u = User(username=keeper_app.config['DEFAULT_USER'],
permissions=Permission.full_permissions())
u.set_password(keeper_app.config['DEFAULT_PASSWORD'])
db.session.add(u)
db.session.commit()
def add_user_to_service(service_id, user_id):
service = dao_fetch_service_by_id(service_id)
user = get_user_by_id(user_id=user_id)
if user in service.users:
error = "User id: {} already part of service id: {}".format(
user_id, service_id)
raise InvalidRequest(error, status_code=400)
data = request.get_json()
validate(data, post_set_permissions_schema)
permissions = [
Permission(service_id=service_id,
user_id=user_id,
permission=p["permission"]) for p in data["permissions"]
]
folder_permissions = data.get("folder_permissions", [])
dao_add_user_to_service(service, user, permissions, folder_permissions)
data = service_schema.dump(service).data
return jsonify(data=data), 201
def sample_user_service_permission(notify_db,
notify_db_session,
service=None,
user=None,
permission="manage_settings"):
if user is None:
user = create_user()
if service is None:
service = create_service(user=user, check_if_service_exists=True)
data = {
'user': user,
'service': service,
'permission': permission,
}
p_model = Permission.query.filter_by(user=user,
service=service,
permission=permission).first()
if not p_model:
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model
def empty_app(request):
"""An application with only a single user, but otherwise empty"""
app = create_app("testing")
ctx = app.app_context()
ctx.push()
db.drop_all()
db.create_all()
# Creates users with each of the permissions
u = User(username=DEFAULT_USERNAME, permissions=Permission.full_permissions())
u.set_password(DEFAULT_PASSWORD)
db.session.add(u)
u = User(username=PRODUCT_ADMIN_USERNAME, permissions=Permission.ADMIN_PRODUCT)
u.set_password(DEFAULT_PASSWORD)
db.session.add(u)
u = User(username=EDITION_ADMIN_USERNAME, permissions=Permission.ADMIN_EDITION)
u.set_password(DEFAULT_PASSWORD)
db.session.add(u)
u = User(username=BUILD_UPLOADER_USERNAME, permissions=Permission.UPLOAD_BUILD)
u.set_password(DEFAULT_PASSWORD)
db.session.add(u)
u = User(username=BUILD_DEPRECATOR_USERNAME, permissions=Permission.DEPRECATE_BUILD)
u.set_password(DEFAULT_PASSWORD)
db.session.add(u)
db.session.commit()
def fin():
db.session.remove()
db.drop_all()
ctx.pop()
request.addfinalizer(fin)
return app
def test_accepts_jwt_with_permission_for_service(self, client, db_session,
required_permission):
@requires_user_in_service(required_permission=required_permission)
def endpoint_that_requires_permission_for_service():
pass
user = create_user()
service = create_service(service_name='some-service')
dao_add_user_to_service(service,
user,
permissions=[
Permission(service=service,
user=user,
permission=required_permission)
])
token = create_access_token(identity=user)
request.view_args['service_id'] = service.id
request.headers = {'Authorization': 'Bearer {}'.format(token)}
endpoint_that_requires_permission_for_service()
async def create_permissions(codes: List[str]):
permissions = [Permission(name=code, code=code) for code in codes]
await Permission.bulk_create(permissions)
def test_saving_and_retrieving_models(self):
company = Company()
company.name = 'PSL'
company.email = '*****@*****.**'
company.telephone = 7777777
company.save()
first_room = Room()
first_room.name = 'Peter Santamaria'
first_room.company = company
first_room.security_level = 2
first_room.description = 'Conference room'
first_room.id = 'r00m1'
first_room.save()
second_room = Room()
second_room.name = '201'
second_room.company = company
second_room.security_level = 1
second_room.description = 'Class room'
second_room.id = 'r00m2'
second_room.save()
third_room = Room()
third_room.name = 'rest'
third_room.company = company
third_room.security_level = 1
third_room.description = 'Rest room'
third_room.id = 'r00m3'
third_room.save()
event = Event()
event.name = 'My event'
event.company = company
event.start_date = datetime(2017, 3, 16)
event.end_date = datetime(2017, 3, 21)
event.event_id = '3v3nt'
event.rooms.add(first_room)
event.rooms.add(second_room)
event.rooms.add(third_room)
event.save()
enduser = EndUser()
enduser.id = 'u53r'
enduser.name = 'Sebastian'
enduser.last_name = 'Villegas'
enduser.email = '*****@*****.**'
enduser.save()
first_permission = Permission()
first_permission.user_id = enduser
first_permission.event = event
first_permission.id = '93rm151'
first_permission.save()
second_permission = Permission()
