コード例 #1
0
def delete_perm(db_session, permission: str, requester):
    """
    Removes a permission from the system
    :param db_session: The postgres session to be used.
    :param permission: String The permission to be removed (name or ID).
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username".
    :return:
    :raises HTTPRequestError: Can't delete a system permission.
    """
    try:
        perm = Permission.get_by_name_or_id(permission)
        if perm.type == PermissionTypeEnum.api:
            db_session.execute(
                UserPermission.__table__.delete(
                    UserPermission.permission_id == perm.id))
            db_session.execute(
                GroupPermission.__table__.delete(
                    GroupPermission.permission_id == perm.id))
            cache.delete_key(action=perm.method, resource=perm.path)
            LOGGER.info(
                f"permission {perm.name} deleted by {requester['username']}")
            LOGGER.info(perm.safe_dict())
            db_session.delete(perm)
            db_session.commit()
            MVUserPermission.refresh()
            MVGroupPermission.refresh()
        else:
            raise HTTPRequestError(405, "Can't delete a system permission")
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")
コード例 #2
0
ファイル: webRoutes.py プロジェクト: alexandre-vasc/auth
def deleteGroup(group):
    try:
        requester = auth.getJwtPayload(request.headers.get('Authorization'))
        crud.deleteGroup(db.session, group, requester)
        MVGroupPermission.refresh()
        db.session.commit()
        return formatResponse(200)
    except HTTPRequestError as err:
        return formatResponse(err.errorCode, err.message)
コード例 #3
0
def delete_user(db_session, username: str, requester):
    """
    Deletes an user from the system
    :param db_session: The postgres session to be used
    :param username: String The user to be removed
    :param requester: Who is creating this user. This is a dictionary with two keys:
                      "userid" and "username"
    :return: The removed user
    :raises HTTPRequestError: If the user tries to remove itself.
    :raises HTTPRequestError: Can't delete the admin user.
    :raises HTTPRequestError: If the user is not in the database.
    """
    try:
        user = User.get_by_name_or_id(username)
        if user.id == requester['userid']:
            raise HTTPRequestError(400, "a user can't remove himself")
        elif user.username == 'admin':
            raise HTTPRequestError(405, "Can't delete the admin user")

        db_session.execute(
            UserPermission.__table__.delete(UserPermission.user_id == user.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.user_id == user.id))
        cache.delete_key(userid=user.id)

        # The user is not hardDeleted.
        # it should be copied to inactiveUser table
        inactiveTables.PasswdInactive.createInactiveFromUser(
            db_session,
            user,
        )
        inactiveTables.UserInactive.createInactiveFromUser(
            db_session, user, requester['userid'])
        password.expire_password_reset_requests(db_session, user.id)
        db_session.delete(user)
        LOGGER.info(f"user {user.username} deleted by {requester['username']}")
        LOGGER.info(user.safe_dict())

        kongUtils.remove_from_kong(user.username)
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        db_session.commit()

        if count_tenant_users(db_session, user.service) == 0:
            LOGGER.info(
                f"will emit tenant lifecycle event {user.service} - DELETE")
            Publisher.send_notification({
                "type": 'DELETE',
                'tenant': user.service
            })

