def accounts_new(): name = request.params.get('name') email = request.params.get('email') #TODO: Check phone format phone = request.params.get('phone') try: privilege_id = int(request.params.get('privilege_id')) except ValueError: abort(400, 'Invalid privilege_id') if privilege_id > request.user.privilege_id: unauthorized() #TODO: Check for lengths, instead of relying on db? password = generatePassword() seed = generatePassword() + generatePassword() passwordHash = hashlib.sha1(seed + password).hexdigest() rowData = { "name": name, "email": email, "password": passwordHash, "seed": seed, "privilege_id": privilege_id } if (phone): rowData["phone"] = phone id = util.insertRow("account", rowData) #TODO: Send new account email util.sendEmail( email, '*****@*****.**', 'Welcome to Isadore', "Welcome to the Isadore system. You can login by going to https://" + request.urlparts[1] + "\n\n" + "To login use the following\n\nEmail: " + email + "\nPassword: "******"\n\n") return {'xlink': ['/resources/accounts/' + str(id)]}
def alarms_delete(alarm_id): # get alarm info row = util.getRowFromTableById('alarm', int(alarm_id), columns="account_id") # is row there? if not row: abort(404, "Alarm " + str(alarm_id) + " not found") if request.user.id == int(row["account_id"]) or request.user.is_power_user(): # get alarm info row = util.getRowFromTableById('alarm', int(alarm_id)) # return error if row not found if not row: abort(404, "Alarm not found.") # delete alarm util.deleteRowFromTableById("alarm", alarm_id) # TODO: manually delete all alarm contacts associated with this alarm? No delete cascade will take care of it. else: unauthorized() return HTTPResponse(output="Alarm deleted.", status=204)
def accounts_delete(id): row = util.getRowFromTableById('account', int(id), checkEnabled=True) if (row): if int(row['privilege_id']) > request.user.privilege_id: unauthorized() else: util.deleteRowFromTableById('account', int(id), deleteIsDisable=True) return HTTPResponse(output="Account removed.", status=204) else: abort(404, 'Account not found.')
def alarms_new(): # get parameter values alarm_type_id = request.params.get("alarm_type_id") account_id = request.params.get("account_id") greater_than_p = request.params.get("greater_than_p", '').lower() == 'true' alarm_contact_type_ids = request.params.get('alarm_contact_type_ids', None) value = request.params.get("value") # check parameter values if not util.getRowFromTableById('alarm_type', alarm_type_id): abort(400, 'Invalid alarm_type_id') if not util.getRowFromTableById("account", account_id, checkEnabled=True): abort(400, "Invalid account_id") alarm_type = util.getRowFromTableById('alarm_type', alarm_type_id) if not alarm_type: abort(400, 'Invalid alarm type.') # can only create alarms for self or be super-user if not request.user.is_power_user() and not request.user.id == int(account_id): # print("User " + str(request.user.id) + " cannot create account for " + account_id) unauthorized() contact_type_ids = [] if alarm_contact_type_ids: try: contact_type_ids = [int(c) for c in alarm_contact_type_ids.split(',')] except: abort(400, 'invalid alarm_contact_type_ids parameter.') column_data = {"alarm_type_id": alarm_type_id, "account_id": account_id} if alarm_type['threshold_p']: column_data["greater_than_p"] = greater_than_p try: column_data["value"] = float(value) except: abort(400, 'Invalid value.') # create new alarm # TODO: alarm and alarm_contact should be in single transaction. alarm_id = util.insertRow("alarm", column_data) for alarm_contact_type_id in contact_type_ids: util.insertRow('alarm_contact', {'alarm_id': alarm_id, 'alarm_contact_type_id': alarm_contact_type_id}) # return the newly created alarm's id url return {'xlink': ['/resources/alarms/' + str(alarm_id)]}
def r_accounts_get(id): if request.user.id == int(id) or request.user.is_power_user(): row = util.getRowFromTableById( 'account', int(id), columns= "id, name, email, phone, privilege_id, configs, contact_news", checkEnabled=True) if (row): if int(row['privilege_id']) > request.user.privilege_id: unauthorized() else: return row else: abort(404, 'Account not found.') else: unauthorized()
