def create_group(db_session, group_data, requester): """ Create a new group :param db_session: The postgres session to be used. :param group_data: The group data. This is a simple dictionary with "name" and "description" keys. :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username". :return: The new group. """ group_data = {k: group_data[k] for k in group_data if k in Group.fillable} check_group(group_data) if db_session.query( Group.name).filter_by(name=group_data['name']).one_or_none(): raise HTTPRequestError(400, f"Group name {group_data['name']} is in use.") group_data['created_by'] = requester['userid'] group = Group(**group_data) LOGGER.info(f"group {group.name} created by {requester['username']}") LOGGER.info(group.safe_dict()) db_session.add(group) db_session.commit() return group
def create_group(db_session, group_data, requester): group_data = {k: group_data[k] for k in group_data if k in Group.fillable} check_group(group_data) another_group = db_session.query(Group.id) \ .filter_by(name=group_data['name']).one_or_none() if another_group: raise HTTPRequestError( 400, "Group name '" + group_data['name'] + "' is in use.") group_data['created_by'] = requester['userid'] g = Group(**group_data) log().info('group ' + g.name + ' created by ' + requester['username'], g.safeDict()) return g
def add_permissions_group(): predef_group_perm = [ { "name": "admin", "permission": [ 'all_all' ] }, { "name": "user", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup', 'ro_alarms', 'ro_ca', 'wo_sign' ] } ] for group in predef_group_perm: group_id = Group.getByNameOrID(group['name']).id for perm in group['permission']: perm_id = Permission.getByNameOrID(perm).id r = GroupPermission(group_id=group_id, permission_id=perm_id) db.session.add(r) db.session.commit()
def get_group_users(db_session, group): try: group = Group.getByNameOrID(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this name or ID") else: return group.users
def add_user_group(db_session, user, group, requester): try: user = User.get_by_name_or_id(user) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, f"No user found with this ID or name: {user}") try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError( 404, f"No group found with this ID or name: {group}") if db_session.query(UserGroup).filter_by(user_id=user.id, group_id=group.id).one_or_none(): raise HTTPRequestError(409, "User is already a member of the group") r = UserGroup(user_id=user.id, group_id=group.id) db_session.add(r) cache.delete_key(userid=user.id) user.reset_token() db_session.add(user) log().info( f"user {user.username} added to group {group.name} by {requester['username']}" ) db_session.commit()
def getGroupUsers(dbSession, group): try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this name or ID") else: return group.users
def get_group_permissions(db_session, group): try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this name or ID") else: return group.permissions
def add_permissions_group(): predef_group_perm = [ { "name": "testadm", "permission": [ 'all_all' ] }, { "name": "testuser", "permission": [ 'all_template', 'all_device', 'all_flows', 'ro_history', 'ro_ca', 'wo_sign', "ro_socketio", "all_import", "ro_export", "all_image" ] } ] for group in predef_group_perm: group_id = Group.get_by_name_or_id(group['name']).id for perm in group['permission']: perm_id = Permission.get_by_name_or_id(perm).id r = GroupPermission(group_id=group_id, permission_id=perm_id) db.session.add(r) db.session.commit()
def update_group(db_session, group, group_data, requester): group_data = {k: group_data[k] for k in group_data if k in Group.fillable} check_group(group_data) try: group = Group.get_by_name_or_id(group) for key, value in group_data.items(): setattr(group, key, value) db_session.add(group) log().info( 'group ' + group.name + ' updated by ' + requester['username'], group_data) db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID")
def updateGroup(dbSession, group, groupData, requester): groupData = {k: groupData[k] for k in groupData if k in Group.fillable} checkGroup(groupData) try: group = Group.getByNameOrID(group) if 'name' in groupData.keys() and group.name != groupData['name']: raise HTTPRequestError(400, "groups name can't be changed") for key, value in groupData.items(): setattr(group, key, value) dbSession.add(group) log().info('group ' + group.name + ' updated by ' + requester['username'], groupData) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID")
def delete_group(db_session, group, requester): try: group = Group.getByNameOrID(group) db_session.execute( GroupPermission.__table__.delete( GroupPermission.group_id == group.id)) db_session.execute( UserGroup.__table__.delete(UserGroup.group_id == group.id)) cache.delete_key() log().info( 'group ' + group.name + ' deleted by ' + requester['username'], group.safeDict()) db_session.delete(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID")
def add_user_groups(): predef_user_group = [ { "name": "testadm", "groups": ["testadm"] }, ] for user in predef_user_group: user_id = User.get_by_name_or_id(user['name']).id for group_name in user['groups']: r = UserGroup(user_id=user_id, group_id=Group.get_by_name_or_id(group_name).id) db.session.add(r) db.session.commit()
