def add_usergroup(self, usergroup: UserGroup):
if not all([usergroup.id != ug.id for ug in self.usergroups]):
return
bean.get_db().execute(
"INSERT INTO template_usergroup (template_id, usergroup_id) VALUES ((?), (?))",
self.id, usergroup.id)
def do_update_user():
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
u_id = request.form.get("u_id")
name = request.form.get("name")
password = request.form.get("password")
privilege = request.form.get("privilege")
usergroup = UserGroup(u_id)
if name != usergroup.name:
cur = bean.get_db().cursor()
res = cur.execute("SELECT * FROM usergroup WHERE name = ?",
[name]).fetchone()
if res is not None:
return redirect("edit_user?u_id={}".format(u_id))
usergroup.name = name
if len(password) > 0:
auth.update_password(usergroup, password)
usergroup.privilege = privilege
return redirect("users")
def remove_usergroup(usergroup):
remove_session_by_usergroup(usergroup)
cur = bean.get_db()
cur.execute("DELETE FROM usergroup WHERE id = ?", [usergroup.id])
cur.commit()
def usergroups_by_template(template_id):
cur = bean.get_db()
result = cur.execute(
"SELECT usergroup_id AS u_id "
"FROM template_usergroup "
"WHERE template_id = ?", [template_id])
return set([UserGroup(r["u_id"]) for r in result])
def is_authorized(auth_token: str):
cursor = get_db()
cleanup_old_sessions()
res = cursor.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone()
return res is not None
def templates_by_usergroup(usergroup_id):
cur = bean.get_db()
result = cur.execute(
"SELECT template.id AS t_id "
"FROM template JOIN template_usergroup "
"ON template_id = template.id "
"WHERE usergroup_id = ?", [usergroup_id])
return [Template(r["t_id"]) for r in result]
def mappings_by_template(template_id):
cur = bean.get_db()
res = cur.execute(
"SELECT manglermapping.id AS m_id "
"FROM manglermapping "
"WHERE template_id = ?", [template_id])
return [ManglerMapping(r["m_id"]) for r in res]
def revoke_session(auth_token: str):
cursor = get_db()
try:
cursor.execute("DELETE FROM session WHERE auth_token = ?", [auth_token])
cursor.commit()
except:
pass
def activity(auth_token: str):
cursor = get_db()
try:
cursor.execute("UPDATE session SET last_active = ? WHERE auth_token = ?", [int(time.time()), auth_token])
cursor.commit()
except:
pass
def usergroup_by_auth_token(auth_token):
cursor = get_db()
try:
row = cursor.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone()
except:
return None
return UserGroup(row["usergroup_id"])
def current_usergroup_id():
if "auth_token" not in request.cookies:
return -1
auth_token = request.cookies["auth_token"]
db = bean.get_db()
res = db.execute("SELECT * FROM session WHERE auth_token = ?",
[auth_token]).fetchone()
return -1 if res is None else res["usergroup_id"]
def new_manglermapping(template_id, name):
cur = bean.get_db().cursor()
cur.execute(
"INSERT INTO manglermapping "
"(name, template_id, date_added, date_last_used, mappings_json) "
"VALUES (?, ?, ?, ?, ?)",
[name, template_id,
util.today(), "",
json.dumps(dict({}))])
return ManglerMapping(cur.lastrowid)
def usergroup_by_name(name):
cursor = get_db()
row = cursor.execute("SELECT * FROM usergroup WHERE name = ?", [name]).fetchone()
if row is None:
return None
cursor.commit()
return UserGroup(row["id"])
def new_template(name, path, owner):
cur = bean.get_db().cursor()
cur.execute(
"INSERT INTO template (name, path, date_added, date_last_used, owner) VALUES (?, ?, ?, ?, ?)",
[name, path, util.today(), "", owner])
template = Template(cur.lastrowid)
owner_usergroup = UserGroup(owner)
grant_access(owner_usergroup, template)
return template
def delete_template(template_to_delete):
for usergroup in usergroups_by_template(template_to_delete.id):
revoke_access(usergroup, template_to_delete)
for manglermapping in mappings_by_template(template_to_delete.id):
delete_manglermapping(manglermapping)
cur = bean.get_db().cursor()
cur.execute("DELETE FROM template "
"WHERE id = ?", [template_to_delete.id])
del template_to_delete
def cleanup_old_sessions():
cursor = get_db()
rows = cursor.execute("SELECT * FROM session")
t0 = int(time.time())
for row in rows:
if t0 - row["last_active"] > 3 * 1440:
try:
cursor.execute("DELETE FROM session WHERE id = ?", [row["id"]])
except:
pass
cursor.commit()
def do_login():
username = request.form.get("username", type=str)
password = request.form.get("password", type=str)
cur = bean.get_db().cursor()
res = cur.execute("SELECT COUNT(*) AS count FROM usergroup").fetchone()
print(res["count"])
if res["count"] < 1:
new_user = auth.register_usergroup(username, password)
new_user.privilege = 1
try:
token = auth.authorize(username, password)
except Exception as e:
print(e)
return render_template("login.html", err=True)
redirect_to_index = redirect('templates')
response = current_app.make_response(redirect_to_index)
response.set_cookie('auth_token', value=token)
return response
def usergroups(self):
#print(self.id, type(self.id))
results = bean.get_db().execute(
"SELECT * FROM template_usergroup WHERE template_id = (?)",
[self.id])
return [UserGroup(result["id"]) for result in results]
def delete_manglermapping(mapping):
cur = bean.get_db().cursor()
cur.execute("DELETE FROM manglermapping WHERE id = ?", [mapping.id])
def revoke_access(usergroup, template):
cur = bean.get_db()
cur.execute(
"DELETE FROM template_usergroup WHERE template_id = ? AND usergroup_id = ?",
[template.id, usergroup.id])
def grant_access(usergroup, template):
cur = bean.get_db()
cur.execute(
"INSERT INTO template_usergroup (template_id, usergroup_id) VALUES (?, ?)",
[template.id, usergroup.id])
def all_usergroups():
cur = bean.get_db().cursor()
res = cur.execute("SELECT * FROM usergroup")
return [UserGroup(r["id"]) for r in res]
def usergroups_by_template(template):
cur = bean.get_db().cursor()
res = cur.execute("SELECT * FROM template_usergroup WHERE template_id = ?", [template.id])
return [UserGroup(r["usergroup_id"]) for r in res]
def remove_usergroup(self, usergroup: UserGroup):
bean.get_db().execute(
"DELETE FROM template_usergroup WHERE template_id = (?) AND usergroup_id = (?)",
self.id, usergroup.id)