def accounts_update(id): if request.user.id == int(id) or request.user.is_power_user(): row = util.getRowFromTableById('account', int(id), checkEnabled=True) if (row): if int(row['privilege_id']) > request.user.privilege_id: unauthorized() else: parameters = {} parameters['name'] = request.params.get('name', None) parameters['email'] = request.params.get('email', None) parameters['contact_news'] = request.params.get( 'contact_news', None) configs = request.params.get('configs', None) if configs: try: json.loads(configs) except: abort(400, 'Invalid configs') parameters['configs'] = configs password = request.params.get('password', None) if (password): parameters['seed'] = generatePassword() + generatePassword( ) parameters['password'] = hashlib.sha1( parameters['seed'] + password).hexdigest() #TODO: Check phone format privilege_id = request.params.get('privilege_id', None) #TODO: Check for lengths, instead of relying on db? if privilege_id: try: privilege_id = int(privilege_id) except: abort(400, 'Invalid privilege_id') if privilege_id > request.user.privilege_id: unauthorized() parameters['privilege_id'] = privilege_id newParameters = {} for key, value in parameters.items(): if (value): newParameters[key] = value parameters = newParameters parameters['phone'] = request.params.get('phone', None) #This 400 will never happen because will always assume phone should be removed. if (not parameters): abort(400, 'No parameters given.') #TODO: What about password? util.updateRowById('account', id, parameters) #TODO: Send email to account that got change informing them? return HTTPResponse(output="Account updated.", status=204) else: abort(404, 'Account not found.') else: unauthorized()
def alarms_update(alarm_id): # get alarm info alarm = util.getRowFromTableById('alarm', int(alarm_id)) # return error if row not found if not alarm: abort(404, "Alarm not found.") if request.user.id == int(alarm["account_id"]) or request.user.is_power_user(): # get parameter values alarm_type_id = request.params.get("alarm_type_id") account_id = request.params.get("account_id") greater_than_p = request.params.get("greater_than_p", '').lower() == 'true' alarm_contact_type_ids = request.params.get('alarm_contact_type_ids', None) value = request.params.get("value") # check parameter values if not util.getRowFromTableById('alarm_type', alarm_type_id): abort(400, 'Invalid alarm_type_id') if not util.getRowFromTableById("account", account_id, checkEnabled=True): abort(400, "Invalid account_id") alarm_type = util.getRowFromTableById('alarm_type', alarm_type_id) if not alarm_type: abort(400, 'Invalid alarm type.') # can only create alarms for self or be super-user if not request.user.is_power_user() and not request.user.id == int(account_id): # print("User " + str(request.user.id) + " cannot change alarm to " + account_id) unauthorized() conctact_type_ids = [] contact_type_ids = [] if alarm_contact_type_ids: try: contact_type_ids = [int(c) for c in alarm_contact_type_ids.split(',')] except: abort(400, 'invalid alarm_contact_type_ids parameter.') column_data = {"alarm_type_id": alarm_type_id, "account_id": account_id} if alarm_type['threshold_p']: column_data["greater_than_p"] = greater_than_p try: column_data["value"] = float(value) except: abort(400, 'Invalid value.') else: column_data['greater_than_p'] = None column_data['value'] = None # TODO: alarm and alarm_contact should be in single transaction. util.updateRowById('alarm', alarm['id'], column_data) conn = util.getConn() cur = conn.cursor() cur.execute('DELETE from alarm_contact WHERE alarm_id = %s', (alarm['id'],)) conn.commit() cur.close() conn.close() for alarm_contact_type_id in contact_type_ids: util.insertRow('alarm_contact', {'alarm_id': alarm['id'], 'alarm_contact_type_id': alarm_contact_type_id}) else: unauthorized() return HTTPResponse(output="Alarm updated.", status=202)