second_permission.user_id = enduser
second_permission.event = event
second_permission.id = '93rm152'
second_permission.save()
saved_company = Company.objects.first()
self.assertEqual(saved_company, company)
saved_rooms = Room.objects.all()
self.assertEqual(saved_rooms.count(), 3)
self.assertEqual(saved_rooms[0], first_room)
self.assertEqual(saved_rooms[1], second_room)
self.assertEqual(saved_rooms[2], third_room)
saved_event = Event.objects.first()
self.assertEqual(saved_event, event)
saved_enduser = EndUser.objects.first()
self.assertEqual(saved_enduser, enduser)
saved_permissions = Permission.objects.all()
self.assertEqual(saved_permissions.count(), 2)
self.assertEqual(saved_permissions[0], first_permission)
self.assertEqual(saved_permissions[1], second_permission)
async def list_permissions(p: Pagination = Depends(Pagination)):
return await p.apply(Permission.all(), schemas.PermissionSimple)
async def create_permission(body: schemas.PermissionCreate):
if await Permission.filter(code=body.code).exists():
raise EvaException(message="provided permission code already exists")
permission = Permission(**body.dict())
await permission.save()
return schemas.PermissionDetail.from_orm(permission)
def process_permissions():
# todo: check if we have new perms / votes
client = get_active_rpc_client()
try:
perms = client.listpermissions("*", "*", True)
except Exception as e:
log.debug(e)
return
with data_session_scope() as session:
session.query(Permission).delete()
session.query(PendingVote).delete()
with data_session_scope() as session:
for perm in perms:
perm_type = perm['type']
perm_start = perm['startblock']
perm_end = perm['endblock']
address = perm['address']
Address.create_if_not_exists(session, address)
if perm_type not in [
enums.ISSUE, enums.CREATE, enums.MINE, enums.ADMIN
]:
continue
perm_obj = Permission(address=address,
perm_type=perm_type,
start_block=perm_start,
end_block=perm_end)
session.add(perm_obj)
for vote in perm['pending']:
start_block = vote['startblock']
end_block = vote['endblock']
# If candidate has already the permission continue.
if start_block == perm['startblock'] and end_block == perm[
'endblock']:
continue
for admin in vote['admins']:
Address.create_if_not_exists(session, admin)
vote_obj = PendingVote(address_from=admin,
address_to=address,
perm_type=perm_type,
start_block=start_block,
end_block=end_block)
session.add(vote_obj)
signals.votes_changed.emit()
with profile_session_scope() as profile_db:
profile = Profile.get_active(profile_db)
with data_session_scope() as data_db:
is_admin, is_miner = Permission.get_permissions_for_address(
data_db, profile.address)
if is_admin != profile.is_admin:
profile.is_admin = is_admin
signals.is_admin_changed.emit(is_admin)
if is_miner != profile.is_miner:
profile.is_miner = is_miner
signals.is_miner_changed.emit(is_miner)
signals.permissions_changed.emit()
def load_data(self):
if self._perm_type == Permission.MINE:
return list(Permission.validators())
elif self._perm_type == Permission.ADMIN:
return list(Permission.guardians())
def listpermissions():
client = get_active_rpc_client()
node_height = client.getblockcount()['result']
perms = client.listpermissions()
if not perms:
log.warning('no permissions from api')
return
new_perms, new_votes = False, False
Permission.delete().execute()
CurrentVote.delete().execute()
admin_addresses = set()
miner_addresses = set()
with data_db.atomic():
profile = Profile.get_active()
for perm in perms['result']:
perm_type = perm['type']
perm_start = perm['startblock']
perm_end = perm['endblock']
if perm_type not in Permission.PERM_TYPES:
continue
if perm_type == Permission.ADMIN and perm_start < node_height < perm_end:
admin_addresses.add(perm['address'])
if perm_type == Permission.MINE and perm_start < node_height < perm_end:
miner_addresses.add(perm['address'])
addr_obj, created = Address.get_or_create(address=perm['address'])
for vote in perm['pending']:
# If candidate has already the permission continue.
if vote['startblock'] == perm['startblock'] and vote[
'endblock'] == perm['endblock']:
continue
start_block = vote['startblock']
end_block = vote['endblock']
# new stuff start
for admin in vote['admins']:
admin_obj, created = Address.get_or_create(address=admin)
vote_obj, created = CurrentVote.get_or_create(
address=addr_obj,
perm_type=perm_type,
start_block=start_block,
end_block=end_block,
given_from=admin_obj)
vote_obj.set_vote_type()
# new stuff end
approbations = len(vote['admins'])