def add_user_groups(): predef_user_group = [ { "name": "admin", "groups": ["admin"] }, ] for user in predef_user_group: user_id = User.getByNameOrID(user['name']).id for group_name in user['groups']: r = UserGroup(user_id=user_id, group_id=Group.getByNameOrID(group_name).id) db.session.add(r) db.session.commit()
def create_groups(): predef_groups = [{ "name": "testadm", "description": "Group with the highest access privilege" }, { "name": "testuser", "description": "This groups can do anything, except manage users" }] for g in predef_groups: # mark the group as automatically created g['created_by'] = 0 group = Group(**g) db.session.add(group) db.session.commit()
def remove_user_group(db_session, user, group, requester): try: user = User.get_by_name_or_id(user) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: relation = db_session.query(UserGroup) \ .filter_by(user_id=user.id, group_id=group.id).one() db_session.delete(relation) cache.delete_key(userid=user.id) log().info(f"user {user.username} removed from {group.name} by {requester['username']}") db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "User is not a member of the group")
def removeGroupPermission(dbSession, group, permission, requester): try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.getByNameOrID(permission) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = dbSession.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one() dbSession.delete(relation) cache.deleteKey(action=perm.method, resource=perm.path) log().info('permission ' + perm.name + ' removed from ' ' group ' + group.name + ' by ' + requester['username']) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "Group does not have this permission")
def removeUserGroup(dbSession, user, group, requester): try: user = User.getByNameOrID(user) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: relation = dbSession.query(UserGroup) \ .filter_by(user_id=user.id, group_id=group.id).one() dbSession.delete(relation) cache.deleteKey(userid=user.id) log().info('user ' + user.username + ' removed from ' + group.name + ' by ' + requester['username']) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "User is not a member of the group")
def addUserGroup(dbSession, user, group, requester): try: user = User.getByNameOrID(user) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") if dbSession.query(UserGroup).filter_by(user_id=user.id, group_id=group.id).one_or_none(): raise HTTPRequestError(409, "User is already a member of the group") r = UserGroup(user_id=user.id, group_id=group.id) dbSession.add(r) cache.deleteKey(userid=user.id) log().info('user ' + user.username + ' added to group ' + group.name + ' by ' + requester['username'])
def addGroupPermission(dbSession, group, permission, requester): try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.getByNameOrID(permission) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name") if dbSession.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "Group already have this permission") r = GroupPermission(group_id=group.id, permission_id=perm.id) dbSession.add(r) cache.deleteKey(action=perm.method, resource=perm.path) log().info('permission ' + perm.name + ' added to group ' + group.name + ' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester): try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = db_session.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one() db_session.delete(relation) cache.delete_key(action=perm.method, resource=perm.path) log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}") MVGroupPermission.refresh() db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "Group does not have this permission")
def add_group_permission(db_session, group, permission, requester): try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name") if db_session.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "Group already have this permission") r = GroupPermission(group_id=group.id, permission_id=perm.id) db_session.add(r) cache.delete_key(action=perm.method, resource=perm.path) log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}") MVGroupPermission.refresh() db_session.commit()
def delete_group(db_session, group, requester): try: group = Group.get_by_name_or_id(group) if group.name == 'admin': raise HTTPRequestError(405, "Can't delete admin group") db_session.execute( GroupPermission.__table__.delete( GroupPermission.group_id == group.id)) db_session.execute( UserGroup.__table__.delete(UserGroup.group_id == group.id)) cache.delete_key() LOGGER.info( 'group ' + group.name + ' deleted by ' + requester['username'], group.safe_dict()) db_session.delete(group) MVGroupPermission.refresh() db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID")
def addPermissionsGroup(): predefGroupPerm = [ { "name": "admin", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup', 'all_user', 'all_pap' ] }, { "name": "user", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup' ] } ] for g in predefGroupPerm: groupId = Group.getByNameOrID(g['name']).id for perm in g['permission']: permId = Permission.getByNameOrID(perm).id r = GroupPermission(group_id=groupId, permission_id=permId) db.session.add(r) db.session.commit()
def get_group(db_session, group): try: group = Group.get_by_name_or_id(group) return group except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID")