def create_perm(db_session, permission, requester): permission = { k: permission[k] for k in permission if k in Permission.fillable } check_perm(permission) permission['created_by'] = requester['userid'] perm = Permission(**permission) log().info( 'permission ' + perm.name + ' deleted by ' + requester['username'], perm.safeDict()) return perm
def delete_perm(db_session, permission: str, requester): """ Removes a permission from the system :param db_session: The postgres session to be used. :param permission: String The permission to be removed (name or ID). :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username". :return: :raises HTTPRequestError: Can't delete a system permission. """ try: perm = Permission.get_by_name_or_id(permission) if perm.type == PermissionTypeEnum.api: db_session.execute( UserPermission.__table__.delete( UserPermission.permission_id == perm.id)) db_session.execute( GroupPermission.__table__.delete( GroupPermission.permission_id == perm.id)) cache.delete_key(action=perm.method, resource=perm.path) LOGGER.info( f"permission {perm.name} deleted by {requester['username']}") LOGGER.info(perm.safe_dict()) db_session.delete(perm) db_session.commit() MVUserPermission.refresh() MVGroupPermission.refresh() else: raise HTTPRequestError(405, "Can't delete a system permission") except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name")
def add_permissions_group(): predef_group_perm = [ { "name": "admin", "permission": [ 'all_all' ] }, { "name": "user", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup', 'ro_alarms', 'ro_ca', 'wo_sign' ] } ] for group in predef_group_perm: group_id = Group.getByNameOrID(group['name']).id for perm in group['permission']: perm_id = Permission.getByNameOrID(perm).id r = GroupPermission(group_id=group_id, permission_id=perm_id) db.session.add(r) db.session.commit()
def create_permissions(): predef_perms = [ permission_dict_helper('all_all', "/(.*)", "(.*)"), permission_dict_helper('all_template', "/template/(.*)", "(.*)"), permission_dict_helper('ro_template', "/template/(.*)", "GET"), permission_dict_helper('all_device', "/device/(.*)", "(.*)"), permission_dict_helper('ro_device', "/device/(.*)", "GET"), permission_dict_helper('all_flows', "/flows/(.*)", "(.*)"), permission_dict_helper('ro_flows', "/flows/(.*)", "GET"), permission_dict_helper('all_history', "/history/(.*)", "(.*)"), permission_dict_helper('ro_history', "/history/(.*)", "GET"), permission_dict_helper('all_metric', "/metric/(.*)", "(.*)"), permission_dict_helper('ro_metric', "/metric/(.*)", "GET"), permission_dict_helper('all_mashup', "/mashup/(.*)", "(.*)"), permission_dict_helper('ro_mashup', "/mashup/(.*)", "GET"), permission_dict_helper('all_user', "/auth/user/(.*)", "(.*)"), permission_dict_helper('ro_user', "/auth/user/(.*)", "GET"), permission_dict_helper('all_pap', "/pap/(.*)", "(.*)"), permission_dict_helper('ro_pap', "/pap/(.*)", "GET"), permission_dict_helper('ro_ca', "/ca/(.*)", "GET"), permission_dict_helper('wo_sign', "/sign/(.*)", "POST"), permission_dict_helper('ro_alarms', "/alarmmanager/(.*)", "GET") ] for p in predef_perms: perm = Permission(**p) db.session.add(perm) db.session.commit()
def add_permissions_group(): predef_group_perm = [ { "name": "testadm", "permission": [ 'all_all' ] }, { "name": "testuser", "permission": [ 'all_template', 'all_device', 'all_flows', 'ro_history', 'ro_ca', 'wo_sign', "ro_socketio", "all_import", "ro_export", "all_image" ] } ] for group in predef_group_perm: group_id = Group.get_by_name_or_id(group['name']).id for perm in group['permission']: perm_id = Permission.get_by_name_or_id(perm).id r = GroupPermission(group_id=group_id, permission_id=perm_id) db.session.add(r) db.session.commit()
def update_perm(db_session, permission: str, perm_data, requester): """ Updates all information about a permission (excluding name and ID, of course). :param db_session: The postgres session to be used. :param permission: String The permission name or ID. :param perm_data: New information for this permission. :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username". :return: :raises HTTPRequestError: Can't edit a system permission. """ perm_data = { k: perm_data[k] for k in perm_data if k in Permission.fillable } check_perm(perm_data) try: perm = Permission.get_by_name_or_id(permission) if perm.type == PermissionTypeEnum.api: if 'name' in perm_data.keys() and perm.name != perm_data['name']: raise HTTPRequestError(400, "permission name can't be changed") for key, value in perm_data.items(): setattr(perm, key, value) db_session.add(perm) LOGGER.info( f"permission {perm.name} updated by {requester['username']}") LOGGER.info(perm_data) db_session.commit() else: raise HTTPRequestError(405, "Can't edit a system permission ") except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID")
def create_perm(db_session, permission, requester): """ Creates a new permission :param db_session: The postgres session to be used :param permission: The new permission :param requester: Who is creating this user. This is a dictionary with two keys: "userid" and "username" :return: The new permission """ # Drop invalid fields permission = { k: permission[k] for k in permission if k in Permission.fillable } check_perm(permission) permission['created_by'] = requester['userid'] perm = Permission(**permission) LOGGER.info(f"permission {perm.name} create by {requester['username']}") LOGGER.info(perm.safe_dict()) db_session.add(perm) db_session.commit() return perm
def updatePerm(dbSession, permission, permData, requester): permData = {k: permData[k] for k in permData if k in Permission.fillable} checkPerm(permData) try: perm = Permission.getByNameOrID(permission) if 'name' in permData.keys() and perm.name != permData['name']: raise HTTPRequestError(400, "permission name can't be changed") for key, value in permData.items(): setattr(perm, key, value) dbSession.add(perm) log().info('permission ' + perm.name + ' updated by ' + requester['username'], permData) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID")
def delete_perm(db_session, permission, requester): try: perm = Permission.getByNameOrID(permission) db_session.execute( UserPermission.__table__.delete( UserPermission.permission_id == perm.id)) db_session.execute( GroupPermission.__table__.delete( GroupPermission.permission_id == perm.id)) cache.delete_key(action=perm.method, resource=perm.path) log().info( 'permission ' + str(perm.name) + ' deleted by ' + requester['username'], perm.safeDict()) db_session.delete(perm) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name")
def removeUserPermission(dbSession, user, permission, requester): try: user = User.getByNameOrID(user) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: perm = Permission.getByNameOrID(permission) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = dbSession.query(UserPermission) \ .filter_by(user_id=user.id, permission_id=perm.id).one() dbSession.delete(relation) cache.deleteKey(userid=user.id, action=perm.method, resource=perm.path) log().info('user ' + user.username + ' removed permission ' + perm.name + ' by ' + requester['username']) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "User does not have this permission")
def removeGroupPermission(dbSession, group, permission, requester): try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.getByNameOrID(permission) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = dbSession.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one() dbSession.delete(relation) cache.deleteKey(action=perm.method, resource=perm.path) log().info('permission ' + perm.name + ' removed from ' ' group ' + group.name + ' by ' + requester['username']) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "Group does not have this permission")
def addGroupPermission(dbSession, group, permission, requester): try: group = Group.getByNameOrID(group) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.getByNameOrID(permission) except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name") if dbSession.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "Group already have this permission") r = GroupPermission(group_id=group.id, permission_id=perm.id) dbSession.add(r) cache.deleteKey(action=perm.method, resource=perm.path) log().info('permission ' + perm.name + ' added to group ' + group.name + ' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester): try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = db_session.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one() db_session.delete(relation) cache.delete_key(action=perm.method, resource=perm.path) log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}") MVGroupPermission.refresh() db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "Group does not have this permission")
