Python Toolboxの例

コード例 #1

ファイル: clients.py プロジェクト: dawnpower/framework

 def create(self, request, role_guids=None):
     """
     Creates a Client
     """
     if 'role_guids' in request.DATA:
         del request.DATA['role_guids']
     serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
     if serializer.is_valid():
         client = serializer.object
         if client.user is not None:
             if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
                 client.grant_type = 'CLIENT_CREDENTIALS'
                 client.client_secret = OAuth2Toolbox.create_hash(64)
                 serializer.save()
                 if not role_guids:
                     roles = [junction.role for junction in client.user.group.roles]
                 else:
                     possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
                     roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
                 for role in roles:
                     roleclient = RoleClient()
                     roleclient.client = client
                     roleclient.role = role
                     roleclient.save()
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

コード例 #2

ファイル: clients.py プロジェクト: th3architect/framework

 def create(self, request, role_guids=None):
     """
     Creates a Client
     """
     if 'role_guids' in request.DATA:
         del request.DATA['role_guids']
     serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
     if serializer.is_valid():
         client = serializer.object
         if client.user is not None:
             if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
                 client.grant_type = 'CLIENT_CREDENTIALS'
                 client.client_secret = OAuth2Toolbox.create_hash(64)
                 serializer.save()
                 if not role_guids:
                     roles = [junction.role for junction in client.user.group.roles]
                 else:
                     possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
                     roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
                 for role in roles:
                     roleclient = RoleClient()
                     roleclient.client = client
                     roleclient.role = role
                     roleclient.save()
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

コード例 #3

ファイル: users.py プロジェクト: teotikalki/openvstorage

 def list(self, request):
     """
     Lists all available Users where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         return UserList.get_users()
     else:
         return [request.client.user]

コード例 #4

ファイル: users.py プロジェクト: mflu/openvstorage_centos

 def list(self, request):
     """
     Lists all available Users where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         return UserList.get_users()
     else:
         return [request.client.user]

コード例 #5

 def retrieve(self, request, user):
     """
     Load information about a given User
     Only the currently logged in User is accessible, or all if the logged in User has a
     system role
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         return user
     raise PermissionDenied('Fetching user information not allowed')

コード例 #6

ファイル: clients.py プロジェクト: th3architect/framework

 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     """
     _ = format
     if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']):
         return client
     raise PermissionDenied('Fetching client information not allowed')

コード例 #7

ファイル: clients.py プロジェクト: dawnpower/framework

 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     """
     _ = format
     if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']):
         return client
     raise PermissionDenied('Fetching client information not allowed')

コード例 #8

ファイル: clients.py プロジェクト: th3architect/framework

 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list

コード例 #9

ファイル: clients.py プロジェクト: th3architect/framework

 def destroy(self, request, client):
     """
     Deletes a user
     """
     if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
     raise PermissionDenied('Deleting this client is now allowed')

コード例 #10

ファイル: clients.py プロジェクト: dawnpower/framework

 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     """
     if Toolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type]
         else:
             client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL']
     if userguid is not None:
         return [client for client in client_list if client.user_guid == userguid]
     return client_list

コード例 #11

ファイル: clients.py プロジェクト: dawnpower/framework

 def destroy(self, request, client):
     """
     Deletes a user
     """
     if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
     raise PermissionDenied('Deleting this client is now allowed')

コード例 #12

 def set_password(self, request, user):
     """
     Sets the password of a given User. A logged in User can only changes its own password,
     or all passwords if the logged in User has a system role
     """
     if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']):
         serializer = PasswordSerializer(data=request.DATA)
         if serializer.is_valid():
             user.password = hashlib.sha256(str(serializer.data['new_password'])).hexdigest()
             user.save()
             # Now, invalidate all access tokens granted
             for client in user.clients:
                 for token in client.tokens:
                     for junction in token.roles:
                         junction.delete()
                     token.delete()
             return Response(serializer.data, status=status.HTTP_202_ACCEPTED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
     raise PermissionDenied('Updating password not allowed')