        return user
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No user found with this ID")
コード例 #4
0
ファイル: webRoutes.py プロジェクト: ericbaum/auth
def delete_permission(permid):
    try:
        requester = auth.get_jwt_payload(request.headers.get('Authorization'))
        crud.get_perm(db.session, permid)
        crud.delete_perm(db.session, permid, requester)
        db.session.commit()
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        return format_response(200)
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
コード例 #5
0
ファイル: webRoutes.py プロジェクト: alexandre-vasc/auth
def removeUser(user):
    try:
        requester = auth.getJwtPayload(request.headers.get('Authorization'))
        oldUsername = crud.getUser(db.session, user).username
        crud.deleteUser(db.session, user, requester)
        kong.removeFromKong(oldUsername)
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        db.session.commit()
        return formatResponse(200, "User removed")
    except HTTPRequestError as err:
        return formatResponse(err.errorCode, err.message)
コード例 #6
0
ファイル: webRoutes.py プロジェクト: alexandre-vasc/auth
def addGroupPermission(group, permission):
    try:
        requester = auth.getJwtPayload(request.headers.get('Authorization'))
        if request.method == 'POST':
            rship.addGroupPermission(db.session, group, permission, requester)
        else:
            rship.removeGroupPermission(db.session, group,
                                        permission, requester)
        MVGroupPermission.refresh()
        db.session.commit()
        return formatResponse(200)
    except HTTPRequestError as err:
        return formatResponse(err.errorCode, err.message)
コード例 #7
0
def populate():
    print("Creating initial user and permission for test...")
    try:
        create_users()
        create_groups()
        add_permissions_group()
        add_user_groups()
    except sqlalchemy_exceptions.DBAPIError as err:
        print("Could not connect to the database.")
        print(err)
        exit(-1)

    # refresh views
    MVUserPermission.refresh()
    MVGroupPermission.refresh()
    db.session.commit()
    print("Success")
コード例 #8
0
def delete_group(db_session, group, requester):
    try:
        group = Group.get_by_name_or_id(group)
        db_session.execute(
            GroupPermission.__table__.delete(
                GroupPermission.group_id == group.id))
        db_session.execute(
            UserGroup.__table__.delete(UserGroup.group_id == group.id))
        cache.delete_key()
        log().info(
            'group ' + group.name + ' deleted by ' + requester['username'],
            group.safe_dict())
        db_session.delete(group)
        MVGroupPermission.refresh()
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID")
コード例 #9
0
ファイル: initialConf.py プロジェクト: alexandre-vasc/auth
def populate():
    print("Creating initial user and permission...")
    try:
        createUsers()
        createGroups()
        createPermissions()
        addPermissionsGroup()
        addUserGroups()
    except sqlalchemy.exc.DBAPIError as e:
        print("Could not connect to the database.")
        print(e)
        exit(-1)

    # refresh views
    MVUserPermission.refresh()
    MVGroupPermission.refresh()
    db.session.commit()
    print("Success")
コード例 #10
0
ファイル: webRoutes.py プロジェクト: ericbaum/auth
def remove_user(user):
    try:
        requester = auth.get_jwt_payload(request.headers.get('Authorization'))
        old_username = crud.get_user(db.session, user).username
        old_user = crud.delete_user(db.session, user, requester)
        kong.remove_from_kong(old_username)
        MVUserPermission.refresh()
        MVGroupPermission.refresh()
        db.session.commit()

        if crud.count_tenant_users(db.session, old_user.service) == 0:
            log().info("will emit tenant lifecycle event {} - DELETE".format(
                old_user.service))
            send_notification({"type": 'DELETE', 'tenant': old_user.service})

        return format_response(200, "User removed")
    except HTTPRequestError as err:
        return format_response(err.errorCode, err.message)
コード例 #11
0
def remove_group_permission(db_session, group, permission, requester):
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID")
    try:
        relation = db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one()
        db_session.delete(relation)
        cache.delete_key(action=perm.method,
                         resource=perm.path)
        log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
        MVGroupPermission.refresh()
        db_session.commit()
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "Group does not have this permission")
コード例 #12
0
def add_group_permission(db_session, group, permission, requester):
    try:
        group = Group.get_by_name_or_id(group)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No group found with this ID or name")
    try:
        perm = Permission.get_by_name_or_id(permission)
    except orm_exceptions.NoResultFound:
        raise HTTPRequestError(404, "No permission found with this ID or name")

    if db_session.query(GroupPermission) \
            .filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
        raise HTTPRequestError(409, "Group already have this permission")

    r = GroupPermission(group_id=group.id, permission_id=perm.id)
    db_session.add(r)
    cache.delete_key(action=perm.method,
                     resource=perm.path)
    log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
    MVGroupPermission.refresh()
    db_session.commit()