def add_group_permission(db_session, group, permission, requester): try: group = Group.get_by_name_or_id(group) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No group found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID or name") if db_session.query(GroupPermission) \ .filter_by(group_id=group.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "Group already have this permission") r = GroupPermission(group_id=group.id, permission_id=perm.id) db_session.add(r) cache.delete_key(action=perm.method, resource=perm.path) log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}") MVGroupPermission.refresh() db_session.commit()
def add_user_permission(db_session, user, permission, requester): try: user = User.getByNameOrID(user) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: perm = Permission.getByNameOrID(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") if db_session.query(UserPermission) \ .filter_by(user_id=user.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "User already have this permission") r = UserPermission(user_id=user.id, permission_id=perm.id) db_session.add(r) cache.delete_key(userid=user.id, action=perm.method, resource=perm.path) log().info('user ' + user.username + ' received permission ' + perm.name + ' by ' + requester['username'])
def remove_user_permission(db_session, user, permission, requester): try: user = User.get_by_name_or_id(user) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") try: relation = db_session.query(UserPermission) \ .filter_by(user_id=user.id, permission_id=perm.id).one() db_session.delete(relation) cache.delete_key(userid=user.id, action=perm.method, resource=perm.path) log().info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}") MVUserPermission.refresh() db_session.commit() except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "User does not have this permission")
def add_user_permission(db_session, user, permission, requester): try: user = User.get_by_name_or_id(user) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No user found with this ID or name") try: perm = Permission.get_by_name_or_id(permission) except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID") if db_session.query(UserPermission) \ .filter_by(user_id=user.id, permission_id=perm.id).one_or_none(): raise HTTPRequestError(409, "User already have this permission") r = UserPermission(user_id=user.id, permission_id=perm.id) db_session.add(r) cache.delete_key(userid=user.id, action=perm.method, resource=perm.path) MVUserPermission.refresh() db_session.commit() log().info( f"user {user.username} received permission {perm.name} by {requester['username']}" )
def addPermissionsGroup(): predefGroupPerm = [ { "name": "admin", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup', 'all_user', 'all_pap' ] }, { "name": "user", "permission": [ 'all_template', 'all_device', 'all_flows', 'all_history', 'all_metric', 'all_mashup' ] } ] for g in predefGroupPerm: groupId = Group.getByNameOrID(g['name']).id for perm in g['permission']: permId = Permission.getByNameOrID(perm).id r = GroupPermission(group_id=groupId, permission_id=permId) db.session.add(r) db.session.commit()
def createPermissions(): predefPerms = [ permissionDictHelper('all_template', "/template/(.*)", "(.*)"), permissionDictHelper('ro_template', "/template/(.*)", "GET"), permissionDictHelper('all_device', "/device/(.*)", "(.*)"), permissionDictHelper('ro_device', "/device/(.*)", "GET"), permissionDictHelper('all_flows', "/flows/(.*)", "(.*)"), permissionDictHelper('ro_flows', "/flows/(.*)", "GET"), permissionDictHelper('all_history', "/history/(.*)", "(.*)"), permissionDictHelper('ro_history', "/history/(.*)", "GET"), permissionDictHelper('all_metric', "/metric/(.*)", "(.*)"), permissionDictHelper('ro_metric', "/metric/(.*)", "GET"), permissionDictHelper('all_mashup', "/mashup/(.*)", "(.*)"), permissionDictHelper('ro_mashup', "/mashup/(.*)", "GET"), permissionDictHelper('all_user', "/auth/user/(.*)", "(.*)"), permissionDictHelper('ro_user', "/auth/user/(.*)", "GET"), permissionDictHelper('all_pap', "/pap/(.*)", "(.*)"), permissionDictHelper('ro_pap', "/pap/(.*)", "GET") ] for p in predefPerms: perm = Permission(**p) db.session.add(perm) db.session.commit()
def getPerm(dbSession, permission): try: perm = Permission.getByNameOrID(permission) return perm except sqlalchemy.orm.exc.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID")
def get_perm(db_session, permission): try: perm = Permission.get_by_name_or_id(permission) return perm except orm_exceptions.NoResultFound: raise HTTPRequestError(404, "No permission found with this ID")