def create(self, request, role_guids=None): """ Creates a Client """ if 'role_guids' in request.DATA: del request.DATA['role_guids'] serializer = FullSerializer(Client, instance=Client(), data=request.DATA) if serializer.is_valid(): client = serializer.object if client.user is not None: if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): client.grant_type = 'CLIENT_CREDENTIALS' client.client_secret = OAuth2Toolbox.create_hash(64) serializer.save() if not role_guids: roles = [junction.role for junction in client.user.group.roles] else: possible_role_guids = [junction.role_guid for junction in client.user.group.roles] roles = [Role(guid) for guid in role_guids if guid in possible_role_guids] for role in roles: roleclient = RoleClient() roleclient.client = client roleclient.role = role roleclient.save() return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def list(self, request): """ Lists all available Users where the logged in user has access to """ if Toolbox.is_client_in_roles(request.client, ['manage']): return UserList.get_users() else: return [request.client.user]
def retrieve(self, request, user): """ Load information about a given User Only the currently logged in User is accessible, or all if the logged in User has a system role """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): return user raise PermissionDenied('Fetching user information not allowed')
def retrieve(self, request, client): """ Load information about a given Client Only the currently logged in User's Clients are accessible, or all if the logged in User has a system role """ _ = format if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(request.client, ['manage']): return client raise PermissionDenied('Fetching client information not allowed')
def list(self, request, userguid=None, ovs_type=None): """ Lists all available Clients where the logged in user has access to """ if Toolbox.is_client_in_roles(request.client, ['manage']): client_list = ClientList.get_clients() else: if ovs_type is not None and ovs_type != 'INTERNAL': client_list = [client for client in request.client.user.clients if client.ovs_type == ovs_type] else: client_list = [client for client in request.client.user.clients if client.ovs_type != 'INTERNAL'] if userguid is not None: return [client for client in client_list if client.user_guid == userguid] return client_list
def destroy(self, request, client): """ Deletes a user """ if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): for token in client.tokens: for junction in token.roles.itersafe(): junction.delete() token.delete() for junction in client.roles.itersafe(): junction.delete() client.delete() return Response(status=status.HTTP_204_NO_CONTENT) raise PermissionDenied('Deleting this client is now allowed')
def set_password(self, request, user): """ Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a system role """ if user.guid == request.client.user_guid or Toolbox.is_client_in_roles(request.client, ['manage']): serializer = PasswordSerializer(data=request.DATA) if serializer.is_valid(): user.password = hashlib.sha256(str(serializer.data['new_password'])).hexdigest() user.save() # Now, invalidate all access tokens granted for client in user.clients: for token in client.tokens: for junction in token.roles: junction.delete() token.delete() return Response(serializer.data, status=status.HTTP_202_ACCEPTED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) raise PermissionDenied('Updating password not allowed')