def filter_editable_entries(self, entries):
if config.user.may("wato.edit_all_passwords"):
return entries
user_groups = userdb.contactgroups_of_user(config.user.id)
return dict([(k, v) for k, v in entries.items()
if v["owned_by"] in user_groups])
def _get_permitted_inventory_paths():
"""
Returns either a list of permitted paths or
None in case the user is allowed to see the whole tree.
"""
user_groups = [] if user.id is None else userdb.contactgroups_of_user(
user.id)
if not user_groups:
return None
forbid_whole_tree = False
permitted_paths = []
for user_group in user_groups:
inventory_paths = config.multisite_contactgroups.get(
user_group, {}).get("inventory_paths")
if inventory_paths is None:
# Old configuration: no paths configured means 'allow_all'
return None
if inventory_paths == "allow_all":
return None
if inventory_paths == "forbid_all":
forbid_whole_tree = True
continue
permitted_paths.extend(inventory_paths[1])
if forbid_whole_tree and not permitted_paths:
return []
return permitted_paths
def filter_editable_entries(self, entries):
if user.may("wato.edit_all_passwords"):
return entries
assert user.id is not None
user_groups = userdb.contactgroups_of_user(user.id)
return {k: v for k, v in entries.items() if v["owned_by"] in user_groups}
def filter_editable_entries(self, entries):
if config.user.may("wato.edit_all_predefined_conditions"):
return entries
assert config.user.id is not None
user_groups = userdb.contactgroups_of_user(config.user.id)
return dict([(k, v) for k, v in entries.items()
if v["owned_by"] in user_groups])
def filter_usable_entries(self, entries):
if user.may("wato.edit_all_passwords"):
return entries
assert user.id is not None
user_groups = userdb.contactgroups_of_user(user.id)
passwords = self.filter_editable_entries(entries)
passwords.update({k: v for k, v in entries.items() if v["shared_with"] in user_groups})
return passwords
def filter_usable_entries(self, entries):
if config.user.may("wato.edit_all_passwords"):
return entries
user_groups = userdb.contactgroups_of_user(config.user.id)
passwords = self.filter_editable_entries(entries)
passwords.update(
dict([(k, v) for k, v in entries.items() if v["shared_with"] in user_groups]))
return passwords
def _contact_group_choices(self, only_own=False):
contact_groups = load_contact_group_information()
if only_own:
user_groups = userdb.contactgroups_of_user(config.user.id)
else:
user_groups = []
entries = [(c, g['alias']) for c, g in contact_groups.items()
if not only_own or c in user_groups]
return sorted(entries, key=lambda x: x[1])
def contact_group_choices(only_own=False):
contact_groups = load_contact_group_information()
if only_own:
assert user.id is not None
user_groups = userdb.contactgroups_of_user(user.id)
else:
user_groups = []
entries = [(c, g['alias']) for c, g in contact_groups.items()
if not only_own or c in user_groups]
return entries
def filter_usable_entries(self, entries):
if config.user.may("wato.edit_all_predefined_conditions"):
return entries
assert config.user.id is not None
user_groups = userdb.contactgroups_of_user(config.user.id)
entries = self.filter_editable_entries(entries)
entries.update(
dict([(k, v) for k, v in entries.items()
if v["shared_with"] in user_groups]))
return entries
def contact_group_choices(only_own: bool = False) -> list[tuple[str, str]]:
contact_groups = load_contact_group_information()
if only_own:
assert user.id is not None
user_groups = userdb.contactgroups_of_user(user.id)
else:
user_groups = []
entries = [(c, g["alias"]) for c, g in contact_groups.items()
if not only_own or c in user_groups]
return entries
def is_contact_for_pack(bi_pack):
if config.user.may("wato.bi_admin"):
return True # meaning I am admin
assert config.user.id is not None
contact_groups = userdb.contactgroups_of_user(config.user.id)
if contact_groups is None:
return True
for group in contact_groups:
if group in bi_pack.contact_groups:
return True
return False
def filter_usable_entries(
self, entries: dict[str, Password]) -> dict[str, Password]:
if user.may("wato.edit_all_passwords"):
return entries
assert user.id is not None
user_groups = set(userdb.contactgroups_of_user(user.id))
passwords = self.filter_editable_entries(entries)
passwords.update({
k: v
for k, v in entries.items()
if set(v["shared_with"]).intersection(user_groups)
})
return passwords
def _get_permitted_inventory_paths():
"""
Returns either a list of permitted paths or
None in case the user is allowed to see the whole tree.
"""
if 'permitted_inventory_paths' in g:
return g.permitted_inventory_paths
user_groups = [] if config.user.id is None else userdb.contactgroups_of_user(
config.user.id)
if not user_groups:
g.permitted_inventory_paths = None
return None
forbid_whole_tree = False
permitted_paths = []
for user_group in user_groups:
inventory_paths = config.multisite_contactgroups.get(
user_group, {}).get('inventory_paths')
if inventory_paths is None:
# Old configuration: no paths configured means 'allow_all'
g.permitted_inventory_paths = None
return None
if inventory_paths == "allow_all":
g.permitted_inventory_paths = None
return None
if inventory_paths == "forbid_all":
forbid_whole_tree = True
continue
for entry in inventory_paths[1]:
parsed = []
for part in entry["path"].split("."):
try:
parsed.append(int(part))
except ValueError:
parsed.append(part)
permitted_paths.append((parsed, entry.get("attributes")))
if forbid_whole_tree and not permitted_paths:
g.permitted_inventory_paths = []
return []
g.permitted_inventory_paths = permitted_paths
return permitted_paths