# TODO: Fix: current time of syncing is not the time of first_vote!
start_block = perm['startblock']
end_block = perm['endblock']
# TODO Why get_or_create ... we just deleted all Permission objects
perm_obj, created = Permission.get_or_create(
address=addr_obj,
perm_type=perm_type,
defaults=dict(start_block=start_block, end_block=end_block))
if created:
new_perms = True
else:
perm_obj.save()
new_is_admin = profile.address in admin_addresses
if profile.is_admin != new_is_admin:
profile.is_admin = new_is_admin
new_is_miner = profile.address in miner_addresses
if profile.is_miner != new_is_miner:
profile.is_miner = new_is_miner
if profile.dirty_fields:
profile.save()
# Todo: maybe only trigger table updates on actual change?
signals.listpermissions.emit() # triggers community tab updates
signals.votes_changed.emit() # triggers community tab updates
return {'new_perms': new_perms, 'new_votes': new_votes}
def test_insert_permissions(self):
"""Test inserting permissions to the Permission Model."""
Permission.insert_permissions(permissions_dict)
self.assertTrue(len(permissions_dict) == len(Permission.query.all()))
def post(self):
json_data = data_json()
per = Permission(email=json_data["email"], level=json_data["level"])
db.session.add(per)
db.session.commit()
return 200
def deploy():
'''
Run deployment tasks.
'''
# migrate database to latest revision
from flask_migrate import upgrade
upgrade()
# insert data
from app.models import Color
Color.insert_entries()
from app.models import Permission
Permission.insert_entries()
from app.models import Role
Role.insert_entries()
from app.models import IDType
IDType.insert_entries()
from app.models import Gender
Gender.insert_entries()
from app.models import Relationship
Relationship.insert_entries()
from app.models import PurposeType
PurposeType.insert_entries()
from app.models import ReferrerType
ReferrerType.insert_entries()
from app.models import BookingState
BookingState.insert_entries()
from app.models import AssignmentScoreGrade
AssignmentScoreGrade.insert_entries()
from app.models import GREAWScore
GREAWScore.insert_entries()
from app.models import ScoreLabel
ScoreLabel.insert_entries()
from app.models import InvitationType
InvitationType.insert_entries()
from app.models import EducationType
EducationType.insert_entries()
from app.models import ScoreType
ScoreType.insert_entries()
from app.models import CourseType
CourseType.insert_entries()
from app.models import iPadCapacity
iPadCapacity.insert_entries()
from app.models import iPadState
iPadState.insert_entries()
from app.models import Room
Room.insert_entries()
from app.models import Lesson
Lesson.insert_entries()
from app.models import Section
Section.insert_entries()
from app.models import Assignment
Assignment.insert_entries()
from app.models import Test
Test.insert_entries()
from app.models import AnnouncementType
AnnouncementType.insert_entries()
from config import basedir
data = raw_input(u'Enter data identifier (e.g.: initial or 20160422): ')
datadir = os.path.join(basedir, 'data', data)
if os.path.exists(datadir):
from app.models import User
User.insert_entries(data=data, basedir=basedir)
from app.models import UserCreation
UserCreation.insert_entries(data=data, basedir=basedir)
from app.models import Punch
Punch.insert_entries(data=data, basedir=basedir)
from app.models import Tag
Tag.insert_entries(data='initial', basedir=basedir)
from app.models import Product
Product.insert_entries(data='initial', basedir=basedir)
from app.models import Course
Course.insert_entries(data='initial', basedir=basedir)
from app.models import Period
Period.insert_entries(data='initial', basedir=basedir)
from app.models import iPad
iPad.insert_entries(data='initial', basedir=basedir)
from app.models import iPadContent
iPadContent.insert_entries(data='initial', basedir=basedir)
from app.models import NotaBene
NotaBene.insert_entries(data='initial', basedir=basedir)
from app.models import Feed
Feed.insert_entries(data=data, basedir=basedir)
else:
print u'---> Invalid data identifier: %s' % data
try:
group = Group.objects.get(name='ICanHaz')
except:
group = Group.objects.create(name='ICanHaz')
group.save()
permission_created = False
if group.permissions:
for permission in group.permissions.all():
if permission.value == "ICanHaz.access":
permission_created = True
break
if not permission_created:
p = Permission(value="ICanHaz.access", description="Access to the permission system")
p.save()
group.permissions.add(p)
group.save()
names = []
uids = []
for line in codecs.open('admins_to_add.txt', 'r', 'utf-8'):
names.append(" ".join(line.split()[:-1]))
uids.append(line.split()[-1])
for g, i, j, index in [[v,v,v,v] for v in range(0,len(names))]:
try:
i = User(name=names[index], uid=uids[index])
i.save()
def add_default_service_permissions_for_user(self, user, service):
for name in default_service_permissions:
permission = Permission(permission=name, user=user, service=service)
self.create_instance(permission, _commit=False)
def update_num_guardians(self):
with data_session_scope() as session:
self.num_guardians = Permission.num_guardians